New feature : PHP linters with support of SARIF output format

[llaville]

Fixes #3515

Readiness Checklist

Author/Contributor

• Add entry to the CHANGELOG listing the change and linking to the corresponding issue (if appropriate)
• If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

• Label as breaking if this is a large fundamental change
• Label as either automation, bug, documentation, enhancement, infrastructure, or performance

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ API	spectral	2		0	3.3s
✅ BASH	bash-exec	5		0	0.05s
✅ BASH	shellcheck	5		0	0.15s
✅ BASH	shfmt	5	0	0	0.58s
✅ COPYPASTE	jscpd	yes		no	3.87s
✅ DOCKERFILE	hadolint	129		0	17.9s
✅ JSON	jsonlint	18		0	0.26s
✅ JSON	v8r	20		0	27.86s
⚠️ MARKDOWN	markdownlint	264	0	268	33.88s
✅ MARKDOWN	markdown-table-formatter	264	0	0	143.5s
✅ OPENAPI	spectral	2		0	3.29s
⚠️ PYTHON	bandit	210		64	3.39s
✅ PYTHON	black	210	0	0	6.4s
✅ PYTHON	flake8	210		0	2.37s
✅ PYTHON	isort	210	0	0	1.31s
✅ PYTHON	mypy	210		0	20.06s
✅ PYTHON	pylint	210		0	18.23s
✅ PYTHON	ruff	210	0	0	0.62s
✅ REPOSITORY	checkov	yes		no	42.29s
✅ REPOSITORY	git_diff	yes		no	0.56s
⚠️ REPOSITORY	grype	yes		1	27.76s
✅ REPOSITORY	secretlint	yes		no	19.01s
✅ REPOSITORY	trivy	yes		no	27.63s
✅ REPOSITORY	trivy-sbom	yes		no	12.9s
⚠️ REPOSITORY	trufflehog	yes		1	12.82s
✅ SPELL	cspell	689		0	30.31s
⚠️ SPELL	lychee	344		1	10.21s
✅ XML	xmllint	3	0	0	0.58s
✅ YAML	prettier	161	0	0	6.81s
✅ YAML	v8r	102		0	196.92s
✅ YAML	yamllint	162		0	2.33s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by

[llaville]

• DEV/Linters (php_phpstan, linux/amd64)
• DEV/Linters (php_phpcs, linux/amd64)
  Both failed because Dockerfile(s) are not up-to-date with PHP descriptors

I should have forget something ! Help is welcome

[nvuillam]

@llaville of beta version was broken, i just fixed it :)

Did you run bash build.sh to generate the Dockerfiles from the descriptors ?

[llaville]

Did you run bash build.sh to generate the Dockerfiles from the descriptors ?

@nvuillam I've got following error

Traceback (most recent call last):
  File "/home/llaville/devilbox_data/github/megalinter/./.automation/build.py", line 18, in <module>
    import git
ModuleNotFoundError: No module named 'git'

on WSL-2 / Ubuntu 22.04 LTS platform

OK: I know now why, but the Contributing Guide need to be upgrade ...

[llaville]

On Contributing Guide, we can read

With write access

    Clone the repository (only if you have write access)
    Create a new branch: git checkout -b my-branch-name
    Make your change
    Update CHANGELOG.md (the root one, not the one in /docs)
    Run bash build.sh to regenerate dockerfile from updated sources (run bash build.sh --doc if you want to also regenerate documentation)
    Push and [submit a pull request](https://github.com/oxsecurity/megalinter/compare)
    Pat yourself on the back and wait for your pull request to be reviewed and merged.

Or

Without write access

    [Fork](https://github.com/oxsecurity/megalinter/fork) and clone the repository
    Create a new branch: git checkout -b my-branch-name
    Make your change
    Update CHANGELOG.md (the root one, not the one in /docs)
    Run bash build.sh to regenerate dockerfile from updated sources (run bash build.sh --doc if you want to also regenerate documentation)
    Push to your fork and [submit a pull request](https://github.com/oxsecurity/megalinter/compare)
    Pat your self on the back and wait for your pull request to be reviewed and merged.

But we don't see that the venv is mandatory

mkdir venv
python -m venv venv/
source venv/bin/activate
pip install --upgrade -r .config/python/dev/requirements.txt

As I do not contribute all days, I forgot it (and I prefer to see it in guide rather than remember it)

[llaville]

Ok now for PHP linters but there are still issues with at least

[bdovaz]

Ok now for PHP linters but there are still issues with at least

Re-running, sometimes randomly fails...

[nvuillam]

Not so randomly.... when it fails it's often because some remote server decides to not respond to our calls :p

[nvuillam]

We are all green :)

Thanks for this stunning contribution @llaville , MegaLinter PHP coverage wouldn't be the same without you :)