Skip to content

ci: replace Super-Linter with reusable quality and security workflows, pin reusable ECS workflow, group Dependabot updates, and refresh linter and Gitleaks configs.#12

Merged
terabytesoftw merged 1 commit into
mainfrom
ci/replace-super-linter-reusable-quality-security
Jul 5, 2026
Merged

ci: replace Super-Linter with reusable quality and security workflows, pin reusable ECS workflow, group Dependabot updates, and refresh linter and Gitleaks configs.#12
terabytesoftw merged 1 commit into
mainfrom
ci/replace-super-linter-reusable-quality-security

Conversation

@terabytesoftw

Copy link
Copy Markdown
Contributor

Pull Request

  • Breaking change (fix or feature that would cause existing functionality to change)
  • Bugfix (non-breaking change that fixes an issue)
  • CI/build configuration
  • Documentation update
  • New feature (non-breaking change that adds functionality)
  • Refactoring (no functional changes)

…, pin reusable ECS workflow, group Dependabot updates, and refresh linter and Gitleaks configs.
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a50793c4-1840-4180-9765-c1ce1c72a1ec

📥 Commits

Reviewing files that changed from the base of the PR and between 0118cdb and 8e8b2da.

📒 Files selected for processing (15)
  • .github/dependabot.yml
  • .github/linters/.codespellrc
  • .github/linters/.editorconfig-checker.json
  • .github/linters/.gitleaks.toml
  • .github/linters/actionlint.yml
  • .github/workflows/ecs.yml
  • .github/workflows/linter.yml
  • .github/workflows/quality.yml
  • .github/workflows/security.yml
  • .prettierignore
  • CHANGELOG.md
  • README.md
  • composer.json
  • scaffold-lock.json
  • src/config/rector.php
💤 Files with no reviewable changes (3)
  • .github/workflows/linter.yml
  • .github/linters/actionlint.yml
  • .github/linters/.gitleaks.toml
📜 Recent review details
🔇 Additional comments (13)
.github/dependabot.yml (1)

5-25: LGTM!

.github/linters/.codespellrc (1)

2-2: LGTM!

.github/linters/.editorconfig-checker.json (1)

3-7: LGTM!

composer.json (1)

13-28: LGTM!

src/config/rector.php (1)

10-11: 📐 Maintainability & Code Quality | ⚡ Quick win

Confirm importNames() defaults are intended.

importNames() with no arguments also auto-imports single short class names (importShortClasses defaults to true), which can introduce naming collisions across files with similarly named short classes, and has been reported as a performance cost on larger codebases. If only FQCN→use-statement conversion is desired without short-class auto-importing, consider importNames(true, false) / importShortClasses: false.

scaffold-lock.json (2)

4-4: LGTM!

Also applies to: 34-34, 58-74


75-80: 🎯 Functional Correctness

No action needed .github/linters/actionlint.yml is absent, and there are no remaining references to it.

.prettierignore (1)

1-21: 📐 Maintainability & Code Quality

No issue: the remaining runtime/** ignore still covers the only matching path, and there are no tracked package-lock.json or minified files.

.github/workflows/quality.yml (1)

1-22: LGTM!

.github/workflows/ecs.yml (1)

19-22: LGTM!

CHANGELOG.md (1)

8-11: LGTM!

README.md (1)

198-202: LGTM!

.github/workflows/security.yml (1)

8-16: 🔒 Security & Privacy

contents: read is sufficient here. The reusable yii2-framework/actions/.github/workflows/security.yml workflow only requires that scope, so no broader PR or security-events permissions are needed.

			> Likely an incorrect or invalid review comment.

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added dedicated quality and security checks to pull request and push workflows.
    • Updated repository badges to show the new project status checks.
  • Bug Fixes

    • Tightened secret-scanning and formatting-related ignore rules for more reliable checks.
    • Simplified dependency update handling to reduce update noise.
  • Chores

    • Updated project dependencies and refreshed related lock/configuration files.
    • Added a changelog entry for the latest maintenance updates.

Walkthrough

This PR restructures CI by replacing a super-linter workflow with two new reusable workflows (quality, security) and pinning the ecs.yml workflow to a specific commit. It updates dependabot grouping, linter configs (codespell, editorconfig-checker, gitleaks), prettierignore, composer dependencies, rector config, and syncs scaffold-lock hashes, README, and CHANGELOG accordingly.

Changes

CI Workflows and Linter Configuration

Layer / File(s) Summary
Reusable quality/security workflows and super-linter removal
.github/workflows/quality.yml, .github/workflows/security.yml, .github/workflows/ecs.yml, .github/workflows/linter.yml
Adds new quality and security workflows calling pinned reusable actions, pins ecs.yml to a commit SHA and drops write permission, and deletes the old super-linter workflow entirely.
Linter config and dependabot grouping updates
.github/dependabot.yml, .github/linters/.codespellrc, .github/linters/.editorconfig-checker.json, .github/linters/.gitleaks.toml, .prettierignore
Adds cooldown/grouping rules to dependabot, expands ignore lists for codespell/editorconfig-checker/prettier, and removes a gitleaks allowlist exemption for test fixtures.
Dependency bumps and baseline scaffold sync
composer.json, src/config/rector.php, scaffold-lock.json
Bumps rector, easy-coding-standard, and scaffold dependency versions, adds an authors entry, calls importNames() in rector config, and syncs scaffold-lock hashes/provider version.
Changelog and README status badges
CHANGELOG.md, README.md
Documents CI changes in the changelog and replaces the quality-code badge with separate quality and security workflow badges under a new "Project status" heading.

Estimated code review effort: 2 (Simple) | ~15 minutes

Possibly related PRs

Poem

Hop, hop, through pipelines new,
Quality and security, badges too,
Old linter swept, cooldowns set,
Hashes synced without regret,
A rabbit cheers this tidy CI debut! 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main CI and config changes in the pull request.
Description check ✅ Passed The description is related to the changeset and correctly frames it as a refactoring.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/replace-super-linter-reusable-quality-security

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@terabytesoftw

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8e8b2dacd6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread composer.json
@terabytesoftw terabytesoftw merged commit 65a096b into main Jul 5, 2026
21 checks passed
@terabytesoftw terabytesoftw deleted the ci/replace-super-linter-reusable-quality-security branch July 5, 2026 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant