Skip to content

ci: replace Super-Linter with reusable quality and security workflows, group Dependabot updates, and refresh scaffolded linter and Gitleaks configs.#13

Merged
terabytesoftw merged 2 commits into
mainfrom
ci/replace-super-linter-refresh-metadata-scaffold
Jul 4, 2026
Merged

ci: replace Super-Linter with reusable quality and security workflows, group Dependabot updates, and refresh scaffolded linter and Gitleaks configs.#13
terabytesoftw merged 2 commits into
mainfrom
ci/replace-super-linter-refresh-metadata-scaffold

Conversation

@terabytesoftw

Copy link
Copy Markdown
Contributor

Pull Request

  • Breaking change (fix or feature that would cause existing functionality to change)
  • Bugfix (non-breaking change that fixes an issue)
  • CI/build configuration
  • Documentation update
  • New feature (non-breaking change that adds functionality)
  • Refactoring (no functional changes)

…, group Dependabot updates, and refresh scaffolded linter and Gitleaks configs.
@terabytesoftw terabytesoftw added the bug Something isn't working label Jul 4, 2026
@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@terabytesoftw, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 49 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d3b297dc-3514-431a-83e8-7fe218e4a6fc

📥 Commits

Reviewing files that changed from the base of the PR and between c87f51a and a0a6d41.

📒 Files selected for processing (2)
  • .github/workflows/quality.yml
  • composer.json
📝 Walkthrough

Walkthrough

This PR replaces the super-linter GitHub Actions workflow with new reusable quality and security workflows, expands linter configuration exclusions (codespell, editorconfig-checker, gitleaks) in both root and metadata locations, adds Prettier configuration/ignore files, groups Dependabot updates, and updates README, CHANGELOG, and composer.json accordingly.

Changes

Quality and security CI overhaul

Layer / File(s) Summary
New quality and security workflows
.github/workflows/quality.yml, .github/workflows/security.yml, .github/workflows/linter.yml (removed)
Removes the super-linter workflow and introduces reusable quality and security workflows triggered on push/pull_request, forwarding linter config paths and secrets.
Linter configuration updates
.github/linters/.codespellrc, .github/linters/.editorconfig-checker.json, .github/linters/.gitleaks.toml, metadata/.github/linters/*
Broadens codespell/editorconfig-checker exclusions and simplifies gitleaks config to default rules in both root and scaffolded metadata copies; removes actionlint.yml.
Prettier configuration and ignores
.prettierrc.json, .prettierignore, metadata/.prettierignore
Adds new Prettier formatting rules with YAML/Markdown overrides and populates ignore lists for IDE, coverage, runtime, dependency, and license files.
Dependabot grouping and gitignore
.github/dependabot.yml, .gitignore
Adds cooldown periods and grouped update rules for github-actions/composer ecosystems, plus ignores for AI agent artifacts.
Docs, changelog, and composer metadata
README.md, CHANGELOG.md, composer.json
Updates README badges/file listings, adds a changelog entry, and updates composer.json keywords and allow-plugins config.

Estimated code review effort: 2 (Simple) | ~12 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Contributor
  participant GitHubActions
  participant QualityWorkflow
  participant SecurityWorkflow
  Contributor->>GitHubActions: push or pull_request
  GitHubActions->>QualityWorkflow: reuse quality.yml@v2.0.1 with linter inputs
  GitHubActions->>SecurityWorkflow: reuse security.yml with gitleaks-config and GITLEAKS_LICENSE
Loading

Poem

A rabbit hops through configs new,
Super-linter gone, quality shines through 🐇
Gitleaks defaults, codespell wide,
Prettier settled, cooldowns applied.
Hop, hop, hooray — the pipeline's clean and true!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main CI/configuration changes in this pull request.
Description check ✅ Passed The description is related to the changeset and correctly frames it as a refactoring/CI update.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/replace-super-linter-refresh-metadata-scaffold

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@terabytesoftw

Copy link
Copy Markdown
Contributor Author

@codex review

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/quality.yml:
- Around line 1-32: The quality workflow currently runs on both push and
pull_request without any concurrency control, so rapid updates can queue
redundant jobs. Add a workflow-level concurrency block to
.github/workflows/quality.yml with cancel-in-progress enabled so only the latest
run for the same branch or PR continues. Keep the change near the existing on
and jobs configuration in the quality workflow.

In @.github/workflows/security.yml:
- Around line 1-19: The security workflow can queue duplicate runs because the
security job is triggered by both pull_request and push without any concurrency
control. Update the security workflow to add a concurrency group (similar to
quality.yml) so repeated pushes or PR updates cancel in-flight runs for the same
branch or PR. Use the existing security job/workflow definition in security.yml
as the place to add the concurrency setting.

In `@composer.json`:
- Around line 38-43: The composer allow-plugins entry for
yii2-extensions/scaffold is currently allow-listed without a matching
dependency. Update composer.json by either adding yii2-extensions/scaffold to
require-dev if the vendor/bin/scaffold workflow is needed, or remove the
allow-plugins entry if it is not used. Keep the config section and dependency
declarations in sync so the plugin setting reflects an actual installed package.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: fdbbb275-5151-44a8-9767-8987e621154f

📥 Commits

Reviewing files that changed from the base of the PR and between 4547da6 and c87f51a.

📒 Files selected for processing (18)
  • .github/dependabot.yml
  • .github/linters/.codespellrc
  • .github/linters/.editorconfig-checker.json
  • .github/linters/.gitleaks.toml
  • .github/workflows/linter.yml
  • .github/workflows/quality.yml
  • .github/workflows/security.yml
  • .gitignore
  • .prettierignore
  • .prettierrc.json
  • CHANGELOG.md
  • README.md
  • composer.json
  • metadata/.github/linters/.codespellrc
  • metadata/.github/linters/.editorconfig-checker.json
  • metadata/.github/linters/.gitleaks.toml
  • metadata/.github/linters/actionlint.yml
  • metadata/.prettierignore
💤 Files with no reviewable changes (4)
  • .github/workflows/linter.yml
  • metadata/.github/linters/actionlint.yml
  • .github/linters/.gitleaks.toml
  • metadata/.github/linters/.gitleaks.toml
📜 Review details
🔇 Additional comments (15)
.github/dependabot.yml (1)

5-25: LGTM!

.gitignore (1)

1-4: LGTM!

.github/linters/.codespellrc (1)

2-2: LGTM!

.github/linters/.editorconfig-checker.json (1)

3-7: LGTM!

metadata/.github/linters/.codespellrc (1)

2-2: LGTM!

metadata/.github/linters/.editorconfig-checker.json (1)

3-7: LGTM!

.prettierrc.json (1)

1-22: LGTM!

.prettierignore (1)

1-33: LGTM!

metadata/.prettierignore (1)

1-21: LGTM!

.github/workflows/quality.yml (2)

17-32: LGTM!


8-19: 🔒 Security & Privacy

No change needed contents: read matches the reusable workflow’s requirement.

CHANGELOG.md (1)

10-11: LGTM!

README.md (1)

42-42: LGTM!

Also applies to: 90-93, 113-116

composer.json (1)

15-17: LGTM!

.github/workflows/security.yml (1)

8-19: 🔒 Security & Privacy

contents: read is sufficient here. The reusable security.yml workflow is documented to run with minimal permissions, so pull-requests: write isn’t needed for gitleaks PR comments.

			> Likely an incorrect or invalid review comment.

Comment thread .github/workflows/quality.yml
Comment thread .github/workflows/security.yml
Comment thread composer.json

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c87f51a8dd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/quality.yml
Comment thread metadata/.prettierignore
@terabytesoftw terabytesoftw merged commit e297839 into main Jul 4, 2026
19 checks passed
@terabytesoftw terabytesoftw deleted the ci/replace-super-linter-refresh-metadata-scaffold branch July 4, 2026 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant