diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 3c78c093b9c4e..63b7e947abd34 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -66,7 +66,7 @@ jobs: run: composer i - name: Psalm taint analysis - run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis + run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis --ignore-baseline - name: Upload Security Analysis results to GitHub if: always() diff --git a/.github/workflows/update-psalm-baseline-approve-merge.yml b/.github/workflows/update-psalm-baseline-approve-merge.yml deleted file mode 100644 index d554527c7e89d..0000000000000 --- a/.github/workflows/update-psalm-baseline-approve-merge.yml +++ /dev/null @@ -1,52 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors -# SPDX-License-Identifier: MIT -name: Auto approve psalm baseline update - -on: - pull_request_target: - branches: - - main - - master - - stable* - -permissions: - contents: read - -concurrency: - group: update-psalm-baseline-approve-merge-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - auto-approve-merge: - if: github.actor == 'nextcloud-command' - runs-on: ubuntu-latest-low - permissions: - # for hmarr/auto-approve-action to approve PRs - pull-requests: write - # for alexwilson/enable-github-automerge-action to approve PRs - contents: write - - steps: - - name: Disabled on forks - if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} - run: | - echo 'Can not approve PRs from forks' - exit 1 - - - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0 - id: branchname - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 - if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - # Enable GitHub auto merge - - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main - if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml deleted file mode 100644 index 29d794f26f15a..0000000000000 --- a/.github/workflows/update-psalm-baseline.yml +++ /dev/null @@ -1,69 +0,0 @@ -# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors -# SPDX-License-Identifier: MIT -name: Update Psalm baseline - -on: - workflow_dispatch: - schedule: - - cron: "5 2 * * *" - -jobs: - update-psalm-baseline: - runs-on: ubuntu-latest - - if: ${{ github.repository_owner != 'nextcloud-gmbh' }} - - strategy: - fail-fast: false - matrix: - branches: ['master', 'stable29', 'stable28', 'stable27'] - - name: update-psalm-baseline-${{ matrix.branches }} - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - with: - ref: ${{ matrix.branches }} - submodules: true - - - name: Set up php - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1 - with: - php-version: '8.1' - extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip - coverage: none - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Composer install - run: composer install - - - name: Psalm - run: composer run psalm:ci -- --monochrome --no-progress --output-format=text --update-baseline - continue-on-error: true - - - name: Psalm OCP - run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline - continue-on-error: true - - - name: Reset composer - run: | - git clean -f lib/composer - git checkout composer.json composer.lock lib/composer - - - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c - with: - token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: 'chore(tests): Update psalm baseline' - committer: GitHub - author: nextcloud-command - signoff: true - branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline' - title: '[${{ matrix.branches }}] Update psalm-baseline.xml' - body: | - Auto-generated update psalm-baseline.xml with fixed psalm warnings - labels: | - automated pr - 3. to review - team-reviewers: server-backend diff --git a/psalm.xml b/psalm.xml index dece0c3eb8886..bd2b9675743ff 100644 --- a/psalm.xml +++ b/psalm.xml @@ -10,7 +10,7 @@ xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config" errorBaseline="build/psalm-baseline.xml" - findUnusedBaselineEntry="false" + findUnusedBaselineEntry="true" findUnusedCode="false" phpVersion="8.1" >