previews/.github/workflows/security.yml at gh-pages · BoatraceOpenAPI/previews · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: security

on:
  push:
    branches:
      - 'gh-pages'
  pull_request:
  schedule:
    - cron: '0 0 * * *'
  workflow_dispatch:

permissions:
  contents: read

jobs:
  security:
    name: Security on PHP ${{ matrix.php-version }} (Ubuntu 24.04)
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        php-version:
          - '8.4'
    steps:
      - name: Setup PHP ${{ matrix.php-version }}
        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f
        with:
          php-version: ${{ matrix.php-version }}

      - name: Checkout Repository
        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98

      - name: Run Composer Audit
        if: hashFiles('**/composer.lock') != ''
        run: composer audit --no-interaction --format=summary

      - name: Skip Audit (no composer files)
        if: hashFiles('**/composer.lock') == ''
        run: echo "No composer.lock found. Skipping composer audit."