Skip to content

SEC25-123: Add Psalm PHP static analysis and CI/CD integration #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Glenn-Ewing merged 8 commits into from
Jan 14, 2026
Merged

SEC25-123: Add Psalm PHP static analysis and CI/CD integration #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
6fa0789
Add Psalm PHP static analysis and CI/CD integration
Glenn-Ewing Jan 13, 2026
fb7d682
Fix: Use master composer.lock to ensure PHP 8.0-8.3 compatibility
Glenn-Ewing Jan 13, 2026
64cd392
Fix: Remove composer.lock and use custom workflow with composer updat…
Glenn-Ewing Jan 13, 2026
57d1a67
Fix: Add platform config and generate PHP 8.1-compatible composer.lock
Glenn-Ewing Jan 13, 2026
4964379
Remove redundant --config=psalm.xml flag (Psalm defaults to psalm.xml)
Glenn-Ewing Jan 13, 2026
b1cc3bc
Fix: Update platform config to 8.0 for consistency
Glenn-Ewing Jan 13, 2026
3f4a100
Fix: Use inline workflow for public repository (cannot access private…
Glenn-Ewing Jan 13, 2026
a042be8
Fix: Include PHP version in composer cache key to prevent cross-versi…
Glenn-Ewing Jan 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: "CodeQL"

on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '30 12 * * 1'

jobs:
analyze:
strategy:
matrix:
php-versions: [ '8.0', '8.1', '8.2', '8.3' ]
name: Analyze PHP ${{ matrix.php-versions }}
runs-on: ubuntu-latest
timeout-minutes: 10

steps:
- uses: actions/checkout@v3
name: Check Out Code

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-versions }}
tools: pecl
extensions: pdo

- name: Validate composer.json and composer.lock
run: composer validate

- name: Setup Composer Access
run: composer config -g github-oauth.github.com ${{ secrets.GITHUB_TOKEN }}

- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v4
with:
path: vendor
key: ${{ runner.os }}-composer-${{ matrix.php-versions }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-${{ matrix.php-versions }}-
${{ runner.os }}-composer-

- name: Install dependencies
if: steps.composer-cache.outputs.cache-hit != 'true'
run: composer install --prefer-dist --no-progress --optimize-autoloader

- name: Perform CodeQL Analysis using Psalm
run: |
if [ "${{ github.event_name }}" == "pull_request" ]; then
vendor/bin/psalm --diff --output-format=sarif --report=psalm-report.sarif || true
else
vendor/bin/psalm --no-diff --output-format=sarif --report=psalm-report.sarif || true
fi
continue-on-error: true

- name: Upload SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: psalm-report.sarif
11 changes: 9 additions & 2 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,22 @@
"php": ">=8.0",
"ext-pdo": "*"
},
"config": {
"platform": {
"php": "8.0"
}
},
"require-dev": {
"phpunit/phpunit": "^9.4",
"symfony/yaml": "^5.0",
"phpspec/prophecy": "^1.22.0",
"doctrine/instantiator": "^1.5",
"symfony/deprecation-contracts": "^2.4"
"symfony/deprecation-contracts": "^2.4",
"vimeo/psalm": "^5.26"
},
"scripts":{
"test": "./vendor/bin/phpunit -c phpunit.xml"
"test": "./vendor/bin/phpunit -c phpunit.xml",
"psalm": "vendor/bin/psalm"
},
"autoload": {
"psr-4": {
Expand Down
Loading
Loading