search

psalm / psalm-github-security-scan

Psalm Security Scanning for GitHub Actions
53 stars 17 forks source link

Github Action fails #1

Open joshuaziering opened 2 years ago

joshuaziering commented 2 years ago

This action doesn't seem to work because composer is failing. Where would I fix this? 

Problem 1
      - The requested PHP extension ext-gd * is missing from your system. Install or enable PHP's gd extension.
    Problem 2
      - The requested PHP extension ext-zip * is missing from your system. Install or enable PHP's zip extension.
    Problem 3
      - Installation request for jean85/pretty-package-versions 2.0.5 -> satisfiable by jean85/pretty-package-versions[2.0.5].
      - jean85/pretty-package-versions 2.0.5 requires composer-runtime-api ^2.0.0 -> no matching package found.
    Problem 4
      - jean85/pretty-package-versions 2.0.5 requires composer-runtime-api ^2.0.0 -> no matching package found.
      - sentry/sentry 3.3.3 requires jean85/pretty-package-versions ^1.5|^2.0.1 -> satisfiable by jean85/pretty-package-versions[2.0.5].
      - Installation request for sentry/sentry 3.3.3 -> satisfiable by sentry/sentry[3.3.3].
orklah commented 2 years ago

I don't use docker a lot, but I think the issue start here: https://github.com/psalm/psalm-github-security-scan/blob/master/Dockerfile#L18 We should be using composer 2.0.0 at least

It should resolve issues 3 and 4.

I'm more dubious about 1 and 2, I'm not completely sure which composer file it's talking about

joshuaziering commented 2 years ago

I'll do a fork and see if I can get it to go with that.

weirdan commented 1 year ago

Apparently, these errors appear when we run composer install in the container (see entrypoint.sh). I believe we shouldn't be doing that at all; we should instead let the action consumer run whatever steps their project requires outside of our container, as the PHP version and extensions they require may differ from what we have in the container.

lukevandam commented 5 months ago

Hi all,

I'm a little out of depth here but trying to set this up and receive an error similar to problem 1 and 2.

My understanding is as we're using a docker image, and there is no way to run arbitrary code, i can't use this github action.

I could try creating a new image based around yours, or install psalm on the runner during the run.