Unpushed commits (local main ahead of origin/main)#31
Conversation
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions workflows to improve reliability and security by pinning action versions more tightly and refining when CI runs.
Changes:
- Pin GitHub Actions used in workflows to specific versions (e.g.,
actions/checkout,github-tag-action, dependency review). - Refine PHPStan workflow triggers (path filters, PR support), add concurrency control, and add job timeouts.
- Update the auto-commit action used by the PHP code style fixer workflow.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/release.yml |
Adds a job timeout and pins checkout + tag actions to specific versions. |
.github/workflows/phpstan.yml |
Adds path-based triggers for push/PR, concurrency + timeout, and updates action versions. |
.github/workflows/fix-php-code-style-issues.yml |
Updates the git auto-commit action version. |
.github/workflows/dependency-review.yml |
Pins checkout and dependency review action versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| uses: ramsey/composer-install@v3 | ||
| with: | ||
| composer-options: --prefer-dist --no-interaction | ||
| uses: ramsey/[email protected] |
There was a problem hiding this comment.
ramsey/composer-install was upgraded and the explicit composer-options: --prefer-dist --no-interaction input was removed. Unless you’ve verified v4’s defaults match the previous behavior, please re-add equivalent options (or the v4-supported inputs) to keep installs deterministic and avoid any chance of interactive prompts or different install modes.
| uses: ramsey/[email protected] | |
| uses: ramsey/[email protected] | |
| with: | |
| composer-options: --prefer-dist --no-interaction |
Local main was 7 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.