Unpushed commits (local main ahead of origin/main)#44
Merged
Conversation
added 6 commits
March 20, 2026 07:02
Made-with: Cursor
There was a problem hiding this comment.
Pull request overview
This PR syncs local main commits into the repository, primarily adding/adjusting repo meta files (security/contributing), updating GitHub Actions/dependabot configuration, and doing a small test cleanup.
Changes:
- Add root-level
SECURITY.mdandCONTRIBUTING.md, and update.gitignore. - Update GitHub Actions workflows and Dependabot configuration/scheduling.
- Refactor
tests/ImageFieldTest.phpto use imports instead of fully-qualified names.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
tests/ImageFieldTest.php |
Simplifies references via use imports for the Nova field and package class. |
SECURITY.md |
Adds a root security policy file (currently duplicates existing policy under .github/). |
CONTRIBUTING.md |
Adds a root contributing guide (currently duplicates existing guide under .github/). |
.gitignore |
Ignores auth.json (commonly used for Composer auth). |
.github/workflows/fix-php-code-style-issues.yml |
Updates workflow permissions and action versions for auto-formatting/auto-commit. |
.github/workflows/dependency-review.yml |
Updates checkout action version used for dependency review workflow. |
.github/workflows/dependabot-auto-merge.yml |
Updates Dependabot metadata action version. |
.github/dependabot.yml |
Expands Dependabot to daily runs, adds grouping/ignore rules, and adds npm/composer ecosystems. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+14
to
+26
| - package-ecosystem: "npm" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" | ||
| allow: | ||
| - dependency-type: "direct" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: [ "version-update:semver-major" ] | ||
| groups: | ||
| minor-and-patch: | ||
| update-types: [ "minor", "patch" ] | ||
|
|
There was a problem hiding this comment.
The repo currently has no npm manifest/lockfile (no package.json, package-lock.json, etc.), so this npm Dependabot entry will be ineffective and may cause Dependabot update runs to error. Either remove the npm ecosystem section or add the appropriate npm manifests/lockfiles if Node dependencies are intended to be tracked here.
Suggested change
| - package-ecosystem: "npm" | |
| directory: "/" | |
| schedule: | |
| interval: "daily" | |
| allow: | |
| - dependency-type: "direct" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: [ "version-update:semver-major" ] | |
| groups: | |
| minor-and-patch: | |
| update-types: [ "minor", "patch" ] |
Comment on lines
+3
to
+55
| Contributions are **welcome** and will be fully **credited**. | ||
|
|
||
| Please read and understand the contribution guide before creating an issue or pull request. | ||
|
|
||
| ## Etiquette | ||
|
|
||
| This project is open source, and as such, the maintainers give their free time to build and maintain the source code | ||
| held within. They make the code freely available in the hope that it will be of use to other developers. It would be | ||
| extremely unfair for them to suffer abuse or anger for their hard work. | ||
|
|
||
| Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the | ||
| world that developers are civilized and selfless people. | ||
|
|
||
| It's the duty of the maintainer to ensure that all submissions to the project are of sufficient | ||
| quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used. | ||
|
|
||
| ## Viability | ||
|
|
||
| When requesting or submitting new features, first consider whether it might be useful to others. Open | ||
| source projects are used by many developers, who may have entirely different needs to your own. Think about | ||
| whether or not your feature is likely to be used by other users of the project. | ||
|
|
||
| ## Procedure | ||
|
|
||
| Before filing an issue: | ||
|
|
||
| - Attempt to replicate the problem, to ensure that it wasn't a coincidental incident. | ||
| - Check to make sure your feature suggestion isn't already present within the project. | ||
| - Check the pull requests tab to ensure that the bug doesn't have a fix in progress. | ||
| - Check the pull requests tab to ensure that the feature isn't already in progress. | ||
|
|
||
| Before submitting a pull request: | ||
|
|
||
| - Check the codebase to ensure that your feature doesn't already exist. | ||
| - Check the pull requests to ensure that another person hasn't already submitted the feature or fix. | ||
|
|
||
| ## Requirements | ||
|
|
||
| If the project maintainer has any additional requirements, you will find them listed here. | ||
|
|
||
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | ||
|
|
||
| - **Add tests!** - Your patch won't be accepted if it doesn't have tests. | ||
|
|
||
| - **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date. | ||
|
|
||
| - **Consider our release cycle** - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option. | ||
|
|
||
| - **One pull request per feature** - If you want to do more than one thing, send multiple pull requests. | ||
|
|
||
| - **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting. | ||
|
|
||
| **Happy coding**! |
There was a problem hiding this comment.
This file duplicates the existing .github/CONTRIBUTING.md (currently identical). Having both increases the risk of the contribution guidelines drifting. Consider keeping a single canonical CONTRIBUTING.md (either move it to the repo root or keep it under .github) and remove the duplicate.
Suggested change
| Contributions are **welcome** and will be fully **credited**. | |
| Please read and understand the contribution guide before creating an issue or pull request. | |
| ## Etiquette | |
| This project is open source, and as such, the maintainers give their free time to build and maintain the source code | |
| held within. They make the code freely available in the hope that it will be of use to other developers. It would be | |
| extremely unfair for them to suffer abuse or anger for their hard work. | |
| Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the | |
| world that developers are civilized and selfless people. | |
| It's the duty of the maintainer to ensure that all submissions to the project are of sufficient | |
| quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used. | |
| ## Viability | |
| When requesting or submitting new features, first consider whether it might be useful to others. Open | |
| source projects are used by many developers, who may have entirely different needs to your own. Think about | |
| whether or not your feature is likely to be used by other users of the project. | |
| ## Procedure | |
| Before filing an issue: | |
| - Attempt to replicate the problem, to ensure that it wasn't a coincidental incident. | |
| - Check to make sure your feature suggestion isn't already present within the project. | |
| - Check the pull requests tab to ensure that the bug doesn't have a fix in progress. | |
| - Check the pull requests tab to ensure that the feature isn't already in progress. | |
| Before submitting a pull request: | |
| - Check the codebase to ensure that your feature doesn't already exist. | |
| - Check the pull requests to ensure that another person hasn't already submitted the feature or fix. | |
| ## Requirements | |
| If the project maintainer has any additional requirements, you will find them listed here. | |
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | |
| - **Add tests!** - Your patch won't be accepted if it doesn't have tests. | |
| - **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date. | |
| - **Consider our release cycle** - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option. | |
| - **One pull request per feature** - If you want to do more than one thing, send multiple pull requests. | |
| - **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting. | |
| **Happy coding**! | |
| This repository uses a single canonical set of contribution guidelines. | |
| Please refer to [`.github/CONTRIBUTING.md`](.github/CONTRIBUTING.md) for the full contribution guide. |
Comment on lines
+43
to
+44
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | ||
|
|
There was a problem hiding this comment.
The contributing guide currently requires PSR-2 and suggests PHP_CodeSniffer, but this repo enforces formatting via Laravel Pint (composer script "format" runs pint). Update this requirement to match the actual tooling/style used by the project, otherwise contributors may follow the wrong standard.
| @@ -0,0 +1,3 @@ | |||
| # Security Policy | |||
|
|
|||
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |||
There was a problem hiding this comment.
This SECURITY.md duplicates the existing .github/SECURITY.md (same content). Keeping both makes it easy for the security policy to diverge over time; consider keeping a single canonical SECURITY.md and removing the duplicate.
Suggested change
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |
| This repository uses `.github/SECURITY.md` as the canonical security policy. Please refer to that file for up-to-date information on reporting security issues. |
| @@ -0,0 +1,3 @@ | |||
| # Security Policy | |||
|
|
|||
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |||
There was a problem hiding this comment.
Hyphenate the compound modifier here for correct grammar.
Suggested change
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |
| If you discover any security-related issues, please email info@codebar.ch instead of using the issue tracker. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Local main was 6 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.