Unpushed commits (local main ahead of origin/main)#86
Conversation
There was a problem hiding this comment.
Pull request overview
This PR syncs local main changes by cleaning up duplicated community-health files and modernizing several GitHub Actions workflows (triggering, pinning, permissions, and timeouts).
Changes:
- Remove root-level
SECURITY.mdandCONTRIBUTING.md(policies already exist under.github/). - Update multiple workflows with pinned action versions plus added timeouts/permissions and improved PHPStan triggering (paths, PRs, concurrency).
- Update
.github/CONTRIBUTING.mdto document Laravel Pint as the formatting standard.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| SECURITY.md | Deletes root security policy file (policy exists under .github/SECURITY.md). |
| CONTRIBUTING.md | Deletes root contributing guide (guide exists under .github/CONTRIBUTING.md). |
| .github/workflows/release.yml | Adds timeout and pins actions; updates checkout/tag action references. |
| .github/workflows/phpstan.yml | Restricts triggers by paths, adds PR + manual triggers, adds concurrency/timeout, pins actions. |
| .github/workflows/fix-php-code-style-issues.yml | Adds write permissions, pins actions, simplifies checkout. |
| .github/workflows/dependency-review.yml | Pins checkout and dependency-review action versions. |
| .github/CONTRIBUTING.md | Replaces PSR-2 guidance with Pint-based formatting guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| If the project maintainer has any additional requirements, you will find them listed here. | ||
|
|
||
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | ||
| - **[Laravel Pint](https://github.com/laravel/pint)** - PHP style is enforced with Pint (PSR-12–oriented, via PHP-CS-Fixer). Run `composer install`, then `./vendor/bin/pint` before pushing (`composer run format` instead if your package defines that script). The **Fix PHP code style issues** GitHub Action also runs on push and may commit formatting fixes. |
There was a problem hiding this comment.
The guidance to run composer run format is misleading here: this repo’s composer.json defines a format script that runs php-cs-fixer, not Pint. Either update the docs to point only to ./vendor/bin/pint (or add a dedicated Pint script), or change the format script to run Pint so the instructions match actual behavior.
| - **[Laravel Pint](https://github.com/laravel/pint)** - PHP style is enforced with Pint (PSR-12–oriented, via PHP-CS-Fixer). Run `composer install`, then `./vendor/bin/pint` before pushing (`composer run format` instead if your package defines that script). The **Fix PHP code style issues** GitHub Action also runs on push and may commit formatting fixes. | |
| - **[Laravel Pint](https://github.com/laravel/pint)** - PHP style is enforced with Pint (PSR-12–oriented, via PHP-CS-Fixer). Run `composer install`, then `./vendor/bin/pint` before pushing. The **Fix PHP code style issues** GitHub Action also runs on push and may commit formatting fixes. |
| timeout-minutes: 10 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
This workflow upgrades actions/checkout to v6.0.2, while other workflows (e.g. .github/workflows/run-tests.yml) still use actions/checkout@v4. Mixing major versions across workflows makes maintenance harder and risks subtle differences in checkout behavior; consider standardizing on the same major version across all workflows (either keep v4 everywhere or bump all workflows together after verifying compatibility).
| - uses: actions/checkout@v6.0.2 | |
| - uses: actions/checkout@v4 |
| timeout-minutes: 5 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
This workflow upgrades actions/checkout to v6.0.2, while other workflows (e.g. .github/workflows/run-tests.yml) still use actions/checkout@v4. Mixing major versions across workflows makes maintenance harder and risks subtle differences in checkout behavior; consider standardizing on the same major version across all workflows (either keep v4 everywhere or bump all workflows together after verifying compatibility).
| - uses: actions/checkout@v6.0.2 | |
| - uses: actions/checkout@v4 |
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.head_ref }} | ||
| uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
This workflow upgrades actions/checkout to v6.0.2, while other workflows (e.g. .github/workflows/run-tests.yml) still use actions/checkout@v4. Mixing major versions across workflows makes maintenance harder and risks subtle differences in checkout behavior; consider standardizing on the same major version across all workflows (either keep v4 everywhere or bump all workflows together after verifying compatibility).
| uses: actions/checkout@v6.0.2 | |
| uses: actions/checkout@v4 |
| steps: | ||
| - name: 'Checkout Repository' | ||
| uses: actions/checkout@v6 | ||
| uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
This workflow upgrades actions/checkout to v6.0.2, while other workflows (e.g. .github/workflows/run-tests.yml) still use actions/checkout@v4. Mixing major versions across workflows makes maintenance harder and risks subtle differences in checkout behavior; consider standardizing on the same major version across all workflows (either keep v4 everywhere or bump all workflows together after verifying compatibility).
| uses: actions/checkout@v6.0.2 | |
| uses: actions/checkout@v4 |
Local main was 10 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.