Skip to content

Fix naive filtering of uploads directory. #31802

Fix naive filtering of uploads directory.

Fix naive filtering of uploads directory. #31802

name: Coding Standards
on:
# JSHint was introduced in WordPress 3.8.
# PHPCS checking was introduced in WordPress 5.1.
push:
branches:
- trunk
- '3.[89]'
- '[4-9].[0-9]'
tags:
- '[0-9]+.[0-9]'
- '[0-9]+.[0-9].[0-9]+'
- '!3.7.[0-9]+'
pull_request:
branches:
- trunk
- '3.[89]'
- '[4-9].[0-9]'
paths:
# Any change to a PHP or JavaScript file should run checks.
- '**.js'
- '**.php'
# These files configure npm. Changes could affect the outcome.
- 'package*.json'
# These files configure Composer. Changes could affect the outcome.
- 'composer.*'
# This file configures JSHint. Changes could affect the outcome.
- '.jshintrc'
# This file configures PHPCS. Changes could affect the outcome.
- 'phpcs.xml.dist'
# Changes to workflow files should always verify all workflows are successful.
- '.github/workflows/*.yml'
workflow_dispatch:
# Cancels all previous workflow runs for pull requests that have not completed.
concurrency:
# The concurrency group contains the workflow name and the branch name for pull requests
# or the commit hash for any other events.
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
cancel-in-progress: true
# Disable permissions for all available scopes by default.
# Any needed permissions should be configured at the job level.
permissions: {}
jobs:
# Runs PHP coding standards checks.
#
# Violations are reported inline with annotations.
#
# Performs the following steps:
# - Checks out the repository.
# - Sets up PHP.
# - Configures caching for PHPCS scans.
# - Installs Composer dependencies.
# - Make Composer packages available globally.
# - Runs PHPCS on the full codebase with warnings suppressed.
# - Generate a report for displaying issues as pull request annotations.
# - Runs PHPCS on the `tests` directory without warnings suppressed.
# - Generate a report for displaying `test` directory issues as pull request annotations.
# - Ensures version-controlled files are not modified or deleted.
phpcs:
name: PHP coding standards
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 20
if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }}
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
- name: Set up PHP
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2.30.0
with:
php-version: 'latest'
coverage: none
tools: cs2pr
# This date is used to ensure that the PHPCS cache is cleared at least once every week.
# http://man7.org/linux/man-pages/man1/date.1.html
- name: "Get last Monday's date"
id: get-date
run: echo "date=$(/bin/date -u --date='last Mon' "+%F")" >> $GITHUB_OUTPUT
- name: Cache PHPCS scan cache
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
with:
path: |
.cache/phpcs-src.json
.cache/phpcs-tests.json
key: ${{ runner.os }}-date-${{ steps.get-date.outputs.date }}-phpcs-cache-${{ hashFiles('**/composer.json', 'phpcs.xml.dist') }}
# Since Composer dependencies are installed using `composer update` and no lock file is in version control,
# passing a custom cache suffix ensures that the cache is flushed at least once per week.
- name: Install Composer dependencies
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a # v3.0.0
with:
custom-cache-suffix: ${{ steps.get-date.outputs.date }}
- name: Make Composer packages available globally
run: echo "${PWD}/vendor/bin" >> $GITHUB_PATH
- name: Run PHPCS on all Core files
id: phpcs-core
run: phpcs -n --report-full --cache=./.cache/phpcs-src.json --report-checkstyle=./.cache/phpcs-report.xml
- name: Show PHPCS results in PR
if: ${{ always() && steps.phpcs-core.outcome == 'failure' }}
run: cs2pr ./.cache/phpcs-report.xml
- name: Check test suite files for warnings
id: phpcs-tests
run: phpcs tests --report-full --cache=./.cache/phpcs-tests.json --report-checkstyle=./.cache/phpcs-tests-report.xml
- name: Show test suite scan results in PR
if: ${{ always() && steps.phpcs-tests.outcome == 'failure' }}
run: cs2pr ./.cache/phpcs-tests-report.xml
- name: Ensure version-controlled files are not modified during the tests
run: git diff --exit-code
# Runs the JavaScript coding standards checks.
#
# JSHint violations are not currently reported inline with annotations.
#
# Performs the following steps:
# - Checks out the repository.
# - Sets up Node.js.
# - Logs debug information about the GitHub Action runner.
# - Installs npm dependencies.
# - Run the WordPress JSHint checks.
# - Ensures version-controlled files are not modified or deleted.
jshint:
name: JavaScript coding standards
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 20
if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }}
env:
PUPPETEER_SKIP_DOWNLOAD: ${{ true }}
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
- name: Set up Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
cache: npm
- name: Log debug information
run: |
npm --version
node --version
git --version
- name: Install npm Dependencies
run: npm ci
- name: Run JSHint
run: npm run grunt jshint
- name: Ensure version-controlled files are not modified or deleted
run: git diff --exit-code
slack-notifications:
name: Slack Notifications
uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
permissions:
actions: read
contents: read
needs: [ phpcs, jshint ]
if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
with:
calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }}
secrets:
SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }}
SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }}
SLACK_GHA_FIXED_WEBHOOK: ${{ secrets.SLACK_GHA_FIXED_WEBHOOK }}
SLACK_GHA_FAILURE_WEBHOOK: ${{ secrets.SLACK_GHA_FAILURE_WEBHOOK }}
failed-workflow:
name: Failed workflow tasks
runs-on: ubuntu-latest
permissions:
actions: write
needs: [ phpcs, jshint, slack-notifications ]
if: |
always() &&
github.repository == 'WordPress/wordpress-develop' &&
github.event_name != 'pull_request' &&
github.run_attempt < 2 &&
(
contains( needs.*.result, 'cancelled' ) ||
contains( needs.*.result, 'failure' )
)
steps:
- name: Dispatch workflow run
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
retries: 2
retry-exempt-status-codes: 418
script: |
github.rest.actions.createWorkflowDispatch({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: 'failed-workflow.yml',
ref: 'trunk',
inputs: {
run_id: '${{ github.run_id }}'
}
});