Unpushed commits (local main ahead of origin/main)#3
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds/updates GitHub Actions workflows to automate releases, run PHPStan, and refresh action versions used by existing CI workflows.
Changes:
- Add a
releaseworkflow intended to bump versions and push tags when PRs tomainare closed. - Add a
PHPStanworkflow triggered on PHP/composer/phpstan file changes. - Update existing workflows to newer action versions (dependency review, auto-commit for Pint fixes).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/release.yml | New workflow to tag/bump versions on PR close. |
| .github/workflows/phpstan.yml | New workflow to run PHPStan on pushes/PRs affecting PHP-related files. |
| .github/workflows/fix-php-code-style-issues.yml | Bumps git auto-commit action version used after Pint fixes. |
| .github/workflows/dependency-review.yml | Pins checkout and dependency-review-action versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| pull_request: | ||
| types: | ||
| - closed | ||
| branches: | ||
| - main |
There was a problem hiding this comment.
This workflow triggers on any PR close, including PRs closed without merging. Add a guard like if: github.event.pull_request.merged == true (or switch the trigger to push on main) so tags/releases are only created when changes actually land on main.
| - name: Bump version and push tag | ||
| uses: anothrNick/github-tag-action@1.75.0 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }} | ||
| WITH_V: true | ||
| RELEASE_BRANCHES: main |
There was a problem hiding this comment.
The tagging step uses a custom secret (secrets.MY_GITHUB_TOKEN) and the workflow doesn’t declare permissions: contents: write. This is likely to fail (and secrets aren’t available to pull_request runs from forks). Prefer ${{ secrets.GITHUB_TOKEN }} with explicit permissions: contents: write, and/or run the release workflow on push to main where the token can push tags safely.
Local main was 7 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.