From eaaf449768e6674a1e107d411c40da67882fe425 Mon Sep 17 00:00:00 2001 From: Joost de Valk Date: Mon, 16 Mar 2026 14:31:03 +0100 Subject: [PATCH] Add baseline GitHub Actions checks --- .github/workflows/composer-diff.yml | 23 ++++++++++++++++ .github/workflows/lint-php.yml | 35 ++++++++++++++++++++++++ .github/workflows/playground-preview.yml | 21 ++++++++++++++ .github/workflows/security.yml | 34 +++++++++++++++++++++++ .github/workflows/wpcs.yml | 29 ++++++++++++++++++++ 5 files changed, 142 insertions(+) create mode 100644 .github/workflows/composer-diff.yml create mode 100644 .github/workflows/lint-php.yml create mode 100644 .github/workflows/playground-preview.yml create mode 100644 .github/workflows/security.yml create mode 100644 .github/workflows/wpcs.yml diff --git a/.github/workflows/composer-diff.yml b/.github/workflows/composer-diff.yml new file mode 100644 index 0000000..69c85fe --- /dev/null +++ b/.github/workflows/composer-diff.yml @@ -0,0 +1,23 @@ +name: Composer Diff + +on: + pull_request: + paths: + - composer.lock + +permissions: + contents: read + pull-requests: write + +jobs: + diff: + name: Composer Diff + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Composer Diff + uses: IonBazan/composer-diff-action@v1 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml new file mode 100644 index 0000000..0647e52 --- /dev/null +++ b/.github/workflows/lint-php.yml @@ -0,0 +1,35 @@ +name: PHP Lint + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + name: PHP ${{ matrix.php }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: ['7.4', '8.0', '8.1', '8.2', '8.3'] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + tools: php-parallel-lint + coverage: none + + - name: Lint PHP files + run: parallel-lint --exclude vendor --exclude node_modules . diff --git a/.github/workflows/playground-preview.yml b/.github/workflows/playground-preview.yml new file mode 100644 index 0000000..52c6a51 --- /dev/null +++ b/.github/workflows/playground-preview.yml @@ -0,0 +1,21 @@ +name: Playground Preview + +on: + pull_request: + types: [opened, synchronize, reopened, edited] + +permissions: + contents: read + pull-requests: write + +jobs: + preview: + name: Playground Preview + runs-on: ubuntu-latest + steps: + - name: Add Playground preview + uses: WordPress/action-wp-playground-pr-preview@v2 + with: + plugin-path: . + mode: append-to-description + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..c573354 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,34 @@ +name: Composer Security Audit + +on: + push: + branches: + - main + pull_request: + schedule: + - cron: '0 6 * * 1' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + security: + name: Composer audit + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + + - name: Validate Composer file + run: composer validate --no-check-publish --strict + + - name: Run Composer audit + run: composer audit --locked diff --git a/.github/workflows/wpcs.yml b/.github/workflows/wpcs.yml new file mode 100644 index 0000000..b3ade22 --- /dev/null +++ b/.github/workflows/wpcs.yml @@ -0,0 +1,29 @@ +name: WordPress Coding Standards + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + phpcs: + name: WPCS + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: WPCS check + uses: 10up/wpcs-action@stable + with: + enable_warnings: true + standard: WordPress + only_changed_lines: true