ci(deps): bump actions/github-script from 8.0.0 to 9.0.0 #164
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| jobs: | |
| # Quality checks for PHP 8.2 (with coverage and WordPress integration) | |
| quality-checks-82: | |
| name: Quality Checks (PHP 8.2) | |
| uses: ./.github/workflows/quality-checks.yml | |
| with: | |
| php-version: '8.2' | |
| skip-wp-setup: false | |
| upload-coverage: true | |
| # Quality checks for PHP 8.3 (with WordPress integration) | |
| quality-checks-83: | |
| name: Quality Checks (PHP 8.3) | |
| uses: ./.github/workflows/quality-checks.yml | |
| with: | |
| php-version: '8.3' | |
| skip-wp-setup: false | |
| upload-coverage: false | |
| # Quality checks for PHP 8.4 (with WordPress integration) | |
| quality-checks-84: | |
| name: Quality Checks (PHP 8.4) | |
| uses: ./.github/workflows/quality-checks.yml | |
| with: | |
| php-version: '8.4' | |
| skip-wp-setup: false | |
| upload-coverage: false | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5.2.2 | |
| - name: Setup PHP 8.2 | |
| uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 | |
| with: | |
| php-version: '8.2' | |
| extensions: mbstring, intl | |
| coverage: none | |
| - name: Install Composer dependencies | |
| run: composer install --no-interaction --no-progress --optimize-autoloader | |
| - name: Security audit with composer | |
| run: composer audit | |
| - name: Run security checks | |
| run: | | |
| echo "🔍 Running security checks..." | |
| # Check for common security issues | |
| SECURITY_ISSUES=0 | |
| echo "• Checking for eval() usage..." | |
| if grep -r "eval(" --include="*.php" . --exclude-dir=vendor --exclude-dir=tests; then | |
| echo "❌ Found eval() usage" | |
| ((SECURITY_ISSUES++)) | |
| else | |
| echo "✅ No eval() usage found" | |
| fi | |
| echo "• Checking for potential SQL injection..." | |
| # Look for $wpdb->query() without $wpdb->prepare() on previous line | |
| if grep -r "\$wpdb->query" --include="*.php" . --exclude-dir=vendor --exclude-dir=tests --exclude-dir=build | while read -r line; do | |
| file="${line%%:*}" | |
| if [ -f "$file" ]; then | |
| # Check if prepare() appears in context (within 3 lines before) | |
| if ! grep -B 3 "\$wpdb->query" "$file" | grep -q "prepare"; then | |
| echo "$line" | |
| exit 1 | |
| fi | |
| fi | |
| done; then | |
| echo "⚠️ Potential SQL injection risk found (query without prepare)" | |
| ((SECURITY_ISSUES++)) | |
| else | |
| echo "✅ No obvious SQL injection risks" | |
| fi | |
| echo "• Checking for unescaped output..." | |
| if grep -r "echo \$" --include="*.php" . --exclude-dir=vendor --exclude-dir=tests; then | |
| echo "⚠️ Potential XSS risk (unescaped output)" | |
| ((SECURITY_ISSUES++)) | |
| else | |
| echo "✅ No obvious XSS risks" | |
| fi | |
| if [ $SECURITY_ISSUES -gt 0 ]; then | |
| echo "❌ Security issues found: $SECURITY_ISSUES" | |
| exit 1 | |
| else | |
| echo "✅ No security issues detected" | |
| fi | |
| compatibility: | |
| name: WordPress Compatibility | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| wordpress-version: ['6.4', '6.5', '6.6', 'latest'] | |
| services: | |
| mysql: | |
| image: mysql:8.0 | |
| env: | |
| MYSQL_ROOT_PASSWORD: root | |
| MYSQL_DATABASE: wordpress_test | |
| ports: | |
| - 3306:3306 | |
| options: >- | |
| --health-cmd="mysqladmin ping" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5.2.2 | |
| - name: Setup PHP 8.2 | |
| uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 | |
| with: | |
| php-version: '8.2' | |
| extensions: mbstring, intl, mysql, pdo_mysql | |
| coverage: none | |
| - name: Install Composer dependencies | |
| run: composer install --no-interaction --no-progress --optimize-autoloader | |
| - name: Setup WordPress ${{ matrix.wordpress-version }} | |
| run: | | |
| # Download WordPress | |
| if [ "${{ matrix.wordpress-version }}" = "latest" ]; then | |
| WP_VERSION="" | |
| else | |
| WP_VERSION="${{ matrix.wordpress-version }}" | |
| fi | |
| wget -O /tmp/wordpress.tar.gz "https://wordpress.org/latest.tar.gz" | |
| tar -xzf /tmp/wordpress.tar.gz -C /tmp | |
| # Setup WordPress test environment | |
| export WP_TESTS_DIR=/tmp/wordpress-tests-lib | |
| export WP_CORE_DIR=/tmp/wordpress | |
| # Download test library | |
| git clone --depth=1 https://github.com/WordPress/wordpress-develop.git $WP_TESTS_DIR | |
| # Configure WordPress database | |
| cp $WP_CORE_DIR/wp-config-sample.php $WP_CORE_DIR/wp-config.php | |
| sed -i "s/database_name_here/wordpress_test/" $WP_CORE_DIR/wp-config.php | |
| sed -i "s/username_here/root/" $WP_CORE_DIR/wp-config.php | |
| sed -i "s/password_here/root/" $WP_CORE_DIR/wp-config.php | |
| sed -i "s/localhost/127.0.0.1:3306/" $WP_CORE_DIR/wp-config.php | |
| # Configure WordPress Test Suite | |
| cp $WP_TESTS_DIR/wp-tests-config-sample.php $WP_TESTS_DIR/wp-tests-config.php | |
| sed -i "s/youremptytestdbnamehere/wordpress_test/" $WP_TESTS_DIR/wp-tests-config.php | |
| sed -i "s/yourusernamehere/root/" $WP_TESTS_DIR/wp-tests-config.php | |
| sed -i "s/yourpasswordhere/root/" $WP_TESTS_DIR/wp-tests-config.php | |
| sed -i "s|localhost|127.0.0.1|" $WP_TESTS_DIR/wp-tests-config.php | |
| sed -i "s|dirname( __FILE__ ) . '/src/'|'$WP_CORE_DIR/'|" $WP_TESTS_DIR/wp-tests-config.php | |
| - name: Verify MySQL Connection | |
| run: | | |
| # MySQL should already be healthy thanks to service health checks | |
| mysql -h127.0.0.1 -uroot -proot -e "SHOW DATABASES;" || (echo "MySQL not ready" && exit 1) | |
| - name: Install ACF Plugin | |
| env: | |
| WP_PLUGINS_DIR: /tmp/wordpress/wp-content/plugins | |
| WP_TESTS_DIR: /tmp/wordpress-tests-lib | |
| run: | | |
| bash scripts/install-acf-for-tests.sh | |
| - name: Run tests with WordPress ${{ matrix.wordpress-version }} | |
| env: | |
| WP_TESTS_DIR: /tmp/wordpress-tests-lib | |
| WP_CORE_DIR: /tmp/wordpress | |
| run: | | |
| echo "Running integration tests with WordPress ${{ matrix.wordpress-version }}..." | |
| # Run integration tests that require WordPress | |
| # Unit tests are run separately in quality-checks workflow | |
| vendor/bin/phpunit --testsuite=integration --no-coverage | |
| echo "✅ WordPress ${{ matrix.wordpress-version }} compatibility verified" | |
| build-test: | |
| name: Build Test | |
| runs-on: ubuntu-latest | |
| needs: [quality-checks-82, quality-checks-83, quality-checks-84, security-scan] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5.2.2 | |
| - name: Setup PHP 8.2 | |
| uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 | |
| with: | |
| php-version: '8.2' | |
| extensions: mbstring, intl | |
| coverage: none | |
| - name: Install production dependencies | |
| run: composer install --no-dev --no-interaction --optimize-autoloader | |
| - name: Test build process | |
| run: | | |
| # Simulate build process | |
| mkdir -p /tmp/build-test | |
| cp -r . /tmp/build-test/plugin | |
| cd /tmp/build-test/plugin | |
| # Remove development files | |
| rm -rf .git .github scripts tests node_modules | |
| rm -f .gitignore .gitattributes composer.lock package.json package-lock.json | |
| rm -f phpunit.xml phpcs.xml phpstan.neon | |
| # Verify essential files exist | |
| if [ ! -f "silver-assist-acf-clone-fields.php" ]; then | |
| echo "❌ Main plugin file missing" | |
| exit 1 | |
| fi | |
| if [ ! -d "includes" ]; then | |
| echo "❌ Includes directory missing" | |
| exit 1 | |
| fi | |
| if [ ! -d "vendor" ]; then | |
| echo "❌ Vendor directory missing" | |
| exit 1 | |
| fi | |
| echo "✅ Build test successful" | |
| notify: | |
| name: Notify Status | |
| runs-on: ubuntu-latest | |
| needs: [quality-checks-82, quality-checks-83, quality-checks-84, security-scan, compatibility, build-test] | |
| if: always() | |
| steps: | |
| - name: Check results | |
| run: | | |
| echo "🔍 CI Pipeline Results:" | |
| echo " Quality Checks (PHP 8.2): ${{ needs.quality-checks-82.result }}" | |
| echo " Quality Checks (PHP 8.3): ${{ needs.quality-checks-83.result }}" | |
| echo " Quality Checks (PHP 8.4): ${{ needs.quality-checks-84.result }}" | |
| echo " Security Scan: ${{ needs.security-scan.result }}" | |
| echo " Compatibility: ${{ needs.compatibility.result }}" | |
| echo " Build Test: ${{ needs.build-test.result }}" | |
| if [ "${{ needs.quality-checks-82.result }}" = "success" ] && \ | |
| [ "${{ needs.quality-checks-83.result }}" = "success" ] && \ | |
| [ "${{ needs.quality-checks-84.result }}" = "success" ] && \ | |
| [ "${{ needs.security-scan.result }}" = "success" ] && \ | |
| [ "${{ needs.compatibility.result }}" = "success" ] && \ | |
| [ "${{ needs.build-test.result }}" = "success" ]; then | |
| echo "" | |
| echo "✅ All CI checks passed! Ready for:" | |
| echo " • Merge to main branch" | |
| echo " • Release creation" | |
| echo " • Production deployment" | |
| else | |
| echo "" | |
| echo "❌ Some CI checks failed. Please review and fix issues." | |
| fi |