Add PHP Version Audit to notifiy when the PHP version needs to be bumped

Signed-off-by: Daniel <daniel@developerdan.com>

.github/workflows/php-version-audit.yml

@@ -0,0 +1,15 @@
+name: PHP Version Audit
+
+on:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+  schedule:
+    - cron: '0 0 16 * *' # run arbitrarily once a month
+  workflow_dispatch:
+
+jobs:
+  php-version-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - run: ./php-version-audit.sh

php-version-audit.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+# Run PHP Version Audit against all the base docker images to alert if they are EOL or have CVEs
+# See https://www.github.developerdan.com/php-version-audit/
+
+# Parse out the "FROM php:" tags from the Dockerfiles
+php_tags=$(find . -type f -name Dockerfile -not -path '*/.*' | xargs cat | grep "FROM php:" | sort -u | sed 's/.*://')
+
+# For each image, get the full php version
+php_versions=$(echo "${php_tags}" | while read -r tag; do
+  docker run --pull always --rm --entrypoint=php "php:${tag}" -r 'echo phpversion()."\n";';
+done | sort -u)
+
+# Run all the php version through php-version-audit with the '--fail-security' flag
+# to generate an exit code if a CVE is found or the support is EOL
+echo "${php_versions}" | while read -r version; do
+  docker run --rm lightswitch05/php-version-audit:latest --fail-security --version="${version}";
+done