Skip to content

Fix naive filtering of uploads directory. #29200

Fix naive filtering of uploads directory.

Fix naive filtering of uploads directory. #29200

name: PHP Compatibility
on:
# PHP compatibility testing was introduced in WordPress 5.5.
push:
branches:
- trunk
- '5.[5-9]'
- '[6-9].[0-9]'
tags:
- '[0-9]+.[0-9]'
- '[0-9]+.[0-9].[0-9]+'
- '![34].[0-9].[0-9]+'
- '!5.[0-4].[0-9]+'
pull_request:
branches:
- trunk
- '5.[5-9]'
- '[6-9].[0-9]'
paths:
# This workflow only scans PHP files.
- '**.php'
# These files configure Composer. Changes could affect the outcome.
- 'composer.*'
# This file configures PHP compatibility scanning. Changes could affect the outcome.
- 'phpcompat.xml.dist'
# Changes to workflow files should always verify all workflows are successful.
- '.github/workflows/*.yml'
workflow_dispatch:
# Cancels all previous workflow runs for pull requests that have not completed.
concurrency:
# The concurrency group contains the workflow name and the branch name for pull requests
# or the commit hash for any other events.
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
cancel-in-progress: true
# Disable permissions for all available scopes by default.
# Any needed permissions should be configured at the job level.
permissions: {}
jobs:
# Runs PHP compatibility testing.
#
# Violations are reported inline with annotations.
#
# Performs the following steps:
# - Checks out the repository.
# - Sets up PHP.
# - Logs debug information.
# - Configures caching for PHP compatibility scans.
# - Installs Composer dependencies.
# - Make Composer packages available globally.
# - Runs the PHP compatibility tests.
# - Generate a report for displaying issues as pull request annotations.
# - Ensures version-controlled files are not modified or deleted.
php-compatibility:
name: Check PHP compatibility
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 20
if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }}
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
- name: Set up PHP
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2.30.0
with:
php-version: '7.4'
coverage: none
tools: cs2pr
- name: Log debug information
run: |
composer --version
# This date is used to ensure that the PHP compatibility cache is cleared at least once every week.
# http://man7.org/linux/man-pages/man1/date.1.html
- name: "Get last Monday's date"
id: get-date
run: echo "date=$(/bin/date -u --date='last Mon' "+%F")" >> $GITHUB_OUTPUT
- name: Cache PHP compatibility scan cache
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
with:
path: .cache/phpcompat.json
key: ${{ runner.os }}-date-${{ steps.get-date.outputs.date }}-phpcompat-cache-${{ hashFiles('**/composer.json', 'phpcompat.xml.dist') }}
# Since Composer dependencies are installed using `composer update` and no lock file is in version control,
# passing a custom cache suffix ensures that the cache is flushed at least once per week.
- name: Install Composer dependencies
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a # v3.0.0
with:
custom-cache-suffix: ${{ steps.get-date.outputs.date }}
- name: Make Composer packages available globally
run: echo "${PWD}/vendor/bin" >> $GITHUB_PATH
- name: Run PHP compatibility tests
id: phpcs
run: phpcs --standard=phpcompat.xml.dist --report-full --report-checkstyle=./.cache/phpcs-compat-report.xml
- name: Show PHPCompatibility results in PR
if: ${{ always() && steps.phpcs.outcome == 'failure' }}
run: cs2pr ./.cache/phpcs-compat-report.xml
- name: Ensure version-controlled files are not modified or deleted
run: git diff --exit-code
slack-notifications:
name: Slack Notifications
uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
permissions:
actions: read
contents: read
needs: [ php-compatibility ]
if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
with:
calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }}
secrets:
SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }}
SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }}
SLACK_GHA_FIXED_WEBHOOK: ${{ secrets.SLACK_GHA_FIXED_WEBHOOK }}
SLACK_GHA_FAILURE_WEBHOOK: ${{ secrets.SLACK_GHA_FAILURE_WEBHOOK }}
failed-workflow:
name: Failed workflow tasks
runs-on: ubuntu-latest
permissions:
actions: write
needs: [ slack-notifications ]
if: |
always() &&
github.repository == 'WordPress/wordpress-develop' &&
github.event_name != 'pull_request' &&
github.run_attempt < 2 &&
(
contains( needs.*.result, 'cancelled' ) ||
contains( needs.*.result, 'failure' )
)
steps:
- name: Dispatch workflow run
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
retries: 2
retry-exempt-status-codes: 418
script: |
github.rest.actions.createWorkflowDispatch({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: 'failed-workflow.yml',
ref: 'trunk',
inputs: {
run_id: '${{ github.run_id }}'
}
});