Tooling: Fixed PHPCS check. #1146
Conversation
WalkthroughUpdated the GitHub Actions workflow Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~7 minutes 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
veryspry
force-pushed
the
matt/phpcs-fix
branch
from
560648e to
f3d99af
Compare
veryspry
force-pushed
the
matt/phpcs-fix
branch
from
f3d99af to
6aac8b9
Compare
veryspry
force-pushed
the
matt/phpcs-fix
branch
from
6aac8b9 to
e22c6af
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
.github/workflows/php-lint-pr.yml (2)
15-18: setup-php v4.1.0 addresses apt-fast; watch out for PHP 7.4 install on ubuntu-latest.This resolves the apt-fast/apt change. One caveat: installing PHP 7.4 on ubuntu-latest (currently 24.04) can be flaky/unavailable via PPAs. If you hit intermittent failures, either:
- Pin the runner to ubuntu-22.04, which still reliably supports PHP 7.4 via apt.
- Or switch to shivammathur/setup-php, which provides prebuilt PHP versions and is more resilient for EOL versions.
Suggested alternatives:
Option A (pin the runner)
runs-on: ubuntu-22.04Option B (switch action)
- - uses: nanasess/setup-php@v4.1.0 + - uses: shivammathur/setup-php@v2 with: php-version: '7.4'
26-26: Explicit ‘standard: phpcs.xml’ is fine; consider using phpcs.xml.dist for flexibility.If you want local overrides without changing CI, use phpcs.xml.dist in the repo and keep developers’ local phpcs.xml ignored. Not required; current config is OK.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/php-lint-pr.yml(2 hunks)
🔇 Additional comments (1)
.github/workflows/php-lint-pr.yml (1)
10-12: actions/checkout v5 bump looks good; confirm Node20 compatibility if using GHES/self-hosted.v5 runs on Node 20. On github.com’s ubuntu-latest this is fine. If you’re on GHES or self-hosted runners pinned to older Node, verify compatibility.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/php-lint-pr.yml (1)
15-15: Switched from nanasess/setup-php to shivammathur/setup-php — confirm intent; add composer tool pinningPR description mentions updating nanasess/setup-php, but the workflow now uses shivammathur/setup-php@v2. That’s fine (and commonly preferred), but please confirm this change was intentional.
While here:
- Ensure Composer v2 is available and consistent by pinning via tools.
- Disable code coverage to avoid installing/initializing xdebug unnecessarily.
Suggested tweak:
- - uses: shivammathur/setup-php@v2 - with: - php-version: '7.4' + - uses: shivammathur/setup-php@v2 + with: + php-version: '7.4' + tools: composer:v2 + coverage: noneNote: PHP 7.4 is EOL; keeping it here to avoid the vsprintf fatal (per your comment) is reasonable, but please confirm it’s still required.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/php-lint-pr.yml(2 hunks)
🔇 Additional comments (1)
.github/workflows/php-lint-pr.yml (1)
26-26: LGTM: explicit PHPCS standard setExplicitly specifying phpcs.xml is clear and matches the repo’s configuration. PHPCS would auto-detect this file name, but keeping it explicit is fine.
| @@ -7,12 +7,12 @@ jobs: | |||
| name: PHPCS (Files Changed) | |||
| runs-on: ubuntu-latest | |||
| steps: | |||
| - uses: actions/checkout@v2 | |||
| - uses: actions/checkout@v5 | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify actions/checkout@v5 exists; consider pinning to a known-good version or commit SHA
I’m not certain v5 of actions/checkout is released/available. v4 is the widely-used current major. If v5 doesn’t exist (or is pre-release), this will fail at runtime. Also, for supply-chain hardening, pinning to a commit SHA is recommended.
Consider this safe fallback if v5 is unavailable:
- - uses: actions/checkout@v5
+ - uses: actions/checkout@v4Optionally, pin to a specific commit SHA for checkout instead of a floating tag.
To confirm the latest published version of actions/checkout, please run this web search:
🌐 Web query:
What is the latest released version of GitHub Actions "actions/checkout"?
💡 Result:
The latest released version of the GitHub Actions actions/checkout action is v5.0.0, released on August 11, 2025[7][3].
- v5.0.0 requires runner version 2.327.1 or newer[7].
- The preceding stable release was v4.3.0[3][7].
When specifying the version in your workflow, use:
- uses: actions/checkout@v5or, to pin exactly:
- uses: actions/checkout@v5.0.0Recent minor versions (such as v4.1.4) are now superseded, and the use of v5 is recommended for the latest features and compatibility[7][3].
Citations:
- 1: https://dev.to/spacelift/using-checkout-action-in-github-actions-workflow-2bna
- 2: checkout@v2 not getting recent commits actions/checkout#439
- 3: https://newreleases.io/project/github/actions/checkout/release/v4.3.0
- 4: https://graphite.dev/guides/github-actions-checkout-guide
- 5: https://schnerring.net/blog/checking-out-code-committed-within-the-same-github-actions-workflow-run/
- 6: https://github.blog/changelog/2024-09-25-actions-new-images-and-ubuntu-latest-changes/
- 7: https://github.com/actions/checkout/releases
- 8: Recent update to v4.1.4 has incompatibilities with older versions of git actions/checkout#1708
- 9: https://docs.github.com/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
- 10: https://github.com/marketplace/actions/checkout-action
Confirm: actions/checkout@v5 is released — pin to a release or SHA and verify runner compatibility
Web results show actions/checkout v5.0.0 is released (2025-08-11) and requires runner >= 2.327.1. You can keep @v5, but for supply-chain hardening pin to the exact release or a commit SHA.
- File to update:
- .github/workflows/php-lint-pr.yml (around line 10)
Suggested change:
- - uses: actions/checkout@v5
+ - uses: actions/checkout@v5.0.0Or, for stronger pinning, use the action's commit SHA:
-
- uses: actions/checkout@<commit-sha>
If you use self-hosted runners older than 2.327.1, either upgrade them or stay on v4 as a fallback.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: actions/checkout@v5 | |
| - uses: actions/checkout@v5.0.0 |
🤖 Prompt for AI Agents
In .github/workflows/php-lint-pr.yml around line 10, the step uses
actions/checkout@v5 which is a floating tag; pin it to a specific release or
commit SHA and verify runner compatibility. Replace the loose @v5 with an exact
released tag (for example @v5.0.0) or the action's commit SHA to harden the
supply chain, and confirm your runners are >= 2.327.1 (or keep @v4 as a fallback
for older self-hosted runners).
52aa9f9 to
2c29a3b
Compare
Context
The PHPCS check was failing
Summary
apt-fastinstalled (or aliased toapt). Updatesnanasess/setup-phpto version 4.1.0 which accounts for that change.actions/checkoutto version 5. Unrelated to the above, but just for house keeping purposes.