first commit

This commit is contained in:
brusnitsyn
2026-06-24 17:20:43 +09:00
commit 43499acf1c
165 changed files with 25929 additions and 0 deletions

63
.github/workflows/security.yml vendored Normal file
View File

@@ -0,0 +1,63 @@
name: security
on:
push:
branches: [develop, main, master]
pull_request:
branches: [develop, main, master]
schedule:
# Еженедельная проверка уязвимостей зависимостей (мера УКФ.4).
- cron: '0 3 * * 1'
permissions:
contents: read
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
coverage: none
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
# УКФ.4: анализ уязвимостей в зависимостях.
- name: Composer audit
run: composer audit --no-interaction
# ОЦЛ.1: контроль целостности lock-файлов (запрет несогласованных изменений).
- name: Verify composer.lock integrity
run: composer validate --strict
# Статический анализ (ОПС: безопасность кода).
- name: Static analysis (Larastan)
run: ./vendor/bin/phpstan analyse --no-progress || true
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Copy environment
run: cp .env.example .env && php artisan key:generate
- name: Run tests
run: ./vendor/bin/pest