Enable PHP 8.4 compat and bump symfony/cache v7

[koriym]

• Add dependabot
• Bump tool dependency
• Bump symfony/cache v7
• Bump doctrine/annotation v2

Summary by CodeRabbit

• New Features

  • Introduced a configuration for managing Composer dependency updates, including weekly checks and an ignore list for specific updates.

• Improvements

  • Updated PHP version in coding standards and static analysis workflows to 8.3.
  • Added PHP version 8.4 to the continuous integration testing matrix.
  • Expanded compatibility for symfony/cache and doctrine/annotations dependencies in composer.json.

These updates enhance dependency management and ensure compatibility with the latest PHP versions.

[coderabbitai]

Warning

Rate limit exceeded

@koriym has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 20 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between d1b439c and 8a9d4ed.

Walkthrough

The changes include the addition of a new configuration file for managing Composer dependency updates, updates to PHP versions in several GitHub Actions workflows, and modifications to dependency version constraints in the composer.json file. The .github/dependabot.yml file specifies a weekly update strategy for Composer packages with an ignore list for certain updates. The workflows for coding standards and static analysis were updated to use PHP version 8.3, while the continuous integration workflow added PHP version 8.4 to its testing matrix. Dependency version constraints were also expanded in the composer.json.

Changes

File	Change Summary
.github/dependabot.yml	Added configuration for Composer dependency updates, specifying update strategy and ignores.
.github/workflows/coding-standards.yml	Updated php_version from 8.2 to 8.3.
.github/workflows/continuous-integration.yml	Added PHP version 8.4 to the testing matrix for the phpunit job.
.github/workflows/static-analysis.yml	Updated php_version from 8.2 to 8.3.
composer.json	Updated version constraints for symfony/cache to include ^v7.1 and for doctrine/annotations to include ^2.0.

Poem

In the garden where code does bloom,
New versions dance, dispelling gloom.
With PHP updates, we hop and play,
Dependencies flourish, come what may!
A patch here, a fix there, all is right,
Coding standards shine, oh what a sight! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (1)

composer.json (1)

Line range hint 11-11: Consider updating PHP version constraint for explicit PHP 8.4 support.

While the current constraint "^7.3 || ^8.0" technically allows PHP 8.4, it's recommended to explicitly specify the upper bound for better clarity and dependency resolution.

-        "php": "^7.3 || ^8.0",
+        "php": "^7.3 || ^8.0 || ~8.4.0",

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 25f510d and d1b439c.

📒 Files selected for processing (5)

• .github/dependabot.yml (1 hunks)
• .github/workflows/coding-standards.yml (1 hunks)
• .github/workflows/continuous-integration.yml (1 hunks)
• .github/workflows/static-analysis.yml (1 hunks)
• composer.json (1 hunks)

🔇 Additional comments (7)

.github/workflows/coding-standards.yml (1)

12-12: LGTM! Verify reusable workflow compatibility.

The update to PHP 8.3 for coding standards is appropriate, as coding standard checks don't necessarily need to run on the latest targeted PHP version (8.4).

Let's verify the compatibility of the reusable workflow with PHP 8.3:

✅ Verification successful

PHP 8.3 is properly supported in the reusable workflow

The reusable workflow from ray-di/.github is being used with PHP 8.3 consistently across both coding-standards.yml and static-analysis.yml workflows, indicating proper version support. The version update is appropriate for coding standards checks.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if the reusable workflow supports PHP 8.3
# Expected: The workflow file should exist and contain PHP version matrix or setup

# Test: Check the reusable workflow content
gh api repos/ray-di/.github/contents/.github/workflows/coding-standards.yml | jq -r '.content' | base64 -d

Length of output: 180

---

Script:

#!/bin/bash
# Let's try a different approach using gh api without base64 decoding
gh api repos/ray-di/.github/contents/.github/workflows/coding-standards.yml

# Alternatively, let's check if we can find any references to PHP versions in the current repository
rg -l "php_version" .github/workflows/

Length of output: 2750

---

Script:

#!/bin/bash
# Let's decode the base64 content manually to verify PHP version support
echo "bmFtZTogQ29kaW5nIFN0YW5kYXJkcwoKb246CiAgcHVzaDoKICAgIHBhdGhz\nLWlnbm9yZToKICAgICAgLSAnKioubWQnCiAgcHVsbF9yZXF1ZXN0OgogIHdv\ncmtmbG93X2Rpc3BhdGNoOgogIHdvcmtmbG93X2NhbGw6Cgpqb2JzOgogIGNv\nZGluZy1zdGFuZGFyZHM6CiAgICBuYW1lOiBDb2RpbmcgU3RhbmRhcmRzCiAg\nICBydW5zLW9uOiB1YnVudHUtbGF0ZXN0CiAgICBzdGVwczoKICAgICAgLSBu\nYW1lOiBDaGVja291dAogICAgICAgIHVzZXM6IGFjdGlvbnMvY2hlY2tvdXRA\ndjMKICAgICAgICB3aXRoOgogICAgICAgICAgZmV0Y2gtZGVwdGg6IDAKCiAg\nICAgIC0gbmFtZTogU2V0dXAgUEhQCiAgICAgICAgdXNlczogc2hpdmFtbWF0\naHVyL3NldHVwLXBocEB2MgogICAgICAgIHdpdGg6CiAgICAgICAgICBwaHAt\ndmVyc2lvbjogIjguMyIKICAgICAgICAgIHRvb2xzOiBjczJwcgogICAgICAg\nICAgY292ZXJhZ2U6IG5vbmUKCiAgICAgIC0gbmFtZTogR2V0IGNvbXBvc2Vy\nIGNhY2hlIGRpcmVjdG9yeQogICAgICAgIGlkOiBjb21wb3Nlci1jYWNoZQog\nICAgICAgIHJ1bjogZWNobyAiZGlyPSQoY29tcG9zZXIgY29uZmlnIGNhY2hl\nLWZpbGVzLWRpcikiID4+ICRHSVRIVUJfT1VUUFVUCgogICAgICAtIG5hbWU6\nIENhY2hlIGRlcGVuZGVuY2llcwogICAgICAgIHVzZXM6IGFjdGlvbnMvY2Fj\naGVAdjMKICAgICAgICB3aXRoOgogICAgICAgICAgcGF0aDogJHt7IHN0ZXBz\nLmNvbXBvc2VyLWNhY2hlLm91dHB1dHMuZGlyIH19CiAgICAgICAgICBrZXk6\nICR7eyBydW5uZXIub3MgfX0tY29tcG9zZXItJHt7IGhhc2hGaWxlcygnKiov\nY29tcG9zZXIubG9jaycpIH19CiAgICAgICAgICByZXN0b3JlLWtleXM6ICR7\neyBydW5uZXIub3MgfX0tY29tcG9zZXItCgogICAgICAtIG5hbWU6IEluc3Rh\nbGwgZGVwZW5kZW5jaWVzCiAgICAgICAgcnVuOiBjb21wb3NlciBpbnN0YWxs\nIC0tbm8taW50ZXJhY3Rpb24gLS1uby1wcm9ncmVzcyAtLXByZWZlci1kaXN0\nCgogICAgICAtIG5hbWU6IFZhbGlkYXRlIGNvbXBvc2VyLmpzb24KICAgICAg\nICBydW46IGNvbXBvc2VyIHZhbGlkYXRlIC0tc3RyaWN0CgogICAgICAtIG5h\nbWU6IFJ1biBQSFBfQ29kZVNuaWZmZXIKICAgICAgICBydW46IC4vdmVuZG9y\nL2Jpbi9waHBjcyAtcSAtLW5vLWNvbG9ycyAtLXJlcG9ydD1jaGVja3N0eWxl\nIHNyYyB0ZXN0cyB8IGNzMnByCg==" | base64 -D

# Also check the PHP version in static-analysis.yml for comparison
cat .github/workflows/static-analysis.yml | grep -A 2 "php-version"

Length of output: 1803

---

Script:

#!/bin/bash
# Let's try a simpler approach to check both workflow files
cat .github/workflows/coding-standards.yml
cat .github/workflows/static-analysis.yml

Length of output: 485

.github/workflows/static-analysis.yml (1)

12-12: Verify PHP version choice for static analysis.

While the PR aims for PHP 8.4 compatibility and the CI workflow includes PHP 8.4 testing, this workflow uses PHP 8.3. Consider:

1. Are the static analysis tools compatible with PHP 8.4?
2. If they are compatible, should this workflow also use PHP 8.4 to catch potential PHP 8.4-specific issues?

Let's check the static analysis tools compatibility:

If the tools support PHP 8.4, consider:

1. Updating this workflow to use PHP 8.4
2. Or running static analysis with both PHP 8.3 and 8.4 in parallel jobs to ensure compatibility across versions

✅ Verification successful

Let me check the official compatibility information for these tools.

---

Keep PHP 8.3 for static analysis workflow

The current setup using PHP 8.3 for static analysis is appropriate. Here's why:

• PHPStan (the main static analyzer used) version ^1.9 is being used, which officially supports up to PHP 8.3
• PHP 8.4 is still in development/alpha stage and static analysis tools haven't announced full support yet
• Running static analysis on PHP 8.3 while testing against PHP 8.4 in CI is a good practice as it ensures code quality using stable tooling while verifying runtime compatibility with the upcoming version

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check composer.json for static analysis tools and their version constraints
rg -A 5 '"require-dev"' | rg -A 10 'phpstan|psalm|phan'

Length of output: 7537

---

Script:

#!/bin/bash
# Check composer.json for PHP version constraints
rg '"php":|"php-64bit":|"php-32bit":' composer.json

# Check if there's any PHPStan configuration file that might have PHP version settings
fd -e neon -x cat {} \; 

Length of output: 169

.github/dependabot.yml (2)

8-11: LGTM on basic configuration.

The weekly interval and package ecosystem settings are appropriate for a PHP project.

---

15-16: Verify PHPUnit compatibility requirements.

Given the PR's objective of PHP 8.4 compatibility, we should verify if blocking major PHPUnit updates could affect testing capabilities with PHP 8.4.

✅ Verification successful

Let me analyze the current PHPUnit version constraints and their PHP compatibility based on the output.

The first command will help us understand the PHP version requirements in the project, and the second command will show us any PHP-specific test configurations. This will help us determine if blocking major PHPUnit updates could affect testing capabilities with PHP 8.4.

---

Blocking major PHPUnit updates is safe and recommended

From the analysis of the codebase:

• The project currently uses PHPUnit ^9.5.28 as specified in require-dev
• The test suite already has PHP version-specific test directories (7.4+ and 8.0+)
• There are no PHP 8.4-specific test configurations that would require newer PHPUnit versions
• PHPUnit 9.x series is widely used across dependencies and has broad PHP version compatibility

Blocking major version updates through dependabot is a good practice as it:

• Prevents unexpected breaking changes in the test suite
• Maintains consistency with the existing PHP version-specific test structure
• Allows for manual review of major version upgrades which might require test adaptations

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check current PHPUnit version constraints and their PHP compatibility
rg -l "phpunit/phpunit" | xargs cat | grep -A 5 -B 5 "phpunit/phpunit"

Length of output: 9364

---

Script:

#!/bin/bash
# Check PHP version requirements in composer.json
rg -l "composer.json" | xargs cat | grep -A 5 -B 5 '"php":'

# Check if there are any PHP 8.4 specific test configurations
rg -l "phpunit.xml" | xargs cat

Length of output: 858

.github/workflows/continuous-integration.yml (2)

Line range hint 1-89: Verify service compatibility with PHP 8.4.

The workflow uses memcached and redis services. We should verify that the PHP extensions for these services are available and compatible with PHP 8.4.

Let's check the extension compatibility:

#!/bin/bash
# Description: Search for any issues or discussions about PHP 8.4 compatibility with memcached and redis extensions

# Test: Look for extension version constraints in composer.json
rg -l 'ext-(memcache|redis)' composer.json

# Test: Check if there are any conditional extension loading based on PHP version
rg -l 'extension.*memcache|redis' .github/workflows/

---

35-35: Consider PHP 8.4 compatibility implications.

Adding PHP 8.4 to the test matrix is forward-thinking, but since PHP 8.4 is still in development, there are some considerations:

1. Some extensions or tools might not be fully compatible yet
2. The build might be unstable due to the pre-release nature of PHP 8.4

Let's verify the compatibility of required extensions and tools:

Consider these recommendations:

1. Add continue-on-error: true for PHP 8.4 matrix entry to prevent blocking other stable versions
2. Add a comment indicating this is pre-release support
3. Document any known limitations or issues with PHP 8.4 in the README

Example implementation:

        php-version:
          - '7.3'
          - '7.4'
          - '8.0'
          - '8.1'
          - '8.2'
          - '8.3'
-          - '8.4'
+          - '8.4' # Pre-release support
        dependencies:
          - lowest
          - highest
+    continue-on-error: ${{ matrix.php-version == '8.4' }}

composer.json (1)

16-16: LGTM! Good addition of doctrine/annotations v2.0 support.

The addition of ^2.0 for doctrine/annotations is appropriate and maintains backward compatibility while supporting newer versions.