NEW "WP Plugin Check" action (swissspidy/wp-plugin-check-action) #338
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, test & measure | |
on: | |
workflow_call: | |
pull_request: | |
push: | |
# dorny/paths-filter requires this action to run only on 'push' or 'pull_request' events | |
jobs: | |
pre-run: | |
name: 'Pre run' | |
runs-on: ubuntu-latest | |
outputs: | |
changed-php: ${{ steps.filter.outputs.php }} | |
changed-php_files: ${{ steps.filter.outputs.php_files }} | |
changed-json: ${{ steps.filter.outputs.json }} | |
changed-js: ${{ steps.filter.outputs.js }} | |
changed-css: ${{ steps.filter.outputs.css }} | |
steps: | |
- uses: actions/checkout@v4 | |
# Checks to see if any files in the PR match one of the listed file types. | |
# We can use this filter to decide whether or not to run linters or tests. | |
# You can check if a file with a listed file type is in the PR by doing: | |
# if: ${{ steps.filter.outputs.md == 'true' }} | |
# This will return true if there's a markdown file that was changed | |
# in the PR. | |
- uses: dorny/paths-filter@v3.0.1 | |
id: filter | |
# run: echo "{changed-php}=${{ steps.filter.outputs.php }}" >> $GITHUB_OUTPUT | |
with: | |
# Enable listing of files matching each filter. | |
# Paths to files will be available in `${FILTER_NAME}_files` output variable. | |
# Paths will be escaped and space-delimited. | |
# Output is usable as command line argument list in linux shell | |
list-files: shell | |
# It doesn't make sense to lint deleted files. | |
# Therefore we specify we are only interested in added or modified files. | |
filters: | | |
md: | |
- added|modified: '**/*.md' | |
js: | |
- added|modified: '**/*.js' | |
json: | |
- added|modified: '**/*.json' | |
yml: | |
- added|modified: '**/*.yml' | |
css: | |
- added|modified: '**/*.css' | |
- added|modified: '**/*.scss' | |
php: | |
- added|modified: '**/*.php' | |
#----------------------------------------------------------------------------------------------------------------------- | |
lint-json: | |
name: 'Lint: .json files' | |
needs: pre-run | |
# only run for changed .json files AND when it is a pull_request | |
# because 'github.base_ref' will not be available on push | |
if: needs.pre-run.outputs.changed-json == 'true' && github.base_ref != null | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Configure Composer cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Validate composer.json | |
run: composer --no-interaction validate --no-check-all | |
# - name: Validate package.json | |
# run: ... | |
# Dependency Review Action | |
# | |
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. | |
# | |
# Source repository: https://github.com/actions/dependency-review-action | |
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement | |
- name: Dependency Review | |
uses: actions/dependency-review-action@v4 | |
- name: Install Composer dependencies | |
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction | |
- name: Normalize composer.json | |
run: composer normalize --dry-run | |
#----------------------------------------------------------------------------------------------------------------------- | |
lint-css: | |
name: 'Lint: CSS' | |
needs: pre-run | |
# only run for changed .php files AND when it is a pull_request | |
# because 'github.base_ref' will not be available on push | |
if: needs.pre-run.outputs.changed-css == 'true' && github.base_ref != null | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4.0.2 | |
with: | |
# use the same version like WordPress/gutenberg | |
node-version: '16' | |
cache: npm | |
- name: Install Node dependencies | |
run: npm ci | |
env: | |
CI: true | |
- name: Validate package.json | |
run: npm run lint:pkg-json | |
- name: Detect CSS coding standard violations | |
run: npm run lint:css | |
#----------------------------------------------------------------------------------------------------------------------- | |
lint-js: | |
name: 'Lint: JS' | |
needs: pre-run | |
# only run for changed .php files AND when it is a pull_request | |
# because 'github.base_ref' will not be available on push | |
if: needs.pre-run.outputs.changed-js == 'true' && github.base_ref != null | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4.0.2 | |
with: | |
# use the same version like WordPress/gutenberg | |
node-version: '16' | |
cache: npm | |
- name: Install Node dependencies | |
run: npm ci | |
env: | |
CI: true | |
- name: Validate package.json | |
run: npm run lint:pkg-json | |
- name: Detect ESLint coding standard violations | |
if: > | |
!( github.event.pull_request.head.repo.fork == true || | |
github.event.pull_request.user.login == 'dependabot[bot]' ) | |
run: npm run lint:js | |
- name: Generate ESLint coding standard violations report | |
# Prevent generating the ESLint report if PR is from a fork or authored by Dependabot. | |
if: > | |
! ( github.event.pull_request.head.repo.fork == true || | |
github.event.pull_request.user.login == 'dependabot[bot]' ) | |
run: npm run lint:js:report | |
continue-on-error: true | |
- name: Annotate code linting results | |
# The action cannot annotate the PR when run from a PR fork or was authored by Dependabot. | |
if: > | |
! ( github.event.pull_request.head.repo.fork == true || | |
github.event.pull_request.user.login == 'dependabot[bot]' ) | |
uses: ataylorme/eslint-annotate-action@2.2.0 | |
with: | |
repo-token: '${{ secrets.GITHUB_TOKEN }}' | |
report-json: 'lint-js-report.json' | |
#----------------------------------------------------------------------------------------------------------------------- | |
lint-php: | |
name: 'Lint: PHP' | |
needs: pre-run | |
# only run for changed .php files AND when it is a pull_request | |
# because 'github.base_ref' will not be available on push | |
if: needs.pre-run.outputs.changed-php == 'true' && github.base_ref != null | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 8.1 | |
coverage: none | |
tools: cs2pr | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Configure Composer cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction | |
- name: Detect coding standard violations (PHPCS) | |
run: vendor/bin/phpcs -q --report=checkstyle --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 | cs2pr --graceful-warnings | |
#----------------------------------------------------------------------------------------------------------------------- | |
static-analysis-php: | |
name: 'Static Analysis: PHP' | |
runs-on: ubuntu-latest | |
needs: pre-run | |
# only run for changed .php files AND when it is a pull_request | |
# because 'github.base_ref' will not be available on push | |
if: needs.pre-run.outputs.changed-php == 'true' && github.base_ref != null | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
# phpstan requires PHP 7.1+. | |
php-version: 8.1 | |
extensions: dom, iconv, json, libxml, zip | |
coverage: none | |
tools: cs2pr | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Configure Composer cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: composer install | |
- name: Static Analysis (PHPStan) | |
run: | | |
vendor/bin/phpstan --version | |
vendor/bin/phpstan analyse . --error-format=checkstyle | cs2pr |