name: Security

on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
  schedule:
    - cron: '0 6 * * 1'

jobs:
  semgrep:
    name: PHP Security (semgrep)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Install semgrep
        run: |
          apt-get update -qq
          apt-get install -y -qq python3 python3-pip
          pip3 install semgrep

      - name: Run semgrep
        run: semgrep --config=p/php --config=p/owasp-top-ten --error .