Skip to content

ci: update push branches in psalm workflow#54

Merged
shimomo merged 3 commits intogh-pagesfrom
fix/update-push-branch-in-psalm
Aug 30, 2025
Merged

ci: update push branches in psalm workflow#54
shimomo merged 3 commits intogh-pagesfrom
fix/update-push-branch-in-psalm

Conversation

@shimomo
Copy link
Copy Markdown
Contributor

@shimomo shimomo commented Aug 29, 2025
edited by coderabbitai bot
Loading

Psalm 用のワークフローにおいてプッシュのブランチが存在しない *.x になっていたため、デフォルトブランチの gh-pages に変更しました。また、動作に影響しない範囲で微調整を行いました。

Summary by CodeRabbit

  • Chores
    • CIの静的解析ワークフローのpushトリガーをgh-pagesブランチに限定しました。
    • CIで利用するPHPセットアップとチェックアウト処理を特定のコミットに固定(バージョン固定)しました。
    • PHPセットアップにtools: composer:v2およびcoverage: noneの入力を追加しました。
    • pull_request、スケジュール、手動実行など他のトリガーは引き続き動作します。
    • 機能やUIの変更はありません。

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Aug 29, 2025
edited
Loading

Walkthrough

GitHub Actions の psalm ワークフローで、push トリガー対象を *.x から gh-pages に変更し、shivammathur/setup-phpactions/checkout をそれぞれ特定コミットにピン留めし、setup-php に tools: composer:v2coverage: none の入力を追加しました。その他のトリガーは維持されています。

Changes

Cohort / File(s) Change summary
Workflow trigger change
.github/workflows/psalm.yml		 on.push.branches- '*.x' から - 'gh-pages' に更新。
Action pinning
.github/workflows/psalm.yml		 shivammathur/setup-phpshivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 にピン留め、actions/checkoutactions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 にピン留め。
Setup PHP inputs
.github/workflows/psalm.yml		 shivammathur/setup-php ステップに tools: composer:v2coverage: none の入力を追加。

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant GH as GitHub (events)
    participant WF as psalm.yml (workflow)
    participant CH as actions/checkout@08c6903c
    participant PHP as shivammathur/setup-php@ec406be51
    participant PS as Psalm

    note over GH,WF #F3F4F6: トリガー (push on 'gh-pages', pull_request, schedule, workflow_dispatch)
    GH->>WF: push (gh-pages) / other triggers
    WF->>CH: checkout code (pinned)
    WF->>PHP: setup PHP (pinned, tools: composer:v2, coverage: none)
    WF->>PS: run psalm
    PS-->>WF: result
    WF-->>GH: status
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

ぴょんと跳ねるワークフローの朝、
gh-pages にだけ風が吹く。
コミットで結ばれた道しるべ、
composer の風を連れてくるよ 🐇✨

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0dc4f2b and edd7984.

📒 Files selected for processing (1)
  • .github/workflows/psalm.yml (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/psalm.yml
✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/update-push-branch-in-psalm
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 29, 2025
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/psalm.yml (1)

25-31: Actions のバージョンをタグではなくコミット SHA でピン留めしてください

supply chain リスク低減のため shivammathur/setup-php@v2actions/checkout@v4 をコミット SHA に固定することを推奨します(Dependabot で定期更新)。

🧹 Nitpick comments (3)
.github/workflows/psalm.yml (3)

30-35: Composer 依存キャッシュで CI を高速化

Composer キャッシュを追加すると実行時間短縮とネットワーク安定性に寄与します。

       - name: Checkout Repository
         uses: actions/checkout@v4

+      - name: Cache Composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.composer/cache/files
+          key: composer-${{ runner.os }}-${{ hashFiles('composer.lock') }}
+          restore-keys: |
+            composer-${{ runner.os }}-
+
       - name: Install Dependencies
         run: composer install --prefer-dist --no-interaction --no-progress --dev

36-37: GitHub 注釈でレビューしやすく出力

PSalm の出力を GitHub フォーマットにし、進捗表示を抑制するとログが見やすくなります。情報レベルのメッセージが多すぎる場合は --show-info=false も検討してください。

-      - name: Run Psalm
-        run: vendor/bin/psalm --show-info=true
+      - name: Run Psalm
+        run: vendor/bin/psalm --output-format=github --no-progress --show-info=true

6-6: gh-pagesブランチにcomposer.jsonとpsalm.xmlが存在

psalm.xml.distは見つかりませんでしたが、psalm.xmlがあるためジョブは正常に実行されます。必要に応じてpushトリガーにtags(例:v*)やpathsフィルター(例:**/.php、composer.json、composer.lock、psalm.xml)の追加を検討してください。

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a9a712d and d675bc6.

📒 Files selected for processing (1)
  • .github/workflows/psalm.yml (1 hunks)

coderabbitai[bot]
coderabbitai bot reviewed Aug 30, 2025
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
.github/workflows/psalm.yml (2)

6-6: gh-pages のみへの push 制限は妥当

デフォルトブランチが gh-pages で、過去に *.x ブランチも存在しませんでした。
要件に応じて、他ブランチ(例:main)への直接 push を含めるか、paths フィルタで PHP 変更時のみ実行することをご検討ください。

25-25: setup-php アクションの SHA 固定は有効です (ec406be5: 2025-08-25 “Bump version to 2.35.4”)

  • PHP 8.4/Ubuntu 24.04 のサポート可否を公式リポジトリで事前確認してください
  • 任意: tools: composer:v2coverage: none を追加するとワークフローが高速化されます
       - name: Setup PHP ${{ matrix.php-version }}
-        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4
+        uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4
         with:
           php-version: ${{ matrix.php-version }}
           extensions: mbstring, xml
+          tools: composer:v2
+          coverage: none
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d675bc6 and 0dc4f2b.

📒 Files selected for processing (1)
  • .github/workflows/psalm.yml (2 hunks)
🔇 Additional comments (1)
.github/workflows/psalm.yml (1)

31-31: Checkout アクションに persist-credentials: false を追加
push を行わないワークフローのため、トークン漏洩リスクを低減します。

       - name: Checkout Repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        with:
+          persist-credentials: false

@shimomo shimomo merged commit 19de332 into gh-pages Aug 30, 2025
6 checks passed
@shimomo shimomo deleted the fix/update-push-branch-in-psalm branch August 30, 2025 05:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shimomo