Roeland Jago Douma
cc18213c98
Have psalm analysis directly on github
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-02-10 14:57:36 +01:00
Roeland Jago Douma
08cae2ec44
Revert "Pin Psalm version to an older one"
2021-02-02 22:08:01 +01:00
Lukas Reschke
f1d2dcdaa5
Pin Psalm version to an older one
...
Ref https://github.com/vimeo/psalm/issues/5144
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-02-02 13:54:18 +00:00
Roeland Jago Douma
c96bb21ab9
Merge pull request #24903 from nextcloud/enh/psalm-ocp
...
Add dedicated baseline for OCP
2020-12-30 13:23:25 +01:00
Roeland Jago Douma
fe65f8facf
Add dedicated baseline for OCP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-30 11:06:00 +01:00
Julius Härtl
c42385ef0f
Cleanup bundle files before checking the rebuild
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-29 12:20:32 +01:00
Julius Härtl
c7a320d880
jsunit: Run jsunit with chromium/puppeteer on github actions
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-29 08:42:27 +01:00
Morris Jobke
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
...
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
Roeland Jago Douma
12f322d804
Also lint php8
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 16:49:09 +01:00
Joas Schilling
a524e83be0
Fix naming of jobs and steps
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 21:39:19 +01:00
Julius Härtl
2050517d44
Add github action for oci8
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-10 15:34:35 +01:00
John Molakvoæ
1e7a82d99e
Fix php lint action
2020-11-05 09:34:04 +01:00
Morris Jobke
bb05f0e4eb
Do not commit updated composer dependencies in psalm baseline update
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-30 10:48:01 +01:00
Morris Jobke
f18d9cd310
Update daily "update psalm baseline" job to composer psalm
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-29 09:58:25 +01:00
Morris Jobke
106c8d719c
Do not fail on changes to baseline.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-13 21:55:37 +02:00
Christoph Wurst
081e9ac47f
Use own psalm instead of a global one
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-13 17:55:37 +02:00
John Molakvoæ (skjnldsv)
91e463ff00
Move to automated dependabot merging
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2020-09-07 14:45:53 +02:00
Morris Jobke
886466d510
Run psalm-baseline.xml update once a day
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-20 12:51:51 +02:00
Morris Jobke
458320e8d7
Revert "This is just to trigger the GitHub scheduled actions registration"
...
This reverts commit 2e912990ff
.
2020-08-20 12:50:57 +02:00
Morris Jobke
2e912990ff
This is just to trigger the GitHub scheduled actions registration
...
It is needed for #22314 and I will revert it right away afterwards.
Sorry for the trouble.
See the answer in https://stackoverflow.com/questions/59560214/github-action-works-on-push-but-not-scheduled
2020-08-20 12:50:27 +02:00
Morris Jobke
ebc80dba78
Run update-psalm-baseline action every 5 minutes
...
For debugging purposed due to a GitHub bug.
See #22325
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-20 12:44:03 +02:00
Morris Jobke
27157051aa
Revert "This is just to trigger the GitHub scheduled actions registration"
2020-08-20 12:41:47 +02:00
Morris Jobke
f255f42991
This is just to trigger the GitHub scheduled actions
...
It is needed for https://github.com/nextcloud/server/pull/22314 and I will revert it right away afterwards.
Sorry for the trouble.
2020-08-20 12:40:42 +02:00
Morris Jobke
50784a7c51
Generate psalm-baseline.xml PR instead of requiring this from the PR author itself
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-20 12:34:29 +02:00
Morris Jobke
4db7829f43
Better psalm CI output
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 18:16:35 +02:00
Morris Jobke
42bb6cd7d7
Check only the baseline.xml and exclude the psalm.xml from the file check
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-18 13:01:10 +02:00
Morris Jobke
80056e081a
Add a check for fixes in the psalm baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-18 13:01:05 +02:00
Daniel Kesselberg
7257793fc4
Hello psalm
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-08-18 08:58:19 +02:00
Daniel Kesselberg
08cb4b8172
Run cs:check a second time to show diff
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-07-15 15:35:58 +02:00
Daniel Kesselberg
f64b47c36a
Report php-cs-fixer errors to GitHub
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-07-13 16:04:31 +02:00
Christoph Wurst
9e6fcd585b
Show a hint for the php-cs fix when the check fails
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-14 22:11:41 +02:00
Christoph Wurst
c9980ed099
Add php-cs check action
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-14 17:44:08 +02:00
Gary Kim
907a27897a
Move Compile Handlebars CI to GitHub Actions
...
Signed-off-by: Gary Kim <gary@garykim.dev>
2020-02-23 12:13:48 +08:00
Roeland Jago Douma
df4ca949f5
Merge pull request #19384 from nextcloud/enh/actions/lint
...
Lint on github actions
2020-02-10 11:39:29 +01:00
Roeland Jago Douma
64665c98e1
Lint on github actions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-10 09:32:45 +01:00
Roeland Jago Douma
ae75e17eff
Lets just use the fixup bot
...
The action is slower plus we can use more actions this way ;)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-10 09:20:20 +01:00
Christoph Wurst
b267409d38
Add webpack-based js tests
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-02-07 16:56:35 +01:00
Roeland Jago Douma
582ab20e9d
Use checkout v2 for npm build action
...
Saves checking out the whole tree.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-03 21:55:24 +01:00
Roeland Jago Douma
e639e11de3
Move npm build to github actions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-03 09:42:23 +01:00
Roeland Jago Douma
31dfe01d96
Move away from fixupbot
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-06 11:46:10 +01:00