Bump doctrine/.github from 1.5.0 to 5.0.0

[dependabot]

Bumps doctrine/.github from 1.5.0 to 5.0.0.

Release notes

Sourced from doctrine/.github's releases.

5.0.0

Changed

• Bumped all workflows to their latest versions. Among other things, this means codecov/codecov-action is bumped to v4, which in turn means you will have to provide a CODECOV_TOKEN secret to your workflows.

PHP 8.3 by default

Changed

• jobs now run by default on PHP 8.3

Checkout v4

No release notes provided.

PHP 8.2, ubuntu 22.04

Changed

• jobs now run by default on PHP 8.2
• jobs now run on ubuntu 22.04

Dependency upgrade

All the actions we are relying on have been upgraded to their latest major version.

2.0.0

PHP 8.1 as default

All workflows are running on PHP 8.1 by default now. The "Continuous Integration" workflow runs on PHP 7.2 – 8.1 by default. Of course, you can still override this setting if you like.

Commits

• 03e9941 Merge pull request #42 from greg0ire/forgotten-occurrence
• 68b7e7e Provide CODECOV_TOKEN also when using the alternate CI workflow
• 74d9928 Merge pull request #41 from greg0ire/pass-codecov-token
• 5c61eff Pass CODECOV_TOKEN to codecov/codecov-action
• 1dbf796 Merge pull request #40 from greg0ire/bump-all-the-things
• 334efea Bump workflow actions
• 8255e2f Merge pull request #39 from derrabus/improvement/stable-php-8.3
• 0050753 PHP 8.3 is stable
• 872bb4d Merge pull request #38 from derrabus/bump/checkout
• 6295902 Use checkout v4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greg0ire]

Ah… Codecov errors out… I think I faintly remember something about shared workflows not being able to pull secrets 🤔

For instance for the release workflow, we explicitly pass stuff in secrets… but here the Codecov docs use env, not secrets: https://docs.codecov.com/docs/github-2-getting-a-codecov-account-and-uploading-coverage#create-ci-pipeline

[greg0ire]

Ah yes 💡 CODECOV_TOKEN is a secret, hence why we use it with secrets.CODECOV_TOKEN. And we have to explicitly pass it as a secret to our shared workflow.

[greg0ire]

The workflow is not valid. .github/workflows/continuous-integration.yml (Line: 20, Col: 22): Invalid secret, CODECOV_TOKEN is not defined in the referenced workflow.

🤔

[greg0ire]

Ah OK I need to fix the shared workflow.