feat: Add mutation testing configuration and update PHPUnit schema location.

[terabytesoftw]

Q	A
Is bugfix?	✔️
New feature?	❌
Breaks BC?	❌

Summary by CodeRabbit

• Chores
  • Added a new workflow to automate mutation testing on pull requests and pushes, excluding documentation and config-only changes.
  • Integrated Infection mutation testing tool as a development dependency and added a script for running mutation tests.
  • Updated mutation testing configuration for improved organization and settings.
  • Changed PHPUnit configuration to use a local schema file for validation.
• Tests
  • Added tests to verify correct adjustment of nested set attributes after deleting nodes, including nodes with children.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (79edce5) to head (e73830d).

Additional details and impacted files

@@             Coverage Diff             @@
##                main       #12   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
- Complexity        88        91    +3     
===========================================
  Files              2         2           
  Lines            465       467    +2     
===========================================
+ Hits             465       467    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

A new GitHub Actions workflow for mutation testing was introduced, utilizing a reusable workflow and secret management. The Infection mutation testing tool was added as a development dependency with corresponding composer scripts and plugin configuration. The infection configuration file was reorganized and updated, and the PHPUnit XML schema reference was changed to a local file path. Two new tests were added to verify correct left/right attribute shifting after node deletions in nested sets.

Changes

File(s)	Change Summary
.github/workflows/mutation.yml	Added new workflow for mutation testing using a reusable workflow and secret.
composer.json	Added allowed Infection plugin and new mutation script in scripts.
infection.json5	Added $schema, moved "source" below "logs", removed "mutators" section, added "phpStan" config.
phpunit.xml.dist	Changed PHPUnit schema reference from remote URL to local vendor path.
tests/NestedSetsBehaviorTest.php	Added two test methods verifying left/right attribute shifts after deleting nodes in nested sets.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant GitHub Actions
    participant Reusable Workflow (php-forge/actions)
    participant Infection Tool

    Developer->>GitHub Actions: Push or Pull Request (excluding docs/config)
    GitHub Actions->>Reusable Workflow (php-forge/actions): Trigger infection.yml workflow<br/>Pass STRYKER_DASHBOARD_API_KEY
    Reusable Workflow->>Infection Tool: Run mutation tests with provided config and scripts
    Infection Tool-->>Reusable Workflow: Mutation test results
    Reusable Workflow-->>GitHub Actions: Report status

Loading

Possibly related PRs

• refactor: Raise code coverage 100%. #11: Adds multiple test methods for NestedSetsBehaviorTest class covering other behaviors like deleteWithChildren() and makeRoot(), related by test class but distinct functionality.

Poem

A bunny hops through code anew,
With mutants lurking in the dew.
Composer scripts and workflows run,
Infection tests—no place to shun!
Local schemas guide the way,
Mutation strong, no bugs today—
The rabbit cheers, "Let’s test and play!" 🐇

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

composer.json (1)

53-53: Reevaluate 100% mutation score thresholds

Enforcing both --min-msi=100 and --min-covered-msi=100 will require a perfect mutation score on every run, which may be unachievable and risk breaking your CI. Before locking these values in:

• Install dev dependencies and measure your current baseline:

composer install  
./vendor/bin/infection --threads=4 --ignore-msi-with-no-mutations --only-covered --dry-run

• If your current mutation score is below 100%, consider setting more attainable thresholds (for example, 90–95%) and incrementally raising them over time.

File to review:

• composer.json → scripts.mutation

infection.json5 (1)

14-14: Evaluate the 45-second timeout in infection.json5

• Location: infection.json5 (line 14)
• Current setting: "timeout": 45

A 45 second timeout may be too low on larger test suites or slower CI agents. Please run your local mutation tests using the Infection binary to confirm there are no timeout failures:

./vendor/bin/infection \
  --threads=4 \
  --ignore-msi-with-no-mutations \
  --only-covered \
  --verbose

If you encounter timeout errors, consider increasing this value (e.g., to 60 or 120 seconds).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7a35dd and c3916ea.

📒 Files selected for processing (4)

• .github/workflows/mutation.yml (1 hunks)
• composer.json (2 hunks)
• infection.json5 (1 hunks)
• phpunit.xml.dist (1 hunks)

🔇 Additional comments (7)

phpunit.xml.dist (1)

4-4: Verify PHPUnit schema path

Great improvement—using the local PHPUnit schema makes your configuration self-contained and supports offline development. Please confirm that, after installing dependencies, the schema file exists at the specified path and matches your PHPUnit version:

composer install
ls vendor/phpunit/phpunit/phpunit.xsd
vendor/bin/phpunit --version

If the file lives in a different location or the version differs, update phpunit.xml.dist accordingly.

composer.json (2)

18-18: LGTM: Infection dependency addition.

The version constraint ^0.27|^0.29 covers recent stable versions of Infection, which is appropriate for a mutation testing setup.

---

45-45: LGTM: Required plugin allowance for Infection.

Adding infection/extension-installer to allowed plugins is necessary for Infection to function properly with Composer.

infection.json5 (2)

2-2: Good addition of schema reference.

Adding the $schema reference enables better IDE support and validation for the Infection configuration file.

---

9-13: LGTM: Source directory configuration.

The source configuration correctly points to the src directory where the main code is located.

.github/workflows/mutation.yml (2)

1-17: LGTM: Appropriate trigger configuration.

The workflow triggers are well-configured:

• Runs on both pull requests and pushes for comprehensive coverage
• Path ignores appropriately exclude documentation and configuration files that don't affect code quality

---

21-24: Verify reusable workflow source and secret configuration

Please manually confirm the following before merging:

• The php-forge/actions/.github/workflows/infection.yml@main workflow exists in a trusted, well-maintained repository (verify the repo’s URL, ownership and activity).
• The STRYKER_DASHBOARD_API_KEY secret is correctly defined under your repository’s Settings → Secrets.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/mutation.yml (1)

1-18: Consider adding workflow_dispatch for manual runs and restricting default token scope

A manual trigger is handy when you want to re-run mutation tests after tweaking only workflow files or secrets.
Additionally, GitHub now defaults the GITHUB_TOKEN to write scope; explicitly limiting it reduces blast-radius.

 on:
   pull_request:
     paths-ignore:
@@
   push:
     paths-ignore:
       - '.gitattributes'
+
+  # Allow maintainers to start the job ad-hoc
+  workflow_dispatch:

+# Restrict default token permissions (adjust if the reused workflow needs more)
+permissions:
+  contents: read
+  pull-requests: read

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1dbbb17 and d039c60.

📒 Files selected for processing (3)

• .github/workflows/mutation.yml (1 hunks)
• composer.json (2 hunks)
• infection.json5 (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• infection.json5
• composer.json

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: mutation / PHP 8.4-ubuntu-latest
• GitHub Check: mutation / PHP 8.4-ubuntu-latest

🔇 Additional comments (1)

.github/workflows/mutation.yml (1)

20-28: Secret won’t be available on forked PRs – expect false negatives

STRYKER_DASHBOARD_API_KEY is injected for the pull_request event, but GitHub withholds repository secrets on workflows triggered from forks.
The job will therefore fail (or the upload step in the reusable workflow will) whenever a contributor opens a PR from a fork.

Options:

1. Remove the secret for pull_request runs and upload results only on push to protected branches.
2. Switch to pull_request_target (with great care for security).
3. Make the upload step conditional on the secret’s presence (if: env.STRYKER_DASHBOARD_API_KEY != '' inside the reusable workflow).

Please verify the intended behaviour and adjust accordingly.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/mutation.yml (2)

1-17: Avoid duplicating identical paths-ignore sections.

Both the pull_request and push triggers declare the same paths-ignore list. You can reduce duplication and future maintenance cost by defining the list once and re-using it via YAML anchors/aliases.

Example refactor:

paths-ignore: &docs-ignore
  - 'docs/**'
  - 'README.md'
  - 'CHANGELOG.md'
  - '.gitignore'
  - '.gitattributes'

on:
  pull_request:
    paths-ignore: *docs-ignore
  push:
    paths-ignore: *docs-ignore

---

20-27: Consider adding a concurrency key to cancel obsolete runs.

Mutation testing can be slow; cancelling outdated runs (e.g. when a force-push occurs) saves CI minutes:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Place this at the top level of the workflow file.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d039c60 and fd62276.

📒 Files selected for processing (2)

• .github/workflows/mutation.yml (1 hunks)
• composer.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• composer.json

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: mutation / PHP 8.4-ubuntu-latest
• GitHub Check: mutation / PHP 8.4-ubuntu-latest

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd62276 and d885491.

📒 Files selected for processing (1)

• tests/NestedSetsBehaviorTest.php (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

tests/NestedSetsBehaviorTest.php (3)

tests/TestCase.php (1)

• generateFixtureTree (168-202)

tests/support/model/Tree.php (1)

• Tree (17-64)

src/NestedSetsBehavior.php (2)

• isLeaf (719-723)
• deleteWithChildren (519-541)

🪛 PHPMD (2.15.0)

tests/NestedSetsBehaviorTest.php

1628-1628: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftsLeftRightAttributesCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1635-1635: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftsLeftRightAttributesCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1636-1636: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftsLeftRightAttributesCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1637-1637: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftsLeftRightAttributesCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1653-1653: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftsLeftRightAttributesCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1673-1673: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftStartsAtCorrectPosition'. (Clean Code Rules)

(StaticAccess)

---

1679-1679: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftStartsAtCorrectPosition'. (Clean Code Rules)

(StaticAccess)

---

1680-1680: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftStartsAtCorrectPosition'. (Clean Code Rules)

(StaticAccess)

---

1681-1681: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftStartsAtCorrectPosition'. (Clean Code Rules)

(StaticAccess)

---

1696-1696: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testAfterDeleteShiftStartsAtCorrectPosition'. (Clean Code Rules)

(StaticAccess)

---

1724-1724: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testDeleteWithChildrenShiftsCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1730-1730: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testDeleteWithChildrenShiftsCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1739-1739: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testDeleteWithChildrenShiftsCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1740-1740: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testDeleteWithChildrenShiftsCorrectly'. (Clean Code Rules)

(StaticAccess)

---

1741-1741: Avoid using static access to class '\yii2\extensions\nestedsets\tests\support\model\Tree' in method 'testDeleteWithChildrenShiftsCorrectly'. (Clean Code Rules)

(StaticAccess)

🪛 GitHub Actions: ecs

tests/NestedSetsBehaviorTest.php

[warning] 1708-1719: PhpCsFixer: TrailingCommaInMultilineFixer detected missing trailing commas in multiline function calls. Run 'vendor/bin/ecs check --fix' to apply fixes.

⏰ Context from checks skipped due to timeout of 90000ms (18)

• GitHub Check: phpunit / PHP 8.3-windows-latest
• GitHub Check: phpunit / PHP 8.1-windows-latest
• GitHub Check: phpunit / PHP 8.1-ubuntu-latest
• GitHub Check: phpunit-compatibility / PHP 8.3-windows-latest
• GitHub Check: phpunit / PHP 8.2-windows-latest
• GitHub Check: phpunit / PHP 8.4-ubuntu-latest
• GitHub Check: phpunit-compatibility / PHP 8.1-ubuntu-latest
• GitHub Check: phpunit-compatibility / PHP 8.1-windows-latest
• GitHub Check: phpunit-compatibility / PHP 8.2-ubuntu-latest
• GitHub Check: phpunit-compatibility / PHP 8.4-windows-latest
• GitHub Check: phpunit-compatibility / PHP 8.2-windows-latest
• GitHub Check: mutation / PHP 8.4-ubuntu-latest
• GitHub Check: phpunit / PHP 8.2-windows-latest
• GitHub Check: phpunit / PHP 8.4-windows-latest
• GitHub Check: phpunit / PHP 8.1-windows-latest
• GitHub Check: phpunit-compatibility / PHP 8.2-windows-latest
• GitHub Check: phpunit-compatibility / PHP 8.1-windows-latest
• GitHub Check: mutation / PHP 8.4-ubuntu-latest

🔇 Additional comments (3)

tests/NestedSetsBehaviorTest.php (3)

1624-1667: Well-structured test for leaf node deletion!

The test correctly verifies the nested set attribute adjustments after deleting a leaf node. The shift calculations are accurate according to the nested sets algorithm.

---

1669-1718: Excellent test coverage with tree integrity validation!

The test not only verifies the correct shifting of left/right attributes but also includes containment assertions to ensure child nodes remain within their parent's bounds after deletion. This is a best practice for nested set testing.

---

1720-1747: Comprehensive test for subtree deletion!

The test properly validates the deleteWithChildren() method by confirming that all nodes in the subtree are removed and subsequent nodes shift by the correct amount (width of the deleted subtree).

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

tests/NestedSetsBehaviorTest.php (1)

1722-1748: Fix missing trailing commas in multiline assertion calls.

The pipeline detected missing trailing commas in the assertion calls. This is a code style requirement that needs to be fixed.

Apply this diff to fix the formatting:

                if ($oldLft > $rightValueBeforeDelete) {
                    self::assertEquals(
                        $oldLft - 2,
                        $node->lft,
-                        "Node $i left should be shifted when > deleted right"
+                        "Node $i left should be shifted when > deleted right",
                    );
                } else {
                    self::assertEquals(
                        $oldLft,
                        $node->lft,
-                        "Node $i left should NOT be shifted when <= deleted right"
+                        "Node $i left should NOT be shifted when <= deleted right",
                    );
                }

                if ($oldRgt > $rightValueBeforeDelete) {
                    self::assertEquals(
                        $oldRgt - 2,
                        $node->rgt,
-                        "Node $i right should be shifted when > deleted right"
+                        "Node $i right should be shifted when > deleted right",
                    );
                } else {
                    self::assertEquals(
                        $oldRgt,
                        $node->rgt,
-                        "Node $i right should NOT be shifted when <= deleted right"
+                        "Node $i right should NOT be shifted when <= deleted right",
                    );
                }

🧹 Nitpick comments (1)

tests/NestedSetsBehaviorTest.php (1)

1721-1747: Consider simplifying by removing else expressions.

The logic is correct, but you can simplify the code by eliminating the else clauses as suggested by PHPMD.

Here's a simplified version:

-                if ($oldLft > $rightValueBeforeDelete) {
-                    self::assertEquals(
-                        $oldLft - 2,
-                        $node->lft,
-                        "Node $i left should be shifted when > deleted right",
-                    );
-                } else {
-                    self::assertEquals(
-                        $oldLft,
-                        $node->lft,
-                        "Node $i left should NOT be shifted when <= deleted right",
-                    );
-                }
+                $expectedLft = $oldLft > $rightValueBeforeDelete ? $oldLft - 2 : $oldLft;
+                $message = $oldLft > $rightValueBeforeDelete 
+                    ? "Node $i left should be shifted when > deleted right"
+                    : "Node $i left should NOT be shifted when <= deleted right";
+                self::assertEquals($expectedLft, $node->lft, $message);

-                if ($oldRgt > $rightValueBeforeDelete) {
-                    self::assertEquals(
-                        $oldRgt - 2,
-                        $node->rgt,
-                        "Node $i right should be shifted when > deleted right",
-                    );
-                } else {
-                    self::assertEquals(
-                        $oldRgt,
-                        $node->rgt,
-                        "Node $i right should NOT be shifted when <= deleted right",
-                    );
-                }
+                $expectedRgt = $oldRgt > $rightValueBeforeDelete ? $oldRgt - 2 : $oldRgt;
+                $message = $oldRgt > $rightValueBeforeDelete 
+                    ? "Node $i right should be shifted when > deleted right"
+                    : "Node $i right should NOT be shifted when <= deleted right";
+                self::assertEquals($expectedRgt, $node->rgt, $message);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e6af6b2 and 139b336.

📒 Files selected for processing (2)

• .github/workflows/mutation.yml (1 hunks)
• tests/NestedSetsBehaviorTest.php (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/mutation.yml

🧰 Additional context used

🪛 PHPMD (2.15.0)

tests/NestedSetsBehaviorTest.php

1727-1733: The method testShiftBehaviorAfterDeleteWithPreciseBoundary uses an else expression. Else clauses are basically not necessary and you can simplify the code by not using them. (Clean Code Rules)

(ElseExpression)

---

1741-1747: The method testShiftBehaviorAfterDeleteWithPreciseBoundary uses an else expression. Else clauses are basically not necessary and you can simplify the code by not using them. (Clean Code Rules)

(ElseExpression)

🪛 GitHub Actions: ecs

tests/NestedSetsBehaviorTest.php

[error] 1722-1748: PhpCsFixer detected missing trailing commas in multiline arrays or function calls. Run 'vendor/bin/ecs check --fix' to automatically fix this issue.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: mutation / PHP 8.4-ubuntu-latest
• GitHub Check: mutation / PHP 8.4-ubuntu-latest

🔇 Additional comments (1)

tests/NestedSetsBehaviorTest.php (1)

1624-1672: LGTM! Excellent edge case test for nested set deletion behavior.

This test effectively verifies that nodes whose left value equals the deleted node's right value remain unaffected while other nodes shift correctly. The test logic is sound and covers an important edge case in nested set implementations.