ci: adopt org reusable workflows, drop intra-org SHA pin#83
Merged
Conversation
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
There was a problem hiding this comment.
Pull request overview
This PR migrates the repository’s GitHub Actions CI/release automation to Netresearch org-standard reusable workflows, primarily to centralize maintenance (and reduce Renovate churn) while keeping the repo-specific test matrix inline.
Changes:
- Replaced the inline PHPStan/PHP-CS-Fixer + coverage + Codecov steps with a single call to
netresearch/.github’s reusablephp-ci.yml. - Switched auto-merge automation to the org reusable
auto-merge-deps.yml. - Updated the release workflow to reference the org reusable workflow by branch ref (
@main) instead of a pinned SHA.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/ci.yml | Consolidates code-quality and coverage into the org reusable workflow while keeping the bespoke multi-dimensional test matrix inline. |
| .github/workflows/auto-merge-deps.yml | Replaces an inlined bot auto-merge workflow with the org reusable caller. |
| .github/workflows/release.yml | Drops the intra-org reusable SHA pin and tracks the reusable workflow via @main. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
CybotTM
added a commit
that referenced
this pull request
Jun 7, 2026
…uard (#84) ## Problem `Code Quality` (PHPStan) is **red on `main`** under current dependency resolution — confirmed by re-running the last-green run ([26959408575](https://github.com/netresearch/composer-agent-skill-plugin/actions/runs/26959408575)). This is independent of any workflow change; it's no-committed-lockfile drift. `CommandContextTrait::resolveContext()` guards `tryComposer()` (Composer ≥2.3) behind `method_exists($this, 'tryComposer')` so the deprecated `getComposer()` path still works on **Composer 2.2 LTS** — which `composer.json` explicitly supports (`"composer/composer": "2.2.*|^2.9"`, and the CI matrix tests 2.2). PHPStan analyses against the **highest** resolved Composer (2.10.1), where `tryComposer()` always exists, so it reports `function.alreadyNarrowedType` — **once per command class** that uses the trait (5 errors). The inline `@phpstan-ignore-next-line` does not match all per-class trait analyses, so it stopped suppressing them. ## Fix - Move the suppression to a **path-scoped `ignoreErrors`** entry in `phpstan.neon` (identifier `function.alreadyNarrowedType`, `reportUnmatched: false`) — robust across the trait's per-class analyses. - Drop the now-ineffective inline ignore. - **The runtime guard is unchanged** and still required for the 2.2.* support path. This is a false-positive suppression, not a weakening — PHPStan can't see the 2.2 resolution where the method genuinely may be absent. ## Verification Local, fresh highest resolution (`composer/composer` 2.10.1, PHPStan 2.2.2, PHP 8.5): **`[OK] No errors`** (was 5 errors before). ## Context Surfaced while migrating CI to the org reusable `php-ci.yml` (#83) — that PR's `Checks` job runs PHPStan and inherited this pre-existing failure. This fix is split out so it stands on its own and unblocks `main`.
- ci.yml: fold the code-quality + coverage jobs into the org-standard php-ci.yml reusable (PHPStan + PHP-CS-Fixer + PHPUnit-with-coverage + Codecov). Removes the per-repo codecov-action reference that Renovate kept bumping (#81, #82). The bespoke 'tests' job stays inline because the reusable matrices on PHP version only and cannot express this plugin's Symfony x Composer x prefer-lowest matrix or its network-test env. - auto-merge-deps.yml: replace the inlined copy with the reusable auto-merge-deps.yml caller (matches the rest of the org). - release.yml: drop the SHA pin on the intra-org reusable (release-composer-package.yml@<sha> -> @main). Intra-org reusable refs must track @main, not a pinned digest (stops Renovate #80). Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
CybotTM
force-pushed
the
chore/adopt-reusable-workflows
branch
from
2c8c992 to
6cb6b76
Compare
|
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
This was referenced Jun 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Migrates this repo's CI to the org's reusable workflows and removes the SHA pin on an intra-org reusable.
ci.yml— thecode-quality(PHPStan + PHP-CS-Fixer) andcoverage(PHPUnit + Codecov) jobs are folded into onenetresearch/.github/.github/workflows/php-ci.yml@maincaller. The bespoketestsjob stays inline — the reusable matrices on PHP version only and cannot express this plugin'sPHP × Symfony × Composer × prefer-lowestmatrix or theCOMPOSER_AUTH/github-oauth network-test env (see ci: clear GitHub auth for the network test step #77).auto-merge-deps.yml— replaces the inlined copy with the reusableauto-merge-deps.ymlcaller.release.yml— drops the SHA pin on the intra-org reusable (release-composer-package.yml@444271f… # main→@main).Why
Renovate was opening per-repo PRs for things that should be centrally managed:
codecov/codecov-actionbumps (chore(deps): update codecov/codecov-action action to v7 - autoclosed #81, chore(deps): update codecov/codecov-action digest to fb8b358 #82) — now gone, because the action lives once inphp-ci.yml.netresearch/.githubdigest bump (chore(deps): update netresearch/.github digest to fef56c7 #80) — intra-org reusable refs must track@main, never a pinned digest. With the pin removed, Renovate won't re-pin (config:recommendeddoesn't add digest pins).Closes #80, #81, #82.
Note on the inline
testsjobIt still pins
actions/checkout,setup-php,actions/cache— Renovate will still bump those occasionally. This PR stops the codecov churn and the intra-org SHA pin; it does not (and cannot, without losing the bespoke matrix) eliminate every per-repo action bump.Validation
yamllint(org config),actionlint,zizmorclean on all three changed files. No intra-org SHA pins and no inlinecodecov-actionremain.