fix(docs): Update workflows and documentation for improved CI/CD processes and feature clarity.

[terabytesoftw]

Q	A
Is bugfix	✔️
New feature	❌
Breaks BC	❌

Summary by CodeRabbit

• Documentation

  • Added Code of Conduct, updated README visuals/badges, refreshed CHANGELOG date/entry, consolidated license to BSD-3-Clause, added funding and template docs.

• Chores

  • Standardized editor settings, updated .gitignore, improved issue/PR templates, refined dependency update config, and updated CI workflow configurations and lint rules.

• Style

  • Added stylelint config and modernized CSS pseudo-element syntax.

• Enhancements

  • Improved theme toggle with system-theme support, persistence, and accessible UI updates.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (f1780db) to head (7f6ac8c).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##                main      #197   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         7         7           
===========================================
  Files             12        12           
  Lines            172       172           
===========================================
  Hits             172       172           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Warning

Rate limit exceeded

@terabytesoftw has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 2 minutes and 36 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 466abe3 and 7f6ac8c.

📒 Files selected for processing (13)

• .editorconfig (1 hunks)
• .github/dependabot.yml (1 hunks)
• .github/workflows/ecs.yml (1 hunks)
• CHANGELOG.md (1 hunks)
• README.md (8 hunks)
• docs/configuration.md (2 hunks)
• docs/installation.md (2 hunks)
• src/framework/resource/js/toggle-theme.js (1 hunks)
• tests/Acceptance.suite.yml (1 hunks)
• tests/Functional.suite.yml (1 hunks)
• tests/Unit.suite.yml (1 hunks)
• tests/_envs/dockerized.yml (1 hunks)
• tests/_envs/php-builtin.yml (1 hunks)

Walkthrough

Adds and standardizes repo metadata, community templates, linting config, CI workflow anchors/permissions and action sources; updates editorconfig and .gitignore; replaces license file; refreshes README/CHANGELOG; and refactors theme toggle JS and CSS pseudo-element syntax.

Changes

Cohort / File(s)	Summary of Changes
Editor & ignore \.editorconfig, \.gitignore	Update indent_style to space; add PHP/Markdown/YAML EditorConfig options; add LICENSE* unset entries; remove /config/.merge-plan.php from .gitignore and add copilot.
License Added/Removed LICENSE, LICENSE.md	Add LICENSE (BSD-3-Clause with SPDX header); delete LICENSE.md.
Community & templates .github/CODE_OF_CONDUCT.md, .github/FUNDING.yml, .github/ISSUE_TEMPLATE.md, .github/PULL_REQUEST_TEMPLATE.md	Add Code of Conduct and FUNDING; reformat issue and PR templates (heading levels, ordering, table/placeholder adjustments).
Dependabot .github/dependabot.yml	Reformat to list entries; add daily schedules for Actions and Composer; set Composer versioning-strategy: increase-if-necessary; remove open-pull-requests-limit.
Linter rules / config .github/linters/actionlint.yml, .stylelintrc.json	Add actionlint ignore rules for workflow alias/mapping messages; add Stylelint config extending standard and require double-colon pseudo-element notation.
CI workflows .github/workflows/* \.github/workflows/build.yml, dependency-check.yml, ecs.yml, static.yml, linter.yml	Standardize triggers using shared &ignore-paths anchor; add permissions blocks (contents/read, pull-requests/write, checks/statuses as applicable); swap many external action refs from php-forge/actions/... to yii2-framework/actions/...; add/adjust job inputs (Codeception: command, coverage-file, extensions; phpstan: hook); add new linter workflow using yii2-framework/actions@v1.
Docs & changelog CHANGELOG.md, README.md	Update CHANGELOG date and add bug entry; overhaul README badges, hero/feature imagery, copy, and license/badge styling.
Assets & UI src/framework/resource/css/site.css, src/framework/resource/js/toggle-theme.js	CSS: migrate single-colon pseudo-elements to double-colon and formatting tweaks. JS: refactor theme toggle into compact module with stored-preference handling, system-preference (matchMedia), unified UI updates, and new event listeners (including custom theme-toggle button).
Misc small edits composer-require-checker.json, composer.json, web/robots.txt, CHANGELOG.md	Minor formatting/whitespace tweaks, small JSON/Composer formatting, robots.txt newline trim, changelog date/entry update.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Events
  participant WF as Workflows
  participant ACT as External Actions (yii2-framework/actions)
  participant Repo as Repository
  Dev->>GH: Push / Open PR
  GH->>WF: Trigger workflows (uses &ignore-paths anchor)
  WF->>WF: Apply permissions (contents:read, pull-requests:write, checks/status)
  alt Lint & Static checks
    WF->>ACT: Run ECS / PHPStan (phpstan may run hook: vendor/bin/codecept build)
    ACT-->>WF: Analysis results
  end
  alt Tests
    WF->>ACT: Run Codeception (command, coverage-file, extensions)
    ACT-->>WF: Test results
  end
  WF-->>Repo: Update PR statuses / checks

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix(build): Update Docker commands and badge links in README.md for accurate workflow status. #184 — Modifies .github/workflows/build.yml; overlaps CI workflow trigger/inputs and badge/README updates.
• feature(app): Implement FrankenPHP classic stack. #187 — Also changes the build workflow’s Codeception job and its implementation; likely touches same CI concerns.
• Refactor namespaces standard Yii2. #87 — Refactors UI/theme code under src/framework/resource; related to the toggle-theme.js and CSS edits.

Poem

I nibble keys and tidy code,
Anchors stitched and badges glowed.
Licenses set, linters cheer,
Theme that flips from far to near.
Hop—commit, deploy, and go! 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately summarizes the primary changes in this pull request, which focus on updating documentation and CI/CD workflows to improve processes and clarity. It clearly conveys the scope without unnecessary detail or generic phrasing, making it easy for reviewers to understand the main intent at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (1)

.github/workflows/linter.yml (1)

2-4: Consider limiting the push trigger scope.

With both pull_request and unrestricted push triggers, commits on PR branches will run this workflow twice (once per event). To reduce redundant runs and conserve CI minutes, consider scoping push to the main branch (or a small set of release branches).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 99c1836 and 7142cec.

📒 Files selected for processing (17)

• .editorconfig (1 hunks)
• .github/CODE_OF_CONDUCT.md (1 hunks)
• .github/FUNDING.yml (1 hunks)
• .github/ISSUE_TEMPLATE.md (1 hunks)
• .github/PULL_REQUEST_TEMPLATE.md (1 hunks)
• .github/dependabot.yml (1 hunks)
• .github/linters/actionlint.yml (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/dependency-check.yml (1 hunks)
• .github/workflows/ecs.yml (1 hunks)
• .github/workflows/linter.yml (1 hunks)
• .github/workflows/static.yml (1 hunks)
• .gitignore (1 hunks)
• CHANGELOG.md (1 hunks)
• LICENSE (1 hunks)
• LICENSE.md (0 hunks)
• README.md (5 hunks)

💤 Files with no reviewable changes (1)

• LICENSE.md

🧰 Additional context used

🧠 Learnings (8)

📚 Learning: 2025-08-31T15:34:39.060Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#142
File: README.md:0-0
Timestamp: 2025-08-31T15:34:39.060Z
Learning: In yii2-extensions/app-basic project, the dev-road-runner branch is treated as the main configuration branch with no stable releases available. Static badges pointing to dev branches are intentionally used to direct users to the development version.

Applied to files:

• README.md

📚 Learning: 2025-07-09T14:52:41.210Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#97
File: docs/installation.md:5-8
Timestamp: 2025-07-09T14:52:41.210Z
Learning: The Yii2 framework has multiple active branches including the 2.0.x branch (maintenance/LTS) and the 22.0 branch (development). When specifying version requirements, "2.0.53+ or 22.x" is accurate and should not be changed to only reference the 2.x branch.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:23:37.645Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/init.sh:26-49
Timestamp: 2025-09-02T15:23:37.645Z
Learning: The yii2-extensions/app-basic repository is a demo template where practical functionality and ease of setup take priority over security hardening measures.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:21:03.207Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/apache/Dockerfile:27-35
Timestamp: 2025-09-02T15:21:03.207Z
Learning: In yii2-extensions/app-basic, this is a demo template where simplicity and ease of use are prioritized over production-grade security hardening. Security trade-offs like using curl | bash for Node.js installation are acceptable for demonstration purposes.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:20:17.124Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: config/web/modules.php:14-15
Timestamp: 2025-09-02T15:20:17.124Z
Learning: In the yii2-extensions/app-basic repository, this is a demo template where permissive development settings like allowedIPs => ['*'] for debug and gii modules are acceptable for ease of setup and demonstration purposes.

Applied to files:

• README.md

📚 Learning: 2025-09-02T09:36:57.071Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#166
File: .github/workflows/build.yml:31-33
Timestamp: 2025-09-02T09:36:57.071Z
Learning: The yii2-extensions/app-basic repository is a demo template that includes pre-generated SSL certificates using mkcert, designed to provide a "one-click" transparent demo experience for users.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:23:30.956Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/init.sh:1-1
Timestamp: 2025-09-02T15:23:30.956Z
Learning: In yii2-extensions/app-basic repository, the maintainer terabytesoftw prefers to keep demo template scripts simple without additional bash safety measures like strict mode (set -Eeuo pipefail), as they consider different quality standards appropriate for demo/template code versus production code.

Applied to files:

• README.md

📚 Learning: 2025-08-31T15:29:19.131Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#142
File: docs/installation.md:21-23
Timestamp: 2025-08-31T15:29:19.131Z
Learning: In yii2-extensions/app-basic project, the composer.json file has "minimum-stability": "dev" configured, which allows Composer to install dev versions automatically without requiring --stability=dev flag in create-project commands.

Applied to files:

• README.md

🪛 actionlint (1.7.7)

.github/workflows/build.yml

11-11: "push" section is alias node but mapping node is expected

(syntax-check)

.github/workflows/dependency-check.yml

11-11: "push" section is alias node but mapping node is expected

(syntax-check)

.github/workflows/static.yml

11-11: "push" section is alias node but mapping node is expected

(syntax-check)

.github/workflows/ecs.yml

11-11: "push" section is alias node but mapping node is expected

(syntax-check)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: linter / Super Linter
• GitHub Check: linter / Super Linter

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/framework/resource/js/toggle-theme.js (2)

19-21: Extract repeated media query to a constant.

The media query string "(prefers-color-scheme: dark)" is repeated multiple times (lines 19, 28, 86). This violates the DRY principle and makes maintenance harder.

Apply this diff to extract the media query:

 (() => {
     "use strict";
 
+    const DARK_MODE_MEDIA_QUERY = "(prefers-color-scheme: dark)";
+
     const getStoredTheme = () => localStorage.getItem("theme");

Then replace all occurrences:

-        return window.matchMedia("(prefers-color-scheme: dark)").matches
+        return window.matchMedia(DARK_MODE_MEDIA_QUERY).matches

-                window.matchMedia("(prefers-color-scheme: dark)").matches
+                window.matchMedia(DARK_MODE_MEDIA_QUERY).matches

-                        ? window.matchMedia("(prefers-color-scheme: dark)")
-                              .matches
+                        ? window.matchMedia(DARK_MODE_MEDIA_QUERY).matches

-        .matchMedia("(prefers-color-scheme: dark)")
+        .matchMedia(DARK_MODE_MEDIA_QUERY)

Also applies to: 28-30, 86-89

---

84-90: Extract effective theme calculation to reduce duplication.

The logic for determining the effective theme when theme === "auto" is duplicated from the setTheme function (lines 25-31). Consider extracting this to a helper function.

const getEffectiveTheme = (theme) => {
    if (theme === "auto") {
        return window.matchMedia(DARK_MODE_MEDIA_QUERY).matches
            ? "dark"
            : "light";
    }
    return theme;
};

Then update both locations to use this helper:

// In setTheme:
document.documentElement.setAttribute("data-bs-theme", getEffectiveTheme(theme));

// In showActiveTheme:
const effectiveTheme = getEffectiveTheme(theme);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b53a45 and a4dbae0.

📒 Files selected for processing (2)

• src/framework/resource/css/site.css (1 hunks)
• src/framework/resource/js/toggle-theme.js (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/framework/resource/css/site.css

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: codeception / PHP 8.3-windows-2022
• GitHub Check: codeception / PHP 8.2-windows-2022
• GitHub Check: phpstan / PHP 8.4-ubuntu-latest
• GitHub Check: linter / Super Linter
• GitHub Check: composer-require-checker / PHP 8.4-ubuntu-latest
• GitHub Check: easy-coding-standard / PHP 8.4-ubuntu-latest
• GitHub Check: linter / Super Linter

🔇 Additional comments (2)

src/framework/resource/js/toggle-theme.js (2)

37-37: LGTM: Early theme application prevents FOUC.

Setting the theme before DOMContentLoaded is intentional and correct. This prevents a flash of unstyled content by applying the theme as early as possible. The document.documentElement is always available at this point in script execution.

---

103-138: LGTM: Event listener setup is well-structured.

The event listeners are properly organized:

• System preference change listener correctly updates the theme only when no explicit user preference is stored
• DOMContentLoaded ensures DOM is ready before attaching handlers
• Both Bootstrap and custom theme toggle handlers correctly persist and apply theme changes

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4dbae0 and 466abe3.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .editorconfig (1 hunks)
• README.md (8 hunks)
• composer-require-checker.json (1 hunks)
• composer.json (1 hunks)
• web/robots.txt (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• composer-require-checker.json
• web/robots.txt
• composer.json

🚧 Files skipped from review as they are similar to previous changes (1)

• .editorconfig

🧰 Additional context used

🧠 Learnings (7)

📚 Learning: 2025-09-02T15:21:03.207Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/apache/Dockerfile:27-35
Timestamp: 2025-09-02T15:21:03.207Z
Learning: In yii2-extensions/app-basic, this is a demo template where simplicity and ease of use are prioritized over production-grade security hardening. Security trade-offs like using curl | bash for Node.js installation are acceptable for demonstration purposes.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:23:37.645Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/init.sh:26-49
Timestamp: 2025-09-02T15:23:37.645Z
Learning: The yii2-extensions/app-basic repository is a demo template where practical functionality and ease of setup take priority over security hardening measures.

Applied to files:

• README.md

📚 Learning: 2025-09-02T09:36:57.071Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#166
File: .github/workflows/build.yml:31-33
Timestamp: 2025-09-02T09:36:57.071Z
Learning: The yii2-extensions/app-basic repository is a demo template that includes pre-generated SSL certificates using mkcert, designed to provide a "one-click" transparent demo experience for users.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:20:17.124Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: config/web/modules.php:14-15
Timestamp: 2025-09-02T15:20:17.124Z
Learning: In the yii2-extensions/app-basic repository, this is a demo template where permissive development settings like allowedIPs => ['*'] for debug and gii modules are acceptable for ease of setup and demonstration purposes.

Applied to files:

• README.md

📚 Learning: 2025-08-31T15:34:39.060Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#142
File: README.md:0-0
Timestamp: 2025-08-31T15:34:39.060Z
Learning: In yii2-extensions/app-basic project, the dev-road-runner branch is treated as the main configuration branch with no stable releases available. Static badges pointing to dev branches are intentionally used to direct users to the development version.

Applied to files:

• README.md

📚 Learning: 2025-09-02T15:23:30.956Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#170
File: docker/init.sh:1-1
Timestamp: 2025-09-02T15:23:30.956Z
Learning: In yii2-extensions/app-basic repository, the maintainer terabytesoftw prefers to keep demo template scripts simple without additional bash safety measures like strict mode (set -Eeuo pipefail), as they consider different quality standards appropriate for demo/template code versus production code.

Applied to files:

• README.md

📚 Learning: 2025-08-31T15:29:19.131Z

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#142
File: docs/installation.md:21-23
Timestamp: 2025-08-31T15:29:19.131Z
Learning: In yii2-extensions/app-basic project, the composer.json file has "minimum-stability": "dev" configured, which allows Composer to install dev versions automatically without requiring --stability=dev flag in create-project commands.

Applied to files:

• README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: easy-coding-standard / PHP 8.4-ubuntu-latest
• GitHub Check: phpstan / PHP 8.4-ubuntu-latest
• GitHub Check: codeception / PHP 8.2-windows-2022
• GitHub Check: linter / Super Linter
• GitHub Check: composer-require-checker / PHP 8.4-ubuntu-latest
• GitHub Check: phpstan / PHP 8.4-ubuntu-latest
• GitHub Check: linter / Super Linter