deps(deps-dev): update squizlabs/php_codesniffer requirement from ^3.13 to ^3.13 || ^4.0

.github/dependabot.yml

@@ -11,10 +11,10 @@ updates:
     assignees:
       - "frugan-dev"
     commit-message:
-      prefix: "deps"
+      prefix: "chore"
       include: "scope"
     labels:
-      - "dependencies"
+      - "area: dependencies"
 
   # Enable version updates for GitHub Actions
   - package-ecosystem: "github-actions"
@@ -27,8 +27,8 @@ updates:
     assignees:
       - "frugan-dev"
     commit-message:
-      prefix: "ci"
+      prefix: "chore"
       include: "scope"
     labels:
-      - "dependencies"
-      - "github-actions"
+      - "area: dependencies"
+      - "area: ci/cd"

.github/workflows/auto-merge.yml

@@ -5,6 +5,11 @@ on:
     types:
       - opened
       - synchronize
+      - reopened
+
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   auto-merge:
@@ -23,26 +28,64 @@ jobs:
               pull_number: context.issue.number
             });
 
-            // Only auto-merge patch updates
+            // Auto-merge patch and minor updates
             const title = pr.data.title.toLowerCase();
-            const isPatch = title.includes('patch') || 
-                           title.match(/bump .+ from [\d]+\.[\d]+\.[\d]+ to [\d]+\.[\d]+\.[\d]+$/);
+            const isMinorOrPatch = title.includes('patch') || 
+                                  title.includes('minor') || 
+                                  title.match(/bump .+ from [\d]+\.[\d]+\.[\d]+ to [\d]+\.[\d]+\.[\d]+$/);
+
+            console.log('PR Title:', title);
+            console.log('Should merge:', isMinorOrPatch);
 
-            return { shouldMerge: isPatch };
+            return { shouldMerge: isMinorOrPatch };
 
-      - name: Wait for checks
+      - name: Auto-approve Dependabot PR
+        if: fromJSON(steps.pr.outputs.result).shouldMerge
+        run: |
+          gh pr review ${{ github.event.pull_request.number }} --approve --body "Auto-approving dependency update"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Wait for checks (with timeout)
         if: fromJSON(steps.pr.outputs.result).shouldMerge
         uses: fountainhead/action-wait-for-check@v1.2.0
         id: wait-for-checks
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           checkName: 'Tests (PHP 8.4)'
           ref: ${{ github.event.pull_request.head.sha }}
-          timeoutSeconds: 300
+          timeoutSeconds: 600
+        continue-on-error: true
 
-      - name: Auto-merge
-        if: fromJSON(steps.pr.outputs.result).shouldMerge && steps.wait-for-checks.outputs.conclusion == 'success'
+      - name: Check status and merge
+        if: fromJSON(steps.pr.outputs.result).shouldMerge
         run: |
-          gh pr merge ${{ github.event.pull_request.number }} --squash --auto
+          # Get current status
+          STATUS=$(gh pr status ${{ github.event.pull_request.number }} --json statusCheckRollup --jq '.statusCheckRollup[] | select(.name == "Tests (PHP 8.4)") | .conclusion')
+
+          echo "Check status: $STATUS"
+
+          if [ "$STATUS" = "SUCCESS" ] || [ "$STATUS" = "NEUTRAL" ]; then
+            echo "✅ Checks passed, merging PR"
+            gh pr merge ${{ github.event.pull_request.number }} --squash --auto
+          elif [ "$STATUS" = "FAILURE" ]; then
+            echo "❌ Checks failed, not merging"
+            exit 1
+          else
+            echo "⏳ Checks still running or unknown status, enabling auto-merge"
+            gh pr merge ${{ github.event.pull_request.number }} --squash --auto
+          fi
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on failure
+        if: failure()
+        uses: actions/github-script@v8
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '🤖 Auto-merge failed. Please check the CI status and merge manually if appropriate.'
+            });

.github/workflows/main.yml

@@ -79,7 +79,7 @@ jobs:
         run: composer test:coverage
 
       - name: Upload coverage to Codecov
-        if: matrix.php == '8.4'
+        if: matrix.php == '8.4' && secrets.CODECOV_TOKEN != ''
         uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -88,15 +88,16 @@ jobs:
 
       # Alternative
       - name: Upload coverage to Qlty
-        if: matrix.php == '8.4'
+        if: matrix.php == '8.4' && secrets.QLTY_TOKEN != ''
         uses: qltysh/qlty-action/coverage@v2
         with:
           token: ${{ secrets.QLTY_TOKEN }}
           files: ./coverage.xml
+        continue-on-error: true
 
       # Alternative
       #- name: Upload coverage to Scrutinizer
-      #  if: matrix.php == '8.4'
+      #  if: matrix.php == '8.4' && secrets.SCRUTINIZER_ACCESS_TOKEN != ''
       #  uses: scrutinizer-ci/ocular@v1
       #  with:
       #    access-token: ${{ secrets.SCRUTINIZER_ACCESS_TOKEN }}
@@ -162,6 +163,7 @@ jobs:
       # - Enables security-focused code review workflow
       # - Creates security alerts for repository maintainers
       - name: Run Snyk to check for vulnerabilities (PHP)
+        if: secrets.SNYK_TOKEN != ''
         continue-on-error: true
         uses: snyk/actions/php@e2221410bff24446ba09102212d8bc75a567237d
         env:
@@ -170,6 +172,7 @@ jobs:
           args: --severity-threshold=high --sarif-file-output=snyk.sarif --file=composer.lock
 
       - name: Upload Snyk results to GitHub Code Scanning
+        if: hashFiles('snyk.sarif') != ''
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk.sarif

commitlint.config.mjs

@@ -1,6 +1,20 @@
+import { RuleConfigSeverity } from '@commitlint/types';
+import conventionalConfig from '@commitlint/config-conventional';
+
 export default {
   extends: ['@commitlint/config-conventional'],
   ignores: [
     (commit) => /\[skip ci\]/m.test(commit),
   ],
-}
+  rules: {
+    'body-max-line-length': [RuleConfigSeverity.Error, 'always', 150],
+    'type-enum': [
+      RuleConfigSeverity.Error,
+      'always',
+      [
+        ...conventionalConfig.rules['type-enum'][RuleConfigSeverity.Error],
+        'deps', // Add deps for Dependabot
+      ],
+    ],
+  },
+}

composer.json

@@ -44,7 +44,7 @@
         "povils/phpmnd": "^3.6",
         "rector/rector": "^1.2|^2.1",
         "roave/security-advisories": "dev-latest",
-        "squizlabs/php_codesniffer": "^3.13",
+        "squizlabs/php_codesniffer": "^3.13 || ^4.0",
         "vimeo/psalm": "^5.26|^6.13"
     },
     "suggest": {