Fix an issue with third-party plugins and What's New admin scripts an… #3910
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: hCaptcha CI | |
| on: [ push, pull_request ] | |
| # 1. SECURITY: Default to read-only permissions for the workflow | |
| permissions: | |
| actions: read | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| cs_and_tests: | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest ] | |
| php-version: [ '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5' ] | |
| env: | |
| wp-directory: wordpress | |
| wp-plugin-directory: wordpress/wp-content/plugins/hcaptcha-wordpress-plugin | |
| DB_HOST: localhost | |
| DB_TABLE_PREFIX: wp_ | |
| DB_NAME: wp_tests | |
| DB_USER: test | |
| DB_PASSWORD: test | |
| WP_URL: https://test.test | |
| WP_DOMAIN: test.test | |
| WP_ADMIN_USERNAME: admin | |
| WP_ADMIN_PASSWORD: admin | |
| WP_ADMIN_EMAIL: [email protected] | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true) | |
| runs-on: ${{ matrix.os }} | |
| name: PHP ${{ matrix.php-version }} on ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| path: ${{ env.wp-plugin-directory }} | |
| # MOVED: The "Update changelog" step has been moved to the specific job below | |
| # to prevent giving 'contents: write' permissions to this testing job. | |
| - name: Setup PHP | |
| uses: hCaptcha/setup-php@42a9487ddd45db247decea2acf7de871a8178226 | |
| with: | |
| php-version: ${{ matrix.php-version }} | |
| extensions: json, mysqli, mbstring, zip | |
| ini-values: register_argc_argv=On | |
| - name: Install dependencies with caching | |
| uses: hCaptcha/composer-install@e52779489de843a9f022c7b8faa648b608b02c70 | |
| with: | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| - name: Run code sniffer | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| run: composer phpcs | |
| - name: Run ESLint | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| if: ${{ matrix.php-version == '8.4' }} | |
| run: | | |
| corepack enable | |
| yarn set version stable | |
| yarn | |
| yarn dev | |
| yarn lint | |
| - name: Install WP CLI | |
| # Security: 1. Ensure wp-cli integrity via checksum. | |
| run: | | |
| WPCLI_VERSION=2.12.0 | |
| curl -fsSL -o wp-cli.phar "https://github.com/wp-cli/wp-cli/releases/download/v${WPCLI_VERSION}/wp-cli-${WPCLI_VERSION}.phar" | |
| curl -fsSL -o wp-cli.phar.sha256 "https://github.com/wp-cli/wp-cli/releases/download/v${WPCLI_VERSION}/wp-cli-${WPCLI_VERSION}.phar.sha256" | |
| echo "$(cat wp-cli.phar.sha256) wp-cli.phar" | sha256sum -c - | |
| chmod +x wp-cli.phar | |
| mkdir -p wp-cli | |
| sudo mv wp-cli.phar wp-cli/wp | |
| echo "$GITHUB_WORKSPACE/wp-cli" >> $GITHUB_PATH | |
| - name: Start mysql | |
| run: | | |
| echo '[mysqld]' | sudo tee -a /etc/mysql/my.cnf | |
| echo 'default_authentication_plugin=mysql_native_password' | sudo tee -a /etc/mysql/my.cnf | |
| sudo systemctl start mysql | |
| mysql -e "CREATE USER '${{ env.DB_USER }}'@'${{ env.DB_HOST }}' IDENTIFIED BY '${{ env.DB_PASSWORD }}'" -uroot -proot 2>/dev/null | |
| mysql -e "ALTER USER '${{ env.DB_USER }}'@'${{ env.DB_HOST }}' IDENTIFIED WITH mysql_native_password BY '${{ env.DB_PASSWORD }}'" -uroot -proot 2>/dev/null | |
| mysql -e "GRANT ALL PRIVILEGES ON *.* TO '${{ env.DB_USER }}'@'${{ env.DB_HOST }}'" -uroot -proot 2>/dev/null | |
| mysql -e 'FLUSH PRIVILEGES' -uroot -proot 2>/dev/null | |
| - name: Install WP | |
| working-directory: ${{ env.wp-directory }} | |
| run: | | |
| wp core download | |
| wp config create --dbname="${{ env.DB_NAME }}" --dbuser="${{ env.DB_USER }}" --dbpass="${{ env.DB_PASSWORD }}" --dbhost="${{ env.DB_HOST }}" --dbprefix="${{ env.DB_TABLE_PREFIX }}" | |
| wp db create | |
| wp core install --url="${{ env.WP_URL }}" --title="Test" --admin_user="${{ env.WP_ADMIN_USERNAME }}" --admin_password="${{ env.WP_ADMIN_PASSWORD }}" --admin_email="${{ env.WP_ADMIN_EMAIL }}" --skip-email | |
| - name: Run unit tests | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| run: composer unit | |
| - name: Install plugins | |
| working-directory: ${{ env.wp-directory }} | |
| run: wp plugin install bbpress buddypress ultimate-member wpforms-lite wpforo | |
| - name: Install plugins requiring 7.4 | |
| if: ${{ matrix.php-version >= '7.4' }} | |
| working-directory: ${{ env.wp-directory }} | |
| run: wp plugin install contact-form-7 ninja-forms woocommerce | |
| - name: Run WP tests | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| run: composer integration -- --env github-actions | |
| - name: Run Jest | |
| if: ${{ matrix.php-version == '8.4' }} | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| run: yarn jest | |
| update_changelog: | |
| name: Update Changelog | |
| runs-on: ubuntu-latest | |
| # 2. SECURITY: Only run on PUSH, never on Pull Requests | |
| if: github.event_name == 'push' | |
| needs: cs_and_tests | |
| # 3. SECURITY: Grant write permission ONLY to this job | |
| permissions: | |
| contents: write | |
| env: | |
| wp-plugin-directory: wordpress/wp-content/plugins/hcaptcha-wordpress-plugin | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| path: ${{ env.wp-plugin-directory }} | |
| # Check out the branch ref to ensure we can push back to it | |
| ref: ${{ github.ref }} | |
| - name: Update changelog | |
| working-directory: ${{ env.wp-plugin-directory }} | |
| run: .github/scripts/update-changelog.sh |