Add security checks.

janbarasek · janbarasek · commit db8d6edaeec8 · 2021-01-17T18:09:09.000+01:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,23 +1,41 @@
 name: Integrity check
 
-on: [push]
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+  schedule:
+    - cron: '1 * * * *'
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
     - uses: actions/checkout@master
-    
+
     - name: Install PHP
       uses: shivammathur/setup-php@master
       with:
-        php-version: 8.0
+        php-version: 7.4
 
     - name: Install composer deps
       run: |
+        composer create-project nette/code-checker temp/code-checker ^3 --no-progress
+        composer create-project nette/coding-standard temp/coding-standard ^2 --no-progress
+
         # Install app deps
         composer install --no-interaction --prefer-dist
 
+    - name: The PHP Security Checker
+      uses: symfonycorp/security-checker-action@v2
+
+    - name: Check coding standards
+      run: |
+        php temp/code-checker/code-checker --short-arrays --strict-types --fix --no-progress
+        php temp/coding-standard/ecs check src --config temp/coding-standard/coding-standard-php71.yml
+
     - name: Check PHPStan rules
       run: composer phpstan
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 Baraja packages
+Copyright (c) 2021 Baraja packages
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/composer.json b/composer.json
@@ -14,7 +14,8 @@
 	"require-dev": {
 		"phpstan/phpstan": "^0.12.52",
 		"tracy/tracy": "^2.8",
-		"phpstan/phpstan-nette": "^0.12.9"
+		"phpstan/phpstan-nette": "^0.12.9",
+		"spaze/phpstan-disallowed-calls": "^1.1"
 	},
 	"autoload": {
 		"classmap": [
diff --git a/phpstan.neon b/phpstan.neon
@@ -1,3 +1,6 @@
 includes:
 	- vendor/phpstan/phpstan-nette/extension.neon
 	- vendor/phpstan/phpstan-nette/rules.neon
+	- vendor/spaze/phpstan-disallowed-calls/extension.neon
+	- vendor/spaze/phpstan-disallowed-calls/disallowed-dangerous-calls.neon
+	- vendor/spaze/phpstan-disallowed-calls/disallowed-execution-calls.neon
