Skip to content

ci: adopt canonical php-module template#575

Closed
CybotTM wants to merge 1 commit into
mainfrom
ci/adopt-php-module-template
Closed

ci: adopt canonical php-module template#575
CybotTM wants to merge 1 commit into
mainfrom
ci/adopt-php-module-template

Conversation

@CybotTM

@CybotTM CybotTM commented Jun 16, 2026

Copy link
Copy Markdown
Member

Migrate CI to the canonical php-module template (netresearch/.github): explicit per-call-site permissions on every reusable, drift-enforced. CodeQL via default setup.

Drift-enforced canonical CI with explicit per-call-site permissions. CodeQL via default setup.

Signed-off-by: Sebastian Mendel <github@sebastianmendel.de>
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/security.yml

PackageVersionLicenseIssue Type
netresearch/.github/.github/workflows/dependency-review.ymlmainNullUnknown License
netresearch/.github/.github/workflows/gitleaks.ymlmainNullUnknown License
netresearch/typo3-ci-workflows/.github/workflows/security.ymlmainNullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/netresearch/.github/.github/workflows/dependency-review.yml main UnknownUnknown
actions/netresearch/.github/.github/workflows/gitleaks.yml main UnknownUnknown
actions/netresearch/typo3-ci-workflows/.github/workflows/security.yml main UnknownUnknown

Scanned Files

  • .github/workflows/security.yml

@sonarqubecloud

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
6 Security Hotspots

See analysis details on SonarQube Cloud

@CybotTM

CybotTM commented Jun 16, 2026

Copy link
Copy Markdown
Member Author

Withdrawing: full template standardization is the wrong approach for this repo. Plan is minimal CI fixes only (and at the GitLab source for mirrored repos).

@CybotTM CybotTM closed this Jun 16, 2026
@CybotTM CybotTM deleted the ci/adopt-php-module-template branch June 16, 2026 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants