setup-php sets COMPOSER_NO_AUDIT=1 by default, which causes composer
audit to skip. Override it to 0 for the audit step.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace docker-based composer/node invocations in the format and analyze
jobs with shivammathur/setup-php@v2 and actions/setup-node@v4. Split
locale check and composer validate/audit into dedicated jobs for clarity.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Upgrade phpstan/phpstan from 1.12.* to ^2.0
- Raise analysis level to max
- Expand paths from 3 specific dirs to src/, app/, bin/, tests/
- Generate baseline capturing 95,365 existing errors for incremental adoption
- Rename composer script from `check` to `analyze`
- Add --memory-limit=1G to handle larger scan scope
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move all TablesDB* test files from tests/e2e/Services/Databases/ to a
new tests/e2e/Services/TablesDB/ directory, updating namespaces and
adding explicit imports for shared base traits. Add TablesDB as a
separate service in the CI matrix so /v1/databases and /v1/tables tests
run as independent parallel jobs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace paginated listFiles API call with targeted getContent calls
to avoid timeouts on large PRs with thousands of changed files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move check-dependencies into ci.yml as Checks / Dependencies
(upgrade to osv-scanner-reusable-pr.yml@v2.3.3, drop merge_group)
- Move pr-scan into ci.yml as Checks / Image
(upgrade Trivy to 0.33.1, use SARIF + upload-sarif instead of
custom PR comment logic)
- Rename Setup job to Build
- Fix format job git checkout HEAD^2 to only run on pull_request
- Rename PHPStan step correctly (was mislabeled CodeQL)
- Add Docker Hub login to benchmark job
- Remove no-op pull_request trigger from ai-moderator
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge linter, static-analysis, tests, and benchmark workflows into ci.yml
with structured job naming (Checks / Format, Tests / E2E / ..., etc.).
Shared Docker image build between tests and benchmark. Update actions to
latest versions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
loks0n