A better CI should be built for IncidentReporting to maintain better code quality by using the MediaWiki standards.
Phan (with phan-taint-check-plugin) should be used to check for certain security vulnerabilities.
It should be created so that GitHub actions will automatically commit minor formatting fixes, that the CI can automatically detect and fix. Thus should have no negative effect, since it wouldn't automatically commit anything but formatting issues.
I am working on doing this.