Unpushed commits (local main ahead of origin/main)#1
Conversation
There was a problem hiding this comment.
Pull request overview
This PR brings the local main branch back in sync with origin/main by applying accumulated dependency updates and repository hygiene changes (GitHub automation + OSS meta docs), plus a few test cleanups.
Changes:
- Update PHP dependencies (notably Laravel/framework and related packages) via
composer.lock. - Add OSS/project meta files and GitHub automation (Dependabot config, dependency review, auto-merge workflow, issue templates).
- Minor test refactors to use imported class names instead of fully-qualified references.
Reviewed changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Unit/MicrosoftOAuthServiceTest.php | Use imported Request type in Http::assertSent callback. |
| tests/Unit/MicrosoftGraphServiceTest.php | Use imported RequestException in throws(...). |
| tests/TestCase.php | Use imported Route facade for test routes. |
| tests/Feature/RedirectTest.php | Replace FQCN usages with imports/short names (introduces a missing import issue). |
| tests/Feature/ControllerEdgeCasesTest.php | Use imported User::class instead of FQCN. |
| tests/Feature/CallbackTest.php | Use imported Request type in Http::assertSent callback. |
| src/Facades/MicrosoftEntraSSO.php | Update @see to short class name and add import (currently conflicts with Pint’s unused-import rule). |
| config/microsoft-entra-sso.php | Import App\Models\User and reference User::class in default guard config. |
| composer.lock | Dependency updates / lock refresh. |
| SECURITY.md | Add security policy contact instructions. |
| CONTRIBUTING.md | Add contribution guidelines (needs alignment with repo lint tooling). |
| .github/workflows/dependency-review.yml | Add dependency review workflow (uses actions/checkout@v6, inconsistent with repo). |
| .github/workflows/dependabot-auto-merge.yml | Add Dependabot PR auto-merge workflow. |
| .github/dependabot.yml | Add Dependabot configuration (includes npm ecosystem without a root manifest). |
| .github/ISSUE_TEMPLATE/feature_request.yml | Add feature request template. |
| .github/ISSUE_TEMPLATE/bug_report.yml | Add bug report template (currently invalid YAML and contains a typo). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: 'Checkout Repository' | ||
| uses: actions/checkout@v6 |
There was a problem hiding this comment.
This workflow uses actions/checkout@v6, while the other workflows in this repo use actions/checkout@v4. To reduce the chance of CI breakage and keep versions consistent, consider pinning to the same major version as the rest of the repo (or verify that @v6 is available and intended).
| uses: actions/checkout@v6 | |
| uses: actions/checkout@v4 |
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | ||
|
|
||
| - **Add tests!** - Your patch won't be accepted if it doesn't have tests. |
There was a problem hiding this comment.
The contributing guide requires PSR-2 and points contributors to PHP_CodeSniffer, but this repo’s CI runs composer lint which executes Laravel Pint (vendor/bin/pint --test) with the laravel preset. Update the guide to match the actual formatting/linting toolchain (Pint) so contributors follow the same rules as CI.
| value: "| | ||
| We're sorry to hear you have a problem. Can you help us solve it by providing the following details." |
There was a problem hiding this comment.
The issue template YAML is invalid: value is started as a quoted string ("|) and the following line is not indented under it. GitHub will likely fail to load this template. Use YAML block scalar syntax (value: |) and indent the markdown content under value.
| value: "| | |
| We're sorry to hear you have a problem. Can you help us solve it by providing the following details." | |
| value: | | |
| We're sorry to hear you have a problem. Can you help us solve it by providing the following details. |
| - type: dropdown | ||
| id: operating-systems | ||
| attributes: | ||
| label: Which operating systems does with happen with? |
There was a problem hiding this comment.
Typo/grammar in the label: "Which operating systems does with happen with?" should be corrected (e.g., "Which operating systems does this happen on?") for clarity in the issue template UI.
| label: Which operating systems does with happen with? | |
| label: Which operating systems does this happen on? |
| - package-ecosystem: "npm" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" | ||
| allow: | ||
| - dependency-type: "direct" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: [ "version-update:semver-major" ] | ||
| groups: | ||
| minor-and-patch: | ||
| update-types: [ "minor", "patch" ] | ||
|
|
There was a problem hiding this comment.
The Dependabot config enables the npm ecosystem for directory: "/", but this repository doesn't contain a package.json/lockfile in the root. This will cause Dependabot runs to error/no-op and generate noise. Either remove the npm entry or add the appropriate Node manifest files if npm dependencies are intended.
| - package-ecosystem: "npm" | |
| directory: "/" | |
| schedule: | |
| interval: "daily" | |
| allow: | |
| - dependency-type: "direct" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: [ "version-update:semver-major" ] | |
| groups: | |
| minor-and-patch: | |
| update-types: [ "minor", "patch" ] |
Local main was 4 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.