name: Psalm Security Analysis

on:
  push:
  pull_request:
  schedule:
  - cron: '0 0 * * 0'

jobs:
  psalm:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          submodules: recursive
      - name: Psalm
        uses: docker://vimeo/psalm-github-actions@sha256:5307bec3ebea23668d287d14eca393c5843653685d346d0c2c6ae1ae0fa6ce47
        with:
          security_analysis: true
          report_file: results.sarif
      - name: Upload Security Analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif