Add contents: write permission to GitHub Actions workflow in PluginGenerateCommand

[kurozumi]

Summary

• PluginGenerateCommand::createGithubActions() で生成される .github/workflows/release.yml の deploy ジョブに permissions: contents: write を追加
• svenstaro/upload-release-action がリリースアセットをアップロードするために contents: write 権限が必要なため

Test plan

• bin/console eccube:plugin:generate でプラグインを生成し、.github/workflows/release.yml の deploy ジョブに permissions: contents: write が含まれることを確認

🤖 Generated with Claude Code

Summary by CodeRabbit

リリースノート

• 改善
  • デプロイメントワークフローのセキュリティ設定が強化されました。ジョブの実行に必要な権限が明示的に設定されるようになり、セキュリティが向上しました。

[coderabbitai]

📝 Walkthrough

Walkthrough

createGithubActions()メソッド内で生成されるGitHub Actionsワークフロー定義に、deployジョブのジョブレベルpermissionsブロック（contents: write設定）を新たに追加しました。以前はこの明示的な権限設定がありませんでした。

Changes

Cohort / File(s)	Summary
GitHub Actions ワークフロー権限設定 src/Eccube/Command/PluginGenerateCommand.php	生成されるGitHub Actionsワークフローにdeployジョブのジョブレベルpermissionsブロック（contents: write）を追加。

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 ワークフロー整い、権限も明確に
contents: write で安全デプロイ
小さな追加で、信頼性アップ！

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	プルリクエストのタイトルは変更内容を正確に反映しており、PluginGenerateCommandで生成されるGitHub Actionsワークフローにcontents: write権限を追加する主な変更を明確に要約している。
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/Eccube/Command/PluginGenerateCommand.php (1)

218-223: ⚠️ Potential issue | 🟠 Major

GitHub Actionsのバージョンを最新に更新してください

• Line 218: actions/checkout@v2 は古いバージョンです。現在の最新版は v6.0.2 (2026年1月9日リリース) です。@v6 または @v4 以上に更新してください。
• Line 223: svenstaro/upload-release-action@v1-release は無効なタグ形式です。正しい形式は @v2 です (最新版 2.11.5 は v2 ブランチに含まれています)。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/Eccube/Command/PluginGenerateCommand.php` around lines 218 - 223, Update
the GitHub Actions step versions: replace the usage of actions/checkout@v2 with
a current major (e.g., actions/checkout@v6 or `@v4`) in the workflow step that
references actions/checkout, and change
svenstaro/upload-release-action@v1-release to the proper tag format
svenstaro/upload-release-action@v2 in the step that references that upload
action; ensure the two steps (the one running git archive and the one using
svenstaro/upload-release-action) reference these updated versions so the
workflow uses supported action releases.

🧹 Nitpick comments (1)

src/Eccube/Command/PluginGenerateCommand.php (1)

203-203: メソッドシグネチャに型宣言を追加することを検討してください

コーディングガイドラインに従い、パラメータと戻り値に型宣言を追加することができます。ファイル全体で同様のパターンが見られるため、これは広範なリファクタリング機会です。

♻️ 型宣言追加の提案

-    protected function createGithubActions($pluginDir)
+    protected function createGithubActions(string $pluginDir): void

注: ファイル内の他の類似メソッド（createDirectories、createConfig等）にも同様の改善を適用できます。

As per coding guidelines: "Use PHP type declarations for parameters and return types"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/Eccube/Command/PluginGenerateCommand.php` at line 203, The
createGithubActions method lacks PHP type declarations; update its signature to
declare the parameter as string and a return type (likely void) — e.g. change
createGithubActions($pluginDir) to createGithubActions(string $pluginDir): void
— and apply the same pattern to similar methods like createDirectories and
createConfig, updating docblocks if present to match the new type hints.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/Eccube/Command/PluginGenerateCommand.php`:
- Around line 218-223: Update the GitHub Actions step versions: replace the
usage of actions/checkout@v2 with a current major (e.g., actions/checkout@v6 or
`@v4`) in the workflow step that references actions/checkout, and change
svenstaro/upload-release-action@v1-release to the proper tag format
svenstaro/upload-release-action@v2 in the step that references that upload
action; ensure the two steps (the one running git archive and the one using
svenstaro/upload-release-action) reference these updated versions so the
workflow uses supported action releases.

---

Nitpick comments:
In `@src/Eccube/Command/PluginGenerateCommand.php`:
- Line 203: The createGithubActions method lacks PHP type declarations; update
its signature to declare the parameter as string and a return type (likely void)
— e.g. change createGithubActions($pluginDir) to createGithubActions(string
$pluginDir): void — and apply the same pattern to similar methods like
createDirectories and createConfig, updating docblocks if present to match the
new type hints.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 27eb47a6-cb5e-4243-b42d-af41bd01e3a9

📥 Commits

Reviewing files that changed from the base of the PR and between cdb9778 and 7fc4bed.

📒 Files selected for processing (1)

• src/Eccube/Command/PluginGenerateCommand.php

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.66%. Comparing base (3a697eb) to head (7fc4bed).
⚠️ Report is 47 commits behind head on 4.3.

Additional details and impacted files

@@             Coverage Diff              @@
##                4.3    #6706      +/-   ##
============================================
+ Coverage     78.65%   78.66%   +0.01%     
  Complexity     6824     6824              
============================================
  Files           476      476              
  Lines         27078    27078              
============================================
+ Hits          21299    21302       +3     
+ Misses         5779     5776       -3     

Flag	Coverage Δ
Unit	78.66% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dotani1111]

@kurozumi
PRありがとうございます！
こちら確認いたします。