diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 33f1a33..f30f38c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,6 +4,7 @@ updates: directory: "/" schedule: interval: "weekly" + versioning-strategy: "increase-if-necessary" assignees: - "sebastian-meyer" labels: [ ] diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml new file mode 100644 index 0000000..351f907 --- /dev/null +++ b/.github/workflows/phpcs.yml @@ -0,0 +1,35 @@ +name: PHP Code Sniffer + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + +jobs: + PHPCS: + name: PHPCS Scanner + runs-on: ubuntu-latest + permissions: + contents: read + actions: read + + steps: + - name: Checkout Source Code + uses: actions/checkout@v4 + + - name: Setup Environment + uses: php-actions/composer@v6 + with: + command: update + php_version: "8.1" + + - name: Run PHPCS + uses: php-actions/phpcs@v1 + with: + php_version: "8.1" + path: src/ + standard: phpcs.xml.dist diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml new file mode 100644 index 0000000..6b5f5be --- /dev/null +++ b/.github/workflows/psalm.yml @@ -0,0 +1,35 @@ +name: Psalm Static Analyzer + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + +jobs: + Psalm: + name: Psalm Scanner + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + actions: read + + steps: + - name: Checkout Source Code + uses: actions/checkout@v4 + + - name: Run Psalm + uses: docker://ghcr.io/psalm/psalm-github-actions + with: + security_analysis: true + report_file: psalm-results.sarif + + - name: Upload Analysis Results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: psalm-results.sarif + wait-for-processing: true