psalm-github-security-scan
psalm-github-security-scan copied to clipboard
psalm
Github Action fails
This action doesn't seem to work because composer is failing. Where would I fix this?
Problem 1
- The requested PHP extension ext-gd * is missing from your system. Install or enable PHP's gd extension.
Problem 2
- The requested PHP extension ext-zip * is missing from your system. Install or enable PHP's zip extension.
Problem 3
- Installation request for jean85/pretty-package-versions 2.0.5 -> satisfiable by jean85/pretty-package-versions[2.0.5].
- jean85/pretty-package-versions 2.0.5 requires composer-runtime-api ^2.0.0 -> no matching package found.
Problem 4
- jean85/pretty-package-versions 2.0.5 requires composer-runtime-api ^2.0.0 -> no matching package found.
- sentry/sentry 3.3.3 requires jean85/pretty-package-versions ^1.5|^2.0.1 -> satisfiable by jean85/pretty-package-versions[2.0.5].
- Installation request for sentry/sentry 3.3.3 -> satisfiable by sentry/sentry[3.3.3].
I don't use docker a lot, but I think the issue start here: https://github.com/psalm/psalm-github-security-scan/blob/master/Dockerfile#L18 We should be using composer 2.0.0 at least
It should resolve issues 3 and 4.
I'm more dubious about 1 and 2, I'm not completely sure which composer file it's talking about
Apparently, these errors appear when we run composer install in the container (see entrypoint.sh). I believe we shouldn't be doing that at all; we should instead let the action consumer run whatever steps their project requires outside of our container, as the PHP version and extensions they require may differ from what we have in the container.
Hi all,
I'm a little out of depth here but trying to set this up and receive an error similar to problem 1 and 2.
My understanding is as we're using a docker image, and there is no way to run arbitrary code, i can't use this github action.
I could try creating a new image based around yours, or install psalm on the runner during the run.
