Run static analysis for tag manually from release workflow

alcaeus · alcaeus · commit 55976eeedc94 · 2024-06-13T13:16:16.000+02:00
diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml
@@ -9,65 +9,6 @@ env:
   DRIVER_VERSION: "stable"
 
 jobs:
-  phpcs:
-    name: "phpcs"
-    runs-on: "ubuntu-22.04"
-
-    permissions:
-      # Give the default GITHUB_TOKEN write permission to commit and push the
-      # added or changed files to the repository.
-      contents: write
-
-    steps:
-      - name: "Checkout"
-        uses: "actions/checkout@v4"
-
-      - name: "Setup cache environment"
-        id: "extcache"
-        uses: "shivammathur/cache-extensions@v1"
-        with:
-          php-version: ${{ env.PHP_VERSION }}
-          extensions: "mongodb-${{ env.DRIVER_VERSION }}"
-          key: "extcache-v1"
-
-      - name: "Cache extensions"
-        uses: "actions/cache@v4"
-        with:
-          path: ${{ steps.extcache.outputs.dir }}
-          key: ${{ steps.extcache.outputs.key }}
-          restore-keys: ${{ steps.extcache.outputs.key }}
-
-      - name: "Install PHP"
-        uses: "shivammathur/setup-php@v2"
-        with:
-          coverage: "none"
-          extensions: "mongodb-${{ env.DRIVER_VERSION }}"
-          php-version: ${{ env.PHP_VERSION }}
-          tools: "cs2pr"
-
-      - name: "Show driver information"
-        run: "php --ri mongodb"
-
-      - name: "Install dependencies with Composer"
-        uses: "ramsey/composer-install@3.0.0"
-        with:
-          composer-options: "--no-suggest"
-
-      - name: "Format the code"
-        continue-on-error: true
-        run: |
-          mkdir .cache
-          ./vendor/bin/phpcbf
-
-      # The -q option is required until phpcs v4 is released
-      - name: "Run PHP_CodeSniffer"
-        run: "vendor/bin/phpcs -q --no-colors --report=checkstyle | cs2pr"
-
-      - name: "Commit the changes"
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "apply phpcbf formatting"
-
   analysis:
     runs-on: "ubuntu-22.04"
     continue-on-error: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -95,3 +95,13 @@ jobs:
         run: |
           echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
           echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
+
+  static-analysis:
+    needs: prepare-release
+    name: "Run Static Analysis"
+    uses: ./.github/workflows/static-analysis.yml
+    with:
+      ref: refs/tags/${{ inputs.version }}
+    permissions:
+      security-events: write
+      id-token: write
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,74 @@
+name: "Static Analysis"
+
+on:
+  push:
+  pull_request:
+  workflow_call:
+    inputs:
+      ref:
+        description: "The git ref to check"
+        type: string
+        required: true
+
+env:
+  PHP_VERSION: "8.2"
+  DRIVER_VERSION: "stable"
+
+jobs:
+  phpstan:
+    runs-on: "ubuntu-22.04"
+    continue-on-error: true
+    strategy:
+      matrix:
+        php:
+          - '8.1'
+          - '8.2'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: curl, mbstring
+          tools: composer:v2
+          coverage: none
+
+      - name: Cache dependencies
+        id: composer-cache
+        uses: actions/cache@v4
+        with:
+          path: ./vendor
+          key: composer-${{ hashFiles('**/composer.lock') }}
+
+      - name: Install dependencies
+        run: composer install
+
+      - name: Restore cache PHPStan results
+        id: phpstan-cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: .cache
+          key: "phpstan-result-cache-${{ matrix.php }}-${{ github.run_id }}"
+          restore-keys: |
+            phpstan-result-cache-
+
+      - name: Run PHPStan
+        run: ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi --error-format=sarif > phpstan.sarif
+
+      - name: "Upload SARIF report"
+        if: always()
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: phpstan.sarif
+
+      - name: Save cache PHPStan results
+        id: phpstan-cache-save
+        if: always()
+        uses: actions/cache/save@v4
+        with:
+          path: .cache
+          key: ${{ steps.phpstan-cache-restore.outputs.cache-primary-key }}
