Introduce GitHub Actions for Local PHP Security Checker.

.github/workflows/update.yml

@@ -0,0 +1,64 @@
+name: Release 
+
+on:
+  workflow_dispatch:
+  push:
+  schedule:
+    - cron: '30 */4 * * *'
+
+jobs:
+  update:
+    name: Push tagged image to registry
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          ref: main
+
+      - 
+        name: Fetch latest version
+        id: fetch_latest_version
+        run: |
+          last_release_info=$(curl --silent "https://api.github.com/repos/fabpot/local-php-security-checker/releases/latest")
+          version=$(echo "${last_release_info}" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+          echo "Last local php security checker version is ${version}"
+          echo ::set-output name=version::${version}
+
+          executable_url=$(echo "${last_release_info}" | grep -E "browser_download_url(.+)linux_amd64" | cut -d : -f 2,3 | tr -d \")
+          echo "Executable url is ${executable_url}"
+          echo ::set-output name=executable_url::${executable_url}
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - 
+        name: Push to Docker Hub
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: |
+            pplotka/local-php-security-checker-github-actions:latest
+            pplotka/local-php-security-checker-github-actions:${{ steps.fetch_latest_version.outputs.version }}
+          build-args: |
+            EXECUTABLE_URL=${{ steps.fetch_latest_version.outputs.executable_url }}
+
+      -
+        name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+

Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine:latest
+
+ARG EXECUTABLE_URL
+
+LABEL "com.github.actions.name"="Local PHP Security Checker"
+LABEL "com.github.actions.description"="Run local php security checker via GitHub Actions"
+LABEL "com.github.actions.icon"="check"
+LABEL "com.github.actions.color"="blue"
+
+LABEL "repository"="https://github.com/pplotka/local-php-security-checker-github-actions"
+LABEL "homepage"="http://github.com/actions"
+LABEL "maintainer"="Paweł Płotka <[email protected]>"
+
+RUN echo "${EXECUTABLE_URL}"
+RUN wget -O /security-checker ${EXECUTABLE_URL}
+
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh /security-checker
+
+WORKDIR /app
+
+ENTRYPOINT [ "/entrypoint.sh" ]

README.md

@@ -0,0 +1,54 @@
+# GitHub Actions for Local PHP Security Checker
+
+Run [Local PHP Security Checker](https://github.com/fabpot/local-php-security-checker) via GitHub Actions. 
+
+## How to use
+```yaml
+name: Security scanner
+
+on: [push, pull_request]
+
+jobs:
+  psalm:
+    name: Local PHP Security Checker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Local PHP Security Checker
+        uses: docker://pplotka/local-php-security-checker-github-actions
+```
+
+You can specify version of Local PHP Security Checker:
+
+```diff
+      - name: Local PHP Security Checker
+-       uses: docker://pplotka/local-php-security-checker-github-actions
++       uses: docker://pplotka/local-php-security-checker-github-actions:v1.0.0
+```
+
+You can also pass a `path` to check a specific directory:
+```diff
+      - name: Local PHP Security Checker
+        uses: docker://pplotka/local-php-security-checker-github-actions
++       with:
++         path: path/to/php/project/composer.lock
+```
+
+By default, the output is optimized for terminals, change it via the `format` parameter (supported formats: `ansi`, `markdown`, `json`, and `yaml`):
+```diff
+      - name: Local PHP Security Checker
+        uses: docker://pplotka/local-php-security-checker-github-actions
++       with:
++         format: markdown
+```
+
+## Use without GitHub Actions
+The Docker Image is located here: https://hub.docker.com/r/pplotka/local-php-security-checker-github-actions
+
+You can run checking any directory with `composer.lock` file with this command:
+
+```shell
+docker run --rm -it -w /app -v $(pwd):/app pplotka/local-php-security-checker-github-actions --format=yaml
+```

action.yaml

@@ -0,0 +1,25 @@
+# https://help.github.com/en/articles/metadata-syntax-for-github-actions
+
+author: 'pplotka'
+
+branding:
+  icon: 'check'
+  color: 'blue'
+
+description: 'Run local php security checker via GitHub Actions.'
+
+name: 'Local PHP Security Checker'
+
+inputs:
+  path:
+    required: false
+    default: false
+    description: 'Pass to check a specific directory'
+  format:
+    required: false
+    default: 'ansi'
+    description: 'Output format'
+
+runs:
+  using: 'docker'
+  image: 'docker://pplotka/local-php-security-checker-github-actions'

entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh -l
+set -e
+
+PATH=""
+if [ ! -z "${INPUT_PATH}" ]; then
+    PATH="--path=${INPUT_PATH}"
+fi
+
+FORMAT=""
+if [ ! -z "${INPUT_FORMAT}" ]; then
+    FORMAT="--path=${INPUT_FORMAT}"
+fi
+
+/security-checker --update-cache
+/security-checker ${PATH} ${FORMAT} $*