Do not re-run full CI if not necessary on PR

[ildyria]

Summary by CodeRabbit

• Chores
  • Improved CI/CD efficiency by conditionally running PHP and JavaScript checks only when relevant files change.
  • Refined Docker-related validation guards to run appropriately based on earlier outcomes.
  • Updated CodeQL workflow action versions for initialization, autobuild, and analysis.
  • Updated Code Scanning SARIF upload to a newer action version.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: de06c4c5-fbbc-465f-b76b-33e2f3f3720c

📥 Commits

Reviewing files that changed from the base of the PR and between f8cea27 and 4081feb.

📒 Files selected for processing (1)

• .github/workflows/CICD.yml

---

📝 Walkthrough

Walkthrough

The PR makes three independent workflow updates: the CICD.yml workflow gains a changes job using dorny/paths-filter to detect JS and PHP file modifications, narrows the pull_request trigger to markdown-only paths, and conditionally gates PHP/JS check jobs and Docker jobs based on those results. CodeQL and Scorecard workflows are updated to use newer action versions.

Changes

Conditional CI/CD Job Execution

Layer / File(s)	Summary
Trigger narrowing and changes detection job .github/workflows/CICD.yml	paths-ignore for pull_request is reduced to markdown files only; a new changes job using dorny/paths-filter emits js and php boolean outputs. php_syntax_errors is wired to depend on changes and conditionally skips on PR events when php is not true.
Conditional gates on JS check job .github/workflows/CICD.yml	check_js adds needs: changes and an if condition that skips execution on PR events when the changes output js is not true.
Docker job gating on check outcomes .github/workflows/CICD.yml	docker_check and docker_legacy_check each receive an if guard using always() combined with result checks on needs.phpstan and needs.check_js, allowing execution only when those checks succeeded or were skipped.

GitHub Actions Version Updates

Layer / File(s)	Summary
CodeQL action version upgrades .github/workflows/codeql.yml	The github/codeql-action references for init, autobuild, and analyze steps are updated to a newer pinned version.
Scorecard SARIF upload action version .github/workflows/scorecard.yml	The github/codeql-action/upload-sarif step is updated to a newer pinned action version.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 Hoppity hop through the workflow gate,
Only changed files decide their own fate!
PHP and JS, do you need a run?
If nothing has changed, we skip for fun.
Docker waits patiently, watching the queue—
✅ Skipped or succeeded? Then Docker goes too! 🎉

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/CICD.yml (1)

37-38: ⚡ Quick win

Disable credential persistence for checkout in changes job.

This job only inspects changed files; persisting the token is unnecessary. Set persist-credentials: false to reduce credential exposure surface.

Source: Linters/SAST tools

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3118efd6-411a-44ff-bee0-383ea1561d24

📥 Commits

Reviewing files that changed from the base of the PR and between 0baf7ac and 164416e.

📒 Files selected for processing (1)

• .github/workflows/CICD.yml