From 5e57679cd54d6b74109409c81de0fedba633e572 Mon Sep 17 00:00:00 2001 From: Nicolas Vuillamy Date: Sat, 25 Mar 2023 06:55:55 +0100 Subject: [PATCH] Fix PHPStan install & Upgrade stale action (#2469) * Bump actions/stale from 7 to 8 Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * trvy * phpstan install * chmod * [MegaLinter] Apply linters fixes * trvy --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: nvuillam --- .github/workflows/stale.yml | 2 +- .trivyignore | 2 ++ CHANGELOG.md | 1 + Dockerfile | 6 ++++-- flavors/cupcake/Dockerfile | 6 ++++-- flavors/php/Dockerfile | 6 ++++-- linters/php_phpstan/Dockerfile | 8 ++++---- megalinter/descriptors/php.megalinter-descriptor.yml | 6 +++--- 8 files changed, 23 insertions(+), 14 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8337c2a3973..32df27d9c84 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -25,7 +25,7 @@ jobs: if: "github.event_name == 'schedule'" steps: - name: Mark issue stale - uses: actions/stale@v7 + uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity.\nIt will be closed in 14 days if no further activity occurs.\nThank you for your contributions.\n\nIf you think this issue should stay open, please remove the `O: stale 🤖` label or comment on the issue." diff --git a/.trivyignore b/.trivyignore index 9947bc26adc..ca0b068081d 100644 --- a/.trivyignore +++ b/.trivyignore @@ -85,10 +85,12 @@ CVE-2021-43565 CVE-2021-45960 CVE-2021-46143 CVE-2021-46828 +CVE-2021-46877 CVE-2022-0235 CVE-2022-0778 CVE-2022-1271 CVE-2022-1304 +CVE-2022-1471 CVE-2022-1996 CVE-2022-2097 CVE-2022-3510 diff --git a/CHANGELOG.md b/CHANGELOG.md index 4567f0d6b7f..dd3d6285436 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - Linter enhancements - [phpcs](https://megalinter.io/latest/descriptors/php_phpcs/): Add regex in descriptor to be able to extract the number of found errors + - Use docker image to install phpstan - Core - Run CI linter jobs only on Pull requests to avoid doubling jobs diff --git a/Dockerfile b/Dockerfile index ac89e552ad0..699b2cb6c77 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,6 +28,7 @@ RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest FROM ghcr.io/assignuser/chktex-alpine:latest as chktex FROM mrtazz/checkmake:latest as checkmake +FROM ghcr.io/phpstan/phpstan:latest-php8.1 as phpstan FROM yoheimuta/protolint:latest as protolint FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 @@ -312,6 +313,7 @@ COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checke COPY --link --from=revive /usr/bin/revive /usr/bin/revive COPY --link --from=chktex /usr/bin/chktex /usr/bin/ COPY --link --from=checkmake /checkmake /usr/bin/checkmake +COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ @@ -544,8 +546,8 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI # phpstan installation -RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720 - +# Managed with COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan +RUN chmod +x /usr/bin/phpstan # psalm installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5 diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index 522ec03374c..f2479523a4d 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -28,6 +28,7 @@ FROM golang:1-alpine as revive RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest FROM mrtazz/checkmake:latest as checkmake +FROM ghcr.io/phpstan/phpstan:latest-php8.1 as phpstan FROM zricethezav/gitleaks:v8.16.0 as gitleaks FROM ghcr.io/terraform-linters/tflint:v0.45.0 as tflint FROM tenable/terrascan:1.18.0 as terrascan @@ -270,6 +271,7 @@ COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker COPY --link --from=revive /usr/bin/revive /usr/bin/revive COPY --link --from=checkmake /checkmake /usr/bin/checkmake +COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/ COPY --link --from=terrascan /go/bin/terrascan /usr/bin/ @@ -396,8 +398,8 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI # phpstan installation -RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720 - +# Managed with COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan +RUN chmod +x /usr/bin/phpstan # psalm installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5 diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index 1e795b4bd42..9ce43e4267b 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -21,6 +21,7 @@ FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint FROM mstruebing/editorconfig-checker:2.7.0 as editorconfig-checker +FROM ghcr.io/phpstan/phpstan:latest-php8.1 as phpstan FROM yoheimuta/protolint:latest as protolint FROM zricethezav/gitleaks:v8.16.0 as gitleaks #FROM__END @@ -220,6 +221,7 @@ COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck COPY --link --from=shfmt /bin/shfmt /usr/bin/ COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker +COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ #COPY__END @@ -301,8 +303,8 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI # phpstan installation -RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720 - +# Managed with COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan +RUN chmod +x /usr/bin/phpstan # psalm installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5 diff --git a/linters/php_phpstan/Dockerfile b/linters/php_phpstan/Dockerfile index e299aace5a5..d89ed10efa7 100644 --- a/linters/php_phpstan/Dockerfile +++ b/linters/php_phpstan/Dockerfile @@ -11,7 +11,7 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START - +FROM ghcr.io/phpstan/phpstan:latest-php8.1 as phpstan #FROM__END ################## @@ -127,7 +127,7 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ ############################################################################################# #COPY__START - +COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan #COPY__END ############################################################################################# @@ -153,8 +153,8 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI ENV PATH="/root/.composer/vendor/bin:$PATH" # phpstan installation -RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720 - +# Managed with COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan +RUN chmod +x /usr/bin/phpstan #OTHER__END diff --git a/megalinter/descriptors/php.megalinter-descriptor.yml b/megalinter/descriptors/php.megalinter-descriptor.yml index cb5984bff16..1dcaa4e7226 100644 --- a/megalinter/descriptors/php.megalinter-descriptor.yml +++ b/megalinter/descriptors/php.megalinter-descriptor.yml @@ -99,9 +99,9 @@ linters: - "phpstan analyse --no-progress --no-ansi mydir1/ mydir2/ myfile.php" install: dockerfile: - - | - RUN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720 - ide: + - FROM ghcr.io/phpstan/phpstan:latest-php8.1 as phpstan + - COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan + - RUN chmod +x /usr/bin/phpstan idea: - name: PHPStan / Psalm / Generics url: https://plugins.jetbrains.com/plugin/12754-phpstan--psalm--generics