ci: add psalm static analysis workflow

[lotyp]

Summary by CodeRabbit

• New Features

  • Introduced static analysis job using vimeo/psalm in GitHub Actions workflow.
  • Added dependency analysis workflow for validating and checking dependencies.

• Improvements

  • Enhanced composer validation with stricter options.
  • Added a new SQLite memory database connection for testing.
  • Updated PHPUnit configuration to use the new memory database connection.

• Updates

  • Updated PHP version to 8.3.7 and added decimal extension in coding standards workflow.
  • Added type declarations for constants in RouteServiceProvider and CategoryControllerTest.

[coderabbitai]

Warning

Rate limit exceeded

@lotyp has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 29 minutes and 39 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 728ed37 and d6f2875.

Walkthrough

The updates introduce new static and dependency analysis workflows, enhance Composer validation, and refine database configurations for testing. Additionally, type declarations for constants in PHP files are updated, and the PHP version in coding standards workflow is bumped to 8.3.7 with the addition of the decimal extension.

Changes

Files/Groups	Change Summary
.github/workflows/static-analysis.yml	Added psalm job for static analysis using vimeo/psalm.
.github/workflows/dependency-analysis.yml	Introduced a new workflow for dependency analysis using Composer and Phive.
Makefile	Enhanced validate-composer target with --ansi --strict options.
app/composer.json	Added environment variable settings for DB_CONNECTION=memory in test scripts.
app/config/database.php	Added new database connection configuration named memory using SQLite driver.
app/phpunit.xml.dist	Changed DB_CONNECTION value to memory and removed DB_DATABASE setting.
.../RouteServiceProvider.php	Updated constant HOME declaration with type string.
.../CategoryControllerTest.php	Updated constant API_BASE_PATH declaration with type string.
.github/workflows/coding-standards.yml	Updated PHP version to 8.3.7 and added decimal extension.

Poem

In the world of code so bright and keen,
New workflows join the scene.
Dependencies checked with care,
Composer validated with flair.
Constants now with types defined,
Our codebase, ever refined.
Cheers to progress, one commit at a time! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 4414a30 and e4e28f0.

Files selected for processing (2)

• .github/workflows/static-analysis.yml (1 hunks)
• app/psalm-baseline.xml (5 hunks)

Files skipped from review due to trivial changes (1)

• app/psalm-baseline.xml

Additional comments not posted (8)

.github/workflows/static-analysis.yml (8)

97-98: The checkout step is correctly configured.

---

100-106: The PHP setup step is correctly configured with appropriate PHP version and extensions.

---

108-109: The setup of problem matchers is correctly configured to enhance error reporting.

---

111-112: The validation of composer files is correctly configured, ensuring consistency in PHP dependency configurations.

---

114-117: Setting up the composer cache directory is correctly configured to optimize dependency installation times.

---

119-124: The restoration of cached dependencies is correctly configured, which is essential for efficient build processes.

---

126-130: The installation of dependencies is correctly configured to ensure compatibility across different setups.

---

132-133: The static analysis step using vimeo/psalm is correctly configured, aligning with the PR's objectives to enhance code quality.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

.github/workflows/dependency-analysis.yml (1)

77-86: Use of phive for dependency management and composer-require-checker for dependency analysis are appropriate. Consider documenting the use of phive to aid in maintenance and understanding.

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between e4e28f0 and 8c40bec.

Files ignored due to path filters (1)

• app/composer.lock is excluded by !**/*.lock

Files selected for processing (2)

• .github/workflows/dependency-analysis.yml (1 hunks)
• Makefile (1 hunks)

Files skipped from review due to trivial changes (1)

• Makefile

Additional comments not posted (4)

.github/workflows/dependency-analysis.yml (4)

3-15: Trigger conditions are appropriately set for dependency analysis.

---

40-57: Setup of PHP and validation of composer files are well-handled using specific versions of actions and tools for reproducibility.

---

23-39: Job setup with matrix strategy for OS and PHP versions is robust. Consider increasing the timeout if builds frequently exceed the current limit.

Verification successful

---

No timeout issues were found in the recent build logs, indicating that the current timeout setting is likely sufficient.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Check recent build logs for timeout issues.

# Test: Search for timeout logs. Expect: No frequent timeout logs.
gh pr view 396 --json comments --jq '.[] | select(.body | contains("timeout"))'

Length of output: 148

---

---

Script:

#!/bin/bash
# Description: Check recent build logs for timeout issues.

# Test: Search for timeout logs. Expect: No frequent timeout logs.
gh pr view 396 --json comments --jq '.comments[] | select(.body | contains("timeout"))'

Length of output: 89

---

59-76: Caching and installation of dependencies are efficiently handled. Keep an eye on the custom GitHub Actions used here for any updates or issues.

Verification successful

---

The latest release of the custom GitHub Actions used (wayofdev/gh-actions) is v3.1.0, which matches the version specified in your workflow. This indicates that you are using the most recent version of the action.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Check for updates or issues related to custom GitHub Actions used.

# Test: Search for recent issues or updates. Expect: No critical issues or updates.
gh repo view wayofdev/gh-actions --json releases --jq '.[0].tagName'

Length of output: 1170

---

---

Script:

#!/bin/bash
# Description: Check for updates or issues related to custom GitHub Actions used.

# Test: Search for recent issues or updates. Expect: No critical issues or updates.
gh repo view wayofdev/gh-actions --json latestRelease --jq '.latestRelease.tagName'

Length of output: 90

[coderabbitai]

Actionable comments posted: 0

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 8c40bec and c00b143.

Files ignored due to path filters (1)

• app/composer.lock is excluded by !**/*.lock

Files selected for processing (9)

• .github/workflows/dependency-analysis.yml (1 hunks)
• .github/workflows/static-analysis.yml (2 hunks)
• .github/workflows/testing.yml (1 hunks)
• Makefile (2 hunks)
• app/composer.json (1 hunks)
• app/config/database.php (1 hunks)
• app/phpunit.xml.dist (2 hunks)
• app/src/Bridge/Laravel/Providers/RouteServiceProvider.php (1 hunks)
• app/tests/Bridge/Laravel/Admin/Category/Controllers/CategoryControllerTest.php (1 hunks)

Files skipped from review due to trivial changes (1)

• app/tests/Bridge/Laravel/Admin/Category/Controllers/CategoryControllerTest.php

Files skipped from review as they are similar to previous changes (3)

• .github/workflows/dependency-analysis.yml
• .github/workflows/static-analysis.yml
• Makefile

Additional comments not posted (5)

app/src/Bridge/Laravel/Providers/RouteServiceProvider.php (1)

22-22: Type declaration for constant HOME enhances type safety and is a good practice in modern PHP.

app/phpunit.xml.dist (1)

31-31: Setting DB_CONNECTION to "memory" is appropriate for testing environments and can lead to faster test execution.

.github/workflows/testing.yml (1)

1-93: The testing workflow is well-structured and includes all necessary steps for robust testing. Using a matrix strategy for different PHP versions and dependencies is a good practice.

app/config/database.php (1)

26-32: The addition of the 'memory' database connection is well-configured for use with SQLite's in-memory feature, ideal for testing environments.

app/composer.json (1)

149-154: Setting DB_CONNECTION to "memory" in test scripts is consistent with other configuration changes and supports using an in-memory database for testing.

[coderabbitai]

Actionable comments posted: 0

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c00b143 and 0cee098.

Files selected for processing (4)

• .github/workflows/testing.yml (1 hunks)
• app/composer.json (1 hunks)
• app/config/database.php (1 hunks)
• app/phpunit.xml.dist (2 hunks)

Files skipped from review as they are similar to previous changes (4)

• .github/workflows/testing.yml
• app/composer.json
• app/config/database.php
• app/phpunit.xml.dist

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.36%. Comparing base (5ef9399) to head (3330474).
Report is 17 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff             @@
##             develop     #396   +/-   ##
==========================================
  Coverage      48.36%   48.36%           
  Complexity        48       48           
==========================================
  Files             23       23           
  Lines            122      122           
==========================================
  Hits              59       59           
  Misses            63       63           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0cee098 and 728ed37.

Files selected for processing (5)

• .github/workflows/coding-standards.yml (1 hunks)
• .github/workflows/testing.yml (1 hunks)
• app/composer.json (1 hunks)
• app/config/database.php (1 hunks)
• app/phpunit.xml.dist (2 hunks)

Files skipped from review as they are similar to previous changes (4)

• .github/workflows/testing.yml
• app/composer.json
• app/config/database.php
• app/phpunit.xml.dist

Additional comments not posted (1)

.github/workflows/coding-standards.yml (1)

160-161: Update PHP version and add decimal extension.

The update to PHP version 8.3.7 and the addition of the decimal extension align with the latest PHP standards and requirements for precision arithmetic operations. This is a good practice to ensure the workflow uses the most current and supported PHP features.