Pin GitHub Actions, update Linux workflow, and fix PHP 7.1 ZTS crash

[kjdev]

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflows to pin action versions for improved reliability and consistency across platforms.
  • Optimized workflow configurations for better dependency management and PHP environment handling.
  • Improved internal code compatibility and cache initialization handling.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates GitHub Actions workflows to pin marketplace actions to specific commits (checkout v6.0.2, cache v5.0.5, upload-artifact v7.0.1, download-artifact v8.0.1) and restructures the Linux CI matrix to target PHP 8.5–7.0 across nts/zts modes with conditional extension setup. In parallel, brotli.c is updated to fix PHP version compatibility in string initialization and add thread-safety cache initialization in serializer/unserializer functions.

Changes

CI/CD Workflow Infrastructure Updates

Layer / File(s)	Summary
Linux workflow matrix and setup .github/workflows/linux.yaml	Replaces container-based Alpine matrix with a simpler PHP version and thread-mode matrix (8.5–7.0, nts/zts). Pins actions/checkout with credential, safe-directory, and token options. Adds conditional Libbrotli installation based on matrix library mode. APCu test extension name updated to -d extension=apcu.so.
Windows workflow action versions .github/workflows/windows.yaml	Pins marketplace actions to commit SHAs: checkout (v6.0.2), cache (v5.0.5), upload-artifact (v7.0.1) in ci job; checkout and download-artifact (v8.0.1) in release job. Extends checkout configuration for credentials and submodule handling. PowerShell submodule initialization removed.

Brotli Source Code Fixes

Layer / File(s)	Summary
PHP version compatibility fix brotli.c	For PHP < 7.2, smart_str_extract now explicitly initializes an empty string via zend_string_init("", 0, 0) instead of ZSTR_EMPTY_ALLOC() when the internal string pointer is NULL.
Thread-safety cache initialization brotli.c	APC serializer and unserializer functions conditionally call ZEND_TSRMLS_CACHE_UPDATE() at entry when built as a dynamic extension (COMPILE_DL_BROTLI) with ZTS enabled, ensuring correct TSRM cache state in threaded environments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• kjdev/php-ext-brotli#81: Extends Linux CI matrix with PHP 8.5-alpine variants; this PR restructures the entire matrix with explicit PHP/TS modes.
• kjdev/php-ext-brotli#83: Introduces smart_str_extract and smart_str buffering semantics; this PR fixes the NULL fallback behavior for PHP < 7.2.

Poem

🐰 The workflows now pinned to solid ground,
Actions locked down, no drift around,
PHP threads sync their cache with care,
String handles empty, smooth and fair!
CI springs ahead with confidence bright. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately summarizes the three main changes: pinning GitHub Actions versions, updating the Linux workflow, and fixing a PHP 7.1 ZTS crash.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kjdev]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/windows.yaml (1)

73-80: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix actions/cache cache scoping in Windows workflow to avoid cross-ref cache reuse.

In .github/workflows/windows.yaml, the cache key doesn’t include github.ref/github.ref_name, and restore-keys is only ${{ runner.os }}-php-, so caches from other refs can be restored.

Suggested hardening

       - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: |
             C:\php\php-*.zip
-          key: ${{ runner.os }}-php-${{ matrix.php }}-${{ matrix.ts }}-${{ matrix.vs }}-${{ matrix.arch }}
+          key: ${{ runner.os }}-${{ github.workflow }}-${{ github.ref }}-php-${{ matrix.php }}-${{ matrix.ts }}-${{ matrix.vs }}-${{ matrix.arch }}
           restore-keys: |
-            ${{ runner.os }}-php-
+            ${{ runner.os }}-${{ github.workflow }}-${{ github.ref }}-php-

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/windows.yaml around lines 73 - 80, The cache key in the
actions/cache step (the `key` and `restore-keys` entries) is too coarse and can
restore caches from other branches/refs; update the `key` to include a
ref-specific suffix (e.g., `${{ github.ref_name }}` or `${{ github.ref }}`) and
tighten `restore-keys` accordingly so it only falls back to entries scoped to
the same ref/name (for example include the same ref token in both `key` and
`restore-keys` patterns); modify the cache step that uses `actions/cache` and
the `key`/`restore-keys` fields to include the ref token to prevent cross-ref
cache reuse.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/windows.yaml:
- Around line 73-80: The cache key in the actions/cache step (the `key` and
`restore-keys` entries) is too coarse and can restore caches from other
branches/refs; update the `key` to include a ref-specific suffix (e.g., `${{
github.ref_name }}` or `${{ github.ref }}`) and tighten `restore-keys`
accordingly so it only falls back to entries scoped to the same ref/name (for
example include the same ref token in both `key` and `restore-keys` patterns);
modify the cache step that uses `actions/cache` and the `key`/`restore-keys`
fields to include the ref token to prevent cross-ref cache reuse.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fee54e89-1486-47e5-8938-d99036bb1b99

📥 Commits

Reviewing files that changed from the base of the PR and between 68627a3 and e74345a.

📒 Files selected for processing (4)

• .github/workflows/linux.yaml
• .github/workflows/submodule.ps1
• .github/workflows/windows.yaml
• brotli.c

💤 Files with no reviewable changes (1)

• .github/workflows/submodule.ps1