From 6f1da5fc5d913ac20264f79f8b55e205debcef66 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 11 Feb 2022 11:02:38 +0100
Subject: [PATCH] set up psalm

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 .github/workflows/psalm-analysis.yml | 18 ++++++++++++++++++
 .github/workflows/psalm-security.yml | 25 +++++++++++++++++++++++++
 php/psalm-baseline.xml               |  3 +++
 php/psalm.xml                        | 15 +++++++++++++++
 4 files changed, 61 insertions(+)
 create mode 100644 .github/workflows/psalm-analysis.yml
 create mode 100644 .github/workflows/psalm-security.yml
 create mode 100644 php/psalm-baseline.xml
 create mode 100644 php/psalm.xml

diff --git a/.github/workflows/psalm-analysis.yml b/.github/workflows/psalm-analysis.yml
new file mode 100644
index 00000000..9326a948
--- /dev/null
+++ b/.github/workflows/psalm-analysis.yml
@@ -0,0 +1,18 @@
+name: Psalm Analysis
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Psalm
+        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+        with:
+          composer_ignore_platform_reqs: false
+          relative_dir: php
diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml
new file mode 100644
index 00000000..6ea2ebda
--- /dev/null
+++ b/.github/workflows/psalm-security.yml
@@ -0,0 +1,25 @@
+name: Psalm Security Analysis
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Psalm
+        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+        with:
+          relative_dir: php
+          security_analysis: true
+          composer_ignore_platform_reqs: false
+          report_file: results.sarif
+      - name: Upload Security Analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
new file mode 100644
index 00000000..283b7a39
--- /dev/null
+++ b/php/psalm-baseline.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<files psalm-version="dev-master@569e97d5e99c92f0ccd23f3bb39f16f6aa079ed2">
+</files>
\ No newline at end of file
diff --git a/php/psalm.xml b/php/psalm.xml
new file mode 100644
index 00000000..49c40fd4
--- /dev/null
+++ b/php/psalm.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<psalm
+	errorLevel="2"
+	resolveFromConfigFile="true"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="https://getpsalm.org/schema/config"
+	xsi:schemaLocation="https://getpsalm.org/schema/config"
+    errorBaseline="psalm-baseline.xml"
+>
+	<projectFiles>
+		<directory name="templates"/>
+		<directory name="src"/>
+		<file name="public/index.php"/>
+	</projectFiles>
+</psalm>