- Upgrade phpstan/phpstan from 1.12.* to ^2.0
- Raise analysis level to max
- Expand paths from 3 specific dirs to src/, app/, bin/, tests/
- Generate baseline capturing 95,365 existing errors for incremental adoption
- Rename composer script from `check` to `analyze`
- Add --memory-limit=1G to handle larger scan scope
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move all TablesDB* test files from tests/e2e/Services/Databases/ to a
new tests/e2e/Services/TablesDB/ directory, updating namespaces and
adding explicit imports for shared base traits. Add TablesDB as a
separate service in the CI matrix so /v1/databases and /v1/tables tests
run as independent parallel jobs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace paginated listFiles API call with targeted getContent calls
to avoid timeouts on large PRs with thousands of changed files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolves GHSA-cfw5-2vxh-hr84 (CVSS 6.3) and GHSA-mwv9-gp5h-frr4
(CVSS 2.7) in astro test resource sites.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use $memory (which includes minMemory floor) and $cpus instead of raw
spec values in MB-seconds metrics, fixing underreporting for sites and
frameworks bumped to the minimum memory. Also remove redundant double
quotes around escapeshellarg() calls in mv command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move check-dependencies into ci.yml as Checks / Dependencies
(upgrade to osv-scanner-reusable-pr.yml@v2.3.3, drop merge_group)
- Move pr-scan into ci.yml as Checks / Image
(upgrade Trivy to 0.33.1, use SARIF + upload-sarif instead of
custom PR comment logic)
- Rename Setup job to Build
- Fix format job git checkout HEAD^2 to only run on pull_request
- Rename PHPStan step correctly (was mislabeled CodeQL)
- Add Docker Hub login to benchmark job
- Remove no-op pull_request trigger from ai-moderator
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge linter, static-analysis, tests, and benchmark workflows into ci.yml
with structured job naming (Checks / Format, Tests / E2E / ..., etc.).
Shared Docker image build between tests and benchmark. Update actions to
latest versions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace shell-based database change detection with github-script using
the GitHub API, eliminating the need for a full checkout. Restructure
matrix generation with guard clauses and no mutation. Remove ciIgnore
exclude group from test command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hardcode lowercase env vars per database branch instead of using tr.
Use proper casing for database matrix values (MongoDB, MariaDB, PostgreSQL).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge 6 E2E jobs into 3 by combining dedicated/shared mode variants
into a single matrix dimension. Database adapters and table modes
expand dynamically based on whether utopia-php/database changed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Re-add itznotabug/php-retry@v3 wrapping all test steps with
max_attempts: 2 and retry_wait_seconds: 300. Also restore
pull-requests: write permission needed by the action.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Change .env defaults back from MongoDB to MariaDB
- Bump all remaining "Load and Start Appwrite" timeouts from 3 to 5 minutes
- Filter listener.* span logs to only export on error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The abuseEnabled jobs previously only ran tests in Services/Projects,
missing the Account abuse test and any future abuseEnabled tests in
other services. Also rename jobs to "Abuse" for consistency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The docker compose pull step alone can take over 2.5 minutes on CI
(e.g. openruntimes-executor, traefik), leaving no time for
docker compose up --wait within 3 minutes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add proper healthchecks to infrastructure services and use
condition: service_healthy for redis in appwrite's depends_on
so it waits for Redis to be ready before starting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the manual shell polling loop (until doctor > /dev/null) with a
proper Docker healthcheck on the appwrite service and `docker compose up
--wait`, which blocks until healthchecks pass. Also reverts the timeout
back to 3 minutes now that image pulls are cached.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move adminer, redis-insight, mongo-express, and graphql-explorer to an
override file. CI sets COMPOSE_FILE=docker-compose.yml explicitly so
these are excluded from test runs, reducing the number of images to
pull from 14 to 10. Local docker compose auto-loads both files so dev
workflow is unchanged.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The 3-minute timeout was too tight with the added docker compose pull
step for downloading third-party images.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The screenshot tests have no abuse-related code. Abuse was only enabled
on these jobs as a side effect of the original sed command applying to
all jobs below e2e_service_test.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
_APP_DATABASE_SHARED_TABLES and _APP_DATABASE_SHARED_TABLES_V1 are
read by the server at boot time via System::getEnv(), not by the test
runner. Passing them via docker compose exec -e had no effect on the
already-running Swoole server. Move them to the Load and Start
Appwrite step so they're set at docker compose up time.
Keep _APP_E2E_RESPONSE_FORMAT on exec since it's read by the test
runner process (tests/e2e/Scopes/Scope.php).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use step-level env: fields and GHA expressions for conditional values
instead of shell export statements and if/elif blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace itznotabug/php-retry with native run steps and timeout-minutes.
Also remove pull-requests: write permission that was only needed by
php-retry to post PR comments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
loks0n
Matej Bačo
Matej Bačo
Eldad A. Fux