From e7160a7265ae4cb8c11799928cfc1c0bd1efd76c Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:20:13 +0200 Subject: [PATCH 01/10] Coding standards and code quality --- .github/workflows/code-quality.yml | 11 ++++ .github/workflows/coding-standards.yml | 17 +++++ .github/workflows/eslint.yml | 44 +++++++++++++ .github/workflows/jest.yml | 44 +++++++++++++ .github/workflows/node.yml | 80 ------------------------ .github/workflows/{php.yml => phpcs.yml} | 15 ++--- .github/workflows/phpstan.yml | 51 +++++++++++++++ .github/workflows/stylelint.yml | 45 +++++++++++++ .github/workflows/truffle-hog.yml | 39 ++++++++++++ .github/workflows/virus-scan.yml | 54 ++++++++++++++++ 10 files changed, 310 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/code-quality.yml create mode 100644 .github/workflows/coding-standards.yml create mode 100644 .github/workflows/eslint.yml create mode 100644 .github/workflows/jest.yml delete mode 100644 .github/workflows/node.yml rename .github/workflows/{php.yml => phpcs.yml} (87%) create mode 100644 .github/workflows/phpstan.yml create mode 100644 .github/workflows/stylelint.yml create mode 100644 .github/workflows/truffle-hog.yml create mode 100644 .github/workflows/virus-scan.yml diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 00000000..e51da75e --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,11 @@ +name: Code Quality + +on: + pull_request: + +jobs: + trufflehog: + uses: ./.github/workflows/truffle-hog.yml + + virus-scan: + uses: ./.github/workflows/virus-scan.yml \ No newline at end of file diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml new file mode 100644 index 00000000..7839fb21 --- /dev/null +++ b/.github/workflows/coding-standards.yml @@ -0,0 +1,17 @@ +name: Coding Standards + +on: + pull_request: + +jobs: + stylelint: + uses: ./.github/workflows/stylelint.yml + + eslint: + uses: ./.github/workflows/eslint.yml + + phpcs: + uses: ./.github/workflows/phpcs.yml + + phpstan: + uses: ./.github/workflows/phpstan.yml diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml new file mode 100644 index 00000000..86e33914 --- /dev/null +++ b/.github/workflows/eslint.yml @@ -0,0 +1,44 @@ +name: JavaScript Coding Standards + +on: + workflow_call: + +permissions: + contents: read + +jobs: + eslint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Cache node modules + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Setup NPM + run: npm install -g npm@latest + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm install + + - name: Run Lint JS + run: npm run lint-js diff --git a/.github/workflows/jest.yml b/.github/workflows/jest.yml new file mode 100644 index 00000000..dd3df768 --- /dev/null +++ b/.github/workflows/jest.yml @@ -0,0 +1,44 @@ +name: JavaScript Unit Tests + +on: + workflow_call: + +permissions: + contents: read + +jobs: + jest: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Cache node modules + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Setup NPM + run: npm install -g npm@latest + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm install + + - name: Run Jest + run: npm run test diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml deleted file mode 100644 index 622959b6..00000000 --- a/.github/workflows/node.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Node - -on: - push: - branches: - - main - pull_request: - -jobs: - lint-js: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Lint JS - run: npm run lint-js - - lint-style: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Lint Style - run: npm run lint-style - - test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Jest - run: npm run test - - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Build - run: npm run build diff --git a/.github/workflows/php.yml b/.github/workflows/phpcs.yml similarity index 87% rename from .github/workflows/php.yml rename to .github/workflows/phpcs.yml index a63fa8da..fa2dc590 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/phpcs.yml @@ -1,20 +1,18 @@ -name: PHP Checks +name: PHP Coding Standards on: - push: - branches: ["trunk"] - pull_request: - branches: ["trunk"] + workflow_call: permissions: contents: read jobs: - build: + phpcs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 - name: Setup PHP with composer v2 uses: shivammathur/setup-php@v2 @@ -51,6 +49,3 @@ jobs: - name: Run PHPCS run: composer lint - - - name: Run PHPStan - run: composer static diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml new file mode 100644 index 00000000..cbcfcec3 --- /dev/null +++ b/.github/workflows/phpstan.yml @@ -0,0 +1,51 @@ +name: PHP Static Analysis + +on: + workflow_call: + +permissions: + contents: read + +jobs: + phpstan: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP with composer v2 + uses: shivammathur/setup-php@v2 + with: + php-version: "8.3" + tools: composer:v2 + + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + + - name: Cache Composer packages + id: composer-cache + uses: actions/cache@v4 + with: + path: vendor + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-php- + + - name: Install Root dependencies + run: composer install --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Run PHPStan + run: composer static diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml new file mode 100644 index 00000000..1500861e --- /dev/null +++ b/.github/workflows/stylelint.yml @@ -0,0 +1,45 @@ +name: CSS Coding Standards + +on: + workflow_call: + +permissions: + contents: read + +jobs: + stylelint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Cache node modules + uses: actions/cache@v4 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Setup NPM + run: npm install -g npm@latest + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm install + + - name: Run Lint Style + run: npm run lint-style + diff --git a/.github/workflows/truffle-hog.yml b/.github/workflows/truffle-hog.yml new file mode 100644 index 00000000..05ae45c9 --- /dev/null +++ b/.github/workflows/truffle-hog.yml @@ -0,0 +1,39 @@ +name: Secret Scanning + +on: + workflow_call: + +permissions: + contents: read + +jobs: + trufflehog: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Trufflehog exclusions + run: | + if [ ! -f .trufflehog-exclude.txt ]; then + echo "# Paths to exclude from TruffleHog scanning" > .trufflehog-exclude.txt + echo "node_modules/" >> .trufflehog-exclude.txt + echo "vendor/" >> .trufflehog-exclude.txt + echo "dist/" >> .trufflehog-exclude.txt + echo "build/" >> .trufflehog-exclude.txt + fi + + - name: Run Trufflehog on latest commits + id: trufflehog + uses: trufflesecurity/trufflehog@main + continue-on-error: true + with: + path: ./ + extra_args: --results=verified,unknown --exclude-paths .trufflehog-exclude.txt + + - name: Trufflehog Scan Failure + if: steps.trufflehog.outcome == 'failure' + run: exit 1 \ No newline at end of file diff --git a/.github/workflows/virus-scan.yml b/.github/workflows/virus-scan.yml new file mode 100644 index 00000000..fe444879 --- /dev/null +++ b/.github/workflows/virus-scan.yml @@ -0,0 +1,54 @@ +name: Virus Scan + +on: + workflow_call: + +permissions: + contents: read + +jobs: + virus-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP with composer v2 + uses: shivammathur/setup-php@v2 + with: + php-version: "8.3" + tools: composer:v2 + + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + + - name: Cache Composer packages + id: composer-cache + uses: actions/cache@v3 + with: + path: vendor + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-php- + + - name: Install Root dependencies + run: composer install --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Virus Scanning + uses: 10up/wp-scanner-action@v1 + with: + content_dir: './' + composer_build: 'false' From 00360a2396cc5d397061be36543b48d1e7d262a9 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:37:38 +0200 Subject: [PATCH 02/10] Build and Deploy jobs --- .github/workflows/code-quality.yml | 4 +- .github/workflows/coding-standards.yml | 8 +- .github/workflows/develop.yml | 22 +++++ .github/workflows/jobs/build.yml | 88 ++++++++++++++++++++ .github/workflows/jobs/deploy.yml | 31 +++++++ .github/workflows/{ => jobs}/eslint.yml | 8 +- .github/workflows/{ => jobs}/jest.yml | 8 +- .github/workflows/{ => jobs}/phpcs.yml | 13 +-- .github/workflows/{ => jobs}/phpstan.yml | 11 ++- .github/workflows/{ => jobs}/stylelint.yml | 8 +- .github/workflows/{ => jobs}/truffle-hog.yml | 0 .github/workflows/{ => jobs}/virus-scan.yml | 13 +-- .github/workflows/production.yml | 22 +++++ .github/workflows/staging.yml | 22 +++++ 14 files changed, 232 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/develop.yml create mode 100644 .github/workflows/jobs/build.yml create mode 100644 .github/workflows/jobs/deploy.yml rename .github/workflows/{ => jobs}/eslint.yml (78%) rename .github/workflows/{ => jobs}/jest.yml (78%) rename .github/workflows/{ => jobs}/phpcs.yml (76%) rename .github/workflows/{ => jobs}/phpstan.yml (78%) rename .github/workflows/{ => jobs}/stylelint.yml (78%) rename .github/workflows/{ => jobs}/truffle-hog.yml (100%) rename .github/workflows/{ => jobs}/virus-scan.yml (77%) create mode 100644 .github/workflows/production.yml create mode 100644 .github/workflows/staging.yml diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index e51da75e..a1510856 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -5,7 +5,7 @@ on: jobs: trufflehog: - uses: ./.github/workflows/truffle-hog.yml + uses: ./.github/workflows/jobs/truffle-hog.yml virus-scan: - uses: ./.github/workflows/virus-scan.yml \ No newline at end of file + uses: ./.github/workflows/jobs/virus-scan.yml \ No newline at end of file diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index 7839fb21..5d9ae490 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -5,13 +5,13 @@ on: jobs: stylelint: - uses: ./.github/workflows/stylelint.yml + uses: ./.github/workflows/jobs/stylelint.yml eslint: - uses: ./.github/workflows/eslint.yml + uses: ./.github/workflows/jobs/eslint.yml phpcs: - uses: ./.github/workflows/phpcs.yml + uses: ./.github/workflows/jobs/phpcs.yml phpstan: - uses: ./.github/workflows/phpstan.yml + uses: ./.github/workflows/jobs/phpstan.yml diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml new file mode 100644 index 00000000..355324b5 --- /dev/null +++ b/.github/workflows/develop.yml @@ -0,0 +1,22 @@ +name: Deploy to Develop + +on: + push: + branches: + - develop + +jobs: + lint: + uses: ./.github/workflows/jobs/coding-standards.yml + + test: + uses: ./.github/workflows/jobs/code-quality.yml + + build: + uses: ./.github/workflows/jobs/build.yml + + deploy: + uses: ./.github/workflows/jobs/deploy.yml + with: + name: develop + url: https://develop.fueled.com diff --git a/.github/workflows/jobs/build.yml b/.github/workflows/jobs/build.yml new file mode 100644 index 00000000..730acefd --- /dev/null +++ b/.github/workflows/jobs/build.yml @@ -0,0 +1,88 @@ +name: Build + +on: + workflow_call: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Setup NPM + run: npm install -g npm@latest + + - name: Check Node version + run: npm -v + + - name: Install Node dependencies + run: npm install + + - name: Build JavaScript + run: npm run build + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: "8.4" + coverage: none + tools: composer:v2 + + - name: Get Composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> ${GITHUB_OUTPUT} + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-composer- + + - name: PHP Version + run: php -v + + - name: Install Root dependencies + run: composer install --no-dev --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --no-dev --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --no-dev --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Upload build artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.name }}-payload + retention-days: 7 + include-hidden-files: true + path: . + diff --git a/.github/workflows/jobs/deploy.yml b/.github/workflows/jobs/deploy.yml new file mode 100644 index 00000000..23c629e5 --- /dev/null +++ b/.github/workflows/jobs/deploy.yml @@ -0,0 +1,31 @@ +name: Deploy + +on: + workflow_call: + inputs: + name: + required: true + type: string + url: + required: true + type: string + +permissions: + contents: read + +jobs: + deploy: + runs-on: ubuntu-latest + needs: build + environment: + name: ${{ inputs.name }} + url: ${{ inputs.url }} + + steps: + - name: Download build artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.name }}-payload + + # TODO: Implement deployment + diff --git a/.github/workflows/eslint.yml b/.github/workflows/jobs/eslint.yml similarity index 78% rename from .github/workflows/eslint.yml rename to .github/workflows/jobs/eslint.yml index 86e33914..6999924d 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/jobs/eslint.yml @@ -20,10 +20,14 @@ jobs: node-version-file: .nvmrc cache: "npm" - - name: Cache node modules + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies uses: actions/cache@v4 with: - path: ~/.npm + path: ${{ steps.npm-cache-dir.outputs.dir }} key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- diff --git a/.github/workflows/jest.yml b/.github/workflows/jobs/jest.yml similarity index 78% rename from .github/workflows/jest.yml rename to .github/workflows/jobs/jest.yml index dd3df768..290c547b 100644 --- a/.github/workflows/jest.yml +++ b/.github/workflows/jobs/jest.yml @@ -20,10 +20,14 @@ jobs: node-version-file: .nvmrc cache: "npm" - - name: Cache node modules + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies uses: actions/cache@v4 with: - path: ~/.npm + path: ${{ steps.npm-cache-dir.outputs.dir }} key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- diff --git a/.github/workflows/phpcs.yml b/.github/workflows/jobs/phpcs.yml similarity index 76% rename from .github/workflows/phpcs.yml rename to .github/workflows/jobs/phpcs.yml index fa2dc590..176367a9 100644 --- a/.github/workflows/phpcs.yml +++ b/.github/workflows/jobs/phpcs.yml @@ -29,14 +29,17 @@ jobs: - name: Validate Theme composer.json and composer.lock run: composer validate --strict --working-dir=themes/10up-theme - - name: Cache Composer packages + - name: Get Composer Cache Directory id: composer-cache - uses: actions/cache@v3 + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 with: - path: vendor - key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-php- + ${{ runner.os }}-composer- - name: Install Root dependencies run: composer install --prefer-dist --no-progress diff --git a/.github/workflows/phpstan.yml b/.github/workflows/jobs/phpstan.yml similarity index 78% rename from .github/workflows/phpstan.yml rename to .github/workflows/jobs/phpstan.yml index cbcfcec3..c9bed499 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/jobs/phpstan.yml @@ -29,14 +29,17 @@ jobs: - name: Validate Theme composer.json and composer.lock run: composer validate --strict --working-dir=themes/10up-theme - - name: Cache Composer packages + - name: Get Composer Cache Directory id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies uses: actions/cache@v4 with: - path: vendor - key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-php- + ${{ runner.os }}-composer- - name: Install Root dependencies run: composer install --prefer-dist --no-progress diff --git a/.github/workflows/stylelint.yml b/.github/workflows/jobs/stylelint.yml similarity index 78% rename from .github/workflows/stylelint.yml rename to .github/workflows/jobs/stylelint.yml index 1500861e..12281a43 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/jobs/stylelint.yml @@ -20,10 +20,14 @@ jobs: node-version-file: .nvmrc cache: "npm" - - name: Cache node modules + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies uses: actions/cache@v4 with: - path: ~/.npm + path: ${{ steps.npm-cache-dir.outputs.dir }} key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- diff --git a/.github/workflows/truffle-hog.yml b/.github/workflows/jobs/truffle-hog.yml similarity index 100% rename from .github/workflows/truffle-hog.yml rename to .github/workflows/jobs/truffle-hog.yml diff --git a/.github/workflows/virus-scan.yml b/.github/workflows/jobs/virus-scan.yml similarity index 77% rename from .github/workflows/virus-scan.yml rename to .github/workflows/jobs/virus-scan.yml index fe444879..a7b0c921 100644 --- a/.github/workflows/virus-scan.yml +++ b/.github/workflows/jobs/virus-scan.yml @@ -29,14 +29,17 @@ jobs: - name: Validate Theme composer.json and composer.lock run: composer validate --strict --working-dir=themes/10up-theme - - name: Cache Composer packages + - name: Get Composer Cache Directory id: composer-cache - uses: actions/cache@v3 + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 with: - path: vendor - key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-php- + ${{ runner.os }}-composer- - name: Install Root dependencies run: composer install --prefer-dist --no-progress diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml new file mode 100644 index 00000000..19734f34 --- /dev/null +++ b/.github/workflows/production.yml @@ -0,0 +1,22 @@ +name: Deploy to Production + +on: + push: + branches: + - trunk + +jobs: + lint: + uses: ./.github/workflows/jobs/coding-standards.yml + + test: + uses: ./.github/workflows/jobs/code-quality.yml + + build: + uses: ./.github/workflows/jobs/build.yml + + deploy: + uses: ./.github/workflows/jobs/deploy.yml + with: + name: production + url: https://www.fueled.com diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 00000000..76e53f46 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,22 @@ +name: Deploy to Staging + +on: + push: + branches: + - staging + +jobs: + lint: + uses: ./.github/workflows/jobs/coding-standards.yml + + test: + uses: ./.github/workflows/jobs/code-quality.yml + + build: + uses: ./.github/workflows/jobs/build.yml + + deploy: + uses: ./.github/workflows/jobs/deploy.yml + with: + name: staging + url: https://staging.fueled.com From cc0ff92073ce1efde60a7ab5c23ba152a07a1567 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:39:23 +0200 Subject: [PATCH 03/10] Create dependecies --- .github/workflows/coding-standards.yml | 3 +++ .github/workflows/develop.yml | 3 +++ .github/workflows/production.yml | 3 +++ .github/workflows/staging.yml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index 5d9ae490..cb5e04d9 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -10,6 +10,9 @@ jobs: eslint: uses: ./.github/workflows/jobs/eslint.yml + jest: + uses: ./.github/workflows/jobs/jest.yml + phpcs: uses: ./.github/workflows/jobs/phpcs.yml diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index 355324b5..10e118a1 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -11,12 +11,15 @@ jobs: test: uses: ./.github/workflows/jobs/code-quality.yml + needs: lint build: uses: ./.github/workflows/jobs/build.yml + needs: test deploy: uses: ./.github/workflows/jobs/deploy.yml + needs: build with: name: develop url: https://develop.fueled.com diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index 19734f34..eef550bf 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -11,12 +11,15 @@ jobs: test: uses: ./.github/workflows/jobs/code-quality.yml + needs: lint build: uses: ./.github/workflows/jobs/build.yml + needs: test deploy: uses: ./.github/workflows/jobs/deploy.yml + needs: build with: name: production url: https://www.fueled.com diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 76e53f46..e7501e30 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -11,12 +11,15 @@ jobs: test: uses: ./.github/workflows/jobs/code-quality.yml + needs: lint build: uses: ./.github/workflows/jobs/build.yml + needs: test deploy: uses: ./.github/workflows/jobs/deploy.yml + needs: build with: name: staging url: https://staging.fueled.com From b3d2f8efadc883230cd927d157e8d46dfffd0ed3 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:45:22 +0200 Subject: [PATCH 04/10] Change cache key --- .github/workflows/jobs/build.yml | 4 ++-- .github/workflows/jobs/phpcs.yml | 4 ++-- .github/workflows/jobs/phpstan.yml | 4 ++-- .github/workflows/jobs/virus-scan.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/jobs/build.yml b/.github/workflows/jobs/build.yml index 730acefd..b712fbda 100644 --- a/.github/workflows/jobs/build.yml +++ b/.github/workflows/jobs/build.yml @@ -62,9 +62,9 @@ jobs: uses: actions/cache@v4 with: path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-composer- + ${{ runner.os }}-php- - name: PHP Version run: php -v diff --git a/.github/workflows/jobs/phpcs.yml b/.github/workflows/jobs/phpcs.yml index 176367a9..dad4b89f 100644 --- a/.github/workflows/jobs/phpcs.yml +++ b/.github/workflows/jobs/phpcs.yml @@ -37,9 +37,9 @@ jobs: uses: actions/cache@v4 with: path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-composer- + ${{ runner.os }}-php- - name: Install Root dependencies run: composer install --prefer-dist --no-progress diff --git a/.github/workflows/jobs/phpstan.yml b/.github/workflows/jobs/phpstan.yml index c9bed499..140e3a4e 100644 --- a/.github/workflows/jobs/phpstan.yml +++ b/.github/workflows/jobs/phpstan.yml @@ -37,9 +37,9 @@ jobs: uses: actions/cache@v4 with: path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-composer- + ${{ runner.os }}-php- - name: Install Root dependencies run: composer install --prefer-dist --no-progress diff --git a/.github/workflows/jobs/virus-scan.yml b/.github/workflows/jobs/virus-scan.yml index a7b0c921..4b0a567d 100644 --- a/.github/workflows/jobs/virus-scan.yml +++ b/.github/workflows/jobs/virus-scan.yml @@ -37,9 +37,9 @@ jobs: uses: actions/cache@v4 with: path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | - ${{ runner.os }}-composer- + ${{ runner.os }}-php- - name: Install Root dependencies run: composer install --prefer-dist --no-progress From 0792d685eec8bd9c72c9fc1948a3573d98ebb79a Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:49:51 +0200 Subject: [PATCH 05/10] Fix paths --- .github/workflows/develop.yml | 4 ++-- .github/workflows/production.yml | 4 ++-- .github/workflows/staging.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index 10e118a1..d9690775 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -7,10 +7,10 @@ on: jobs: lint: - uses: ./.github/workflows/jobs/coding-standards.yml + uses: ./.github/workflows/coding-standards.yml test: - uses: ./.github/workflows/jobs/code-quality.yml + uses: ./.github/workflows/code-quality.yml needs: lint build: diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index eef550bf..02a7456b 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -7,10 +7,10 @@ on: jobs: lint: - uses: ./.github/workflows/jobs/coding-standards.yml + uses: ./.github/workflows/coding-standards.yml test: - uses: ./.github/workflows/jobs/code-quality.yml + uses: ./.github/workflows/code-quality.yml needs: lint build: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index e7501e30..7e5f00e0 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -7,10 +7,10 @@ on: jobs: lint: - uses: ./.github/workflows/jobs/coding-standards.yml + uses: ./.github/workflows/coding-standards.yml test: - uses: ./.github/workflows/jobs/code-quality.yml + uses: ./.github/workflows/code-quality.yml needs: lint build: From 904922b2146b257f3d9db45b4de39f44e343d680 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:53:14 +0200 Subject: [PATCH 06/10] Permissions and concurrency --- .github/workflows/{jobs => }/build.yml | 3 --- .github/workflows/code-quality.yml | 7 +++++++ .github/workflows/coding-standards.yml | 7 +++++++ .github/workflows/{jobs => }/deploy.yml | 3 --- .github/workflows/develop.yml | 11 +++++++++-- .github/workflows/{jobs => }/eslint.yml | 3 --- .github/workflows/{jobs => }/jest.yml | 3 --- .github/workflows/{jobs => }/phpcs.yml | 3 --- .github/workflows/{jobs => }/phpstan.yml | 3 --- .github/workflows/production.yml | 11 +++++++++-- .github/workflows/staging.yml | 11 +++++++++-- .github/workflows/{jobs => }/stylelint.yml | 3 --- .github/workflows/{jobs => }/truffle-hog.yml | 3 --- .github/workflows/{jobs => }/virus-scan.yml | 3 --- 14 files changed, 41 insertions(+), 33 deletions(-) rename .github/workflows/{jobs => }/build.yml (98%) rename .github/workflows/{jobs => }/deploy.yml (94%) rename .github/workflows/{jobs => }/eslint.yml (97%) rename .github/workflows/{jobs => }/jest.yml (96%) rename .github/workflows/{jobs => }/phpcs.yml (98%) rename .github/workflows/{jobs => }/phpstan.yml (98%) rename .github/workflows/{jobs => }/stylelint.yml (97%) rename .github/workflows/{jobs => }/truffle-hog.yml (97%) rename .github/workflows/{jobs => }/virus-scan.yml (98%) diff --git a/.github/workflows/jobs/build.yml b/.github/workflows/build.yml similarity index 98% rename from .github/workflows/jobs/build.yml rename to .github/workflows/build.yml index b712fbda..954ef1d9 100644 --- a/.github/workflows/jobs/build.yml +++ b/.github/workflows/build.yml @@ -3,9 +3,6 @@ name: Build on: workflow_call: -permissions: - contents: read - jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index a1510856..6815cce7 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -3,6 +3,13 @@ name: Code Quality on: pull_request: +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: trufflehog: uses: ./.github/workflows/jobs/truffle-hog.yml diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index cb5e04d9..f26ba8b6 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -3,6 +3,13 @@ name: Coding Standards on: pull_request: +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: stylelint: uses: ./.github/workflows/jobs/stylelint.yml diff --git a/.github/workflows/jobs/deploy.yml b/.github/workflows/deploy.yml similarity index 94% rename from .github/workflows/jobs/deploy.yml rename to .github/workflows/deploy.yml index 23c629e5..693aa274 100644 --- a/.github/workflows/jobs/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,9 +10,6 @@ on: required: true type: string -permissions: - contents: read - jobs: deploy: runs-on: ubuntu-latest diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index d9690775..e41a59a7 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -5,6 +5,13 @@ on: branches: - develop +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: lint: uses: ./.github/workflows/coding-standards.yml @@ -14,11 +21,11 @@ jobs: needs: lint build: - uses: ./.github/workflows/jobs/build.yml + uses: ./.github/workflows/build.yml needs: test deploy: - uses: ./.github/workflows/jobs/deploy.yml + uses: ./.github/workflows/deploy.yml needs: build with: name: develop diff --git a/.github/workflows/jobs/eslint.yml b/.github/workflows/eslint.yml similarity index 97% rename from .github/workflows/jobs/eslint.yml rename to .github/workflows/eslint.yml index 6999924d..013ccc64 100644 --- a/.github/workflows/jobs/eslint.yml +++ b/.github/workflows/eslint.yml @@ -3,9 +3,6 @@ name: JavaScript Coding Standards on: workflow_call: -permissions: - contents: read - jobs: eslint: runs-on: ubuntu-latest diff --git a/.github/workflows/jobs/jest.yml b/.github/workflows/jest.yml similarity index 96% rename from .github/workflows/jobs/jest.yml rename to .github/workflows/jest.yml index 290c547b..88a1e79d 100644 --- a/.github/workflows/jobs/jest.yml +++ b/.github/workflows/jest.yml @@ -3,9 +3,6 @@ name: JavaScript Unit Tests on: workflow_call: -permissions: - contents: read - jobs: jest: runs-on: ubuntu-latest diff --git a/.github/workflows/jobs/phpcs.yml b/.github/workflows/phpcs.yml similarity index 98% rename from .github/workflows/jobs/phpcs.yml rename to .github/workflows/phpcs.yml index dad4b89f..e46cc6e2 100644 --- a/.github/workflows/jobs/phpcs.yml +++ b/.github/workflows/phpcs.yml @@ -3,9 +3,6 @@ name: PHP Coding Standards on: workflow_call: -permissions: - contents: read - jobs: phpcs: runs-on: ubuntu-latest diff --git a/.github/workflows/jobs/phpstan.yml b/.github/workflows/phpstan.yml similarity index 98% rename from .github/workflows/jobs/phpstan.yml rename to .github/workflows/phpstan.yml index 140e3a4e..a0f9d417 100644 --- a/.github/workflows/jobs/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -3,9 +3,6 @@ name: PHP Static Analysis on: workflow_call: -permissions: - contents: read - jobs: phpstan: runs-on: ubuntu-latest diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index 02a7456b..23c7d0ee 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -5,6 +5,13 @@ on: branches: - trunk +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: lint: uses: ./.github/workflows/coding-standards.yml @@ -14,11 +21,11 @@ jobs: needs: lint build: - uses: ./.github/workflows/jobs/build.yml + uses: ./.github/workflows/build.yml needs: test deploy: - uses: ./.github/workflows/jobs/deploy.yml + uses: ./.github/workflows/deploy.yml needs: build with: name: production diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 7e5f00e0..8e5e5c74 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -5,6 +5,13 @@ on: branches: - staging +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: lint: uses: ./.github/workflows/coding-standards.yml @@ -14,11 +21,11 @@ jobs: needs: lint build: - uses: ./.github/workflows/jobs/build.yml + uses: ./.github/workflows/build.yml needs: test deploy: - uses: ./.github/workflows/jobs/deploy.yml + uses: ./.github/workflows/deploy.yml needs: build with: name: staging diff --git a/.github/workflows/jobs/stylelint.yml b/.github/workflows/stylelint.yml similarity index 97% rename from .github/workflows/jobs/stylelint.yml rename to .github/workflows/stylelint.yml index 12281a43..a77fc740 100644 --- a/.github/workflows/jobs/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -3,9 +3,6 @@ name: CSS Coding Standards on: workflow_call: -permissions: - contents: read - jobs: stylelint: runs-on: ubuntu-latest diff --git a/.github/workflows/jobs/truffle-hog.yml b/.github/workflows/truffle-hog.yml similarity index 97% rename from .github/workflows/jobs/truffle-hog.yml rename to .github/workflows/truffle-hog.yml index 05ae45c9..d26e8293 100644 --- a/.github/workflows/jobs/truffle-hog.yml +++ b/.github/workflows/truffle-hog.yml @@ -3,9 +3,6 @@ name: Secret Scanning on: workflow_call: -permissions: - contents: read - jobs: trufflehog: runs-on: ubuntu-latest diff --git a/.github/workflows/jobs/virus-scan.yml b/.github/workflows/virus-scan.yml similarity index 98% rename from .github/workflows/jobs/virus-scan.yml rename to .github/workflows/virus-scan.yml index 4b0a567d..aa397973 100644 --- a/.github/workflows/jobs/virus-scan.yml +++ b/.github/workflows/virus-scan.yml @@ -3,9 +3,6 @@ name: Virus Scan on: workflow_call: -permissions: - contents: read - jobs: virus-scan: runs-on: ubuntu-latest From e680a7c7e57077df6b5be94dd77f6f1c18a68e0e Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:55:53 +0200 Subject: [PATCH 07/10] Remove deps and nesting --- .github/workflows/code-quality.yml | 4 ++-- .github/workflows/coding-standards.yml | 10 +++++----- .github/workflows/deploy.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 6815cce7..ed377e59 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -12,7 +12,7 @@ concurrency: jobs: trufflehog: - uses: ./.github/workflows/jobs/truffle-hog.yml + uses: ./.github/workflows/truffle-hog.yml virus-scan: - uses: ./.github/workflows/jobs/virus-scan.yml \ No newline at end of file + uses: ./.github/workflows/virus-scan.yml \ No newline at end of file diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index f26ba8b6..8a53b040 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -12,16 +12,16 @@ concurrency: jobs: stylelint: - uses: ./.github/workflows/jobs/stylelint.yml + uses: ./.github/workflows/stylelint.yml eslint: - uses: ./.github/workflows/jobs/eslint.yml + uses: ./.github/workflows/eslint.yml jest: - uses: ./.github/workflows/jobs/jest.yml + uses: ./.github/workflows/jest.yml phpcs: - uses: ./.github/workflows/jobs/phpcs.yml + uses: ./.github/workflows/phpcs.yml phpstan: - uses: ./.github/workflows/jobs/phpstan.yml + uses: ./.github/workflows/phpstan.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 693aa274..01ccfd24 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ on: jobs: deploy: runs-on: ubuntu-latest - needs: build + environment: name: ${{ inputs.name }} url: ${{ inputs.url }} From b4d0b023abe1afe2bdb0f1b12af7f1a7664bc33d Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 10:59:23 +0200 Subject: [PATCH 08/10] Permissions for single jobs --- .github/workflows/build.yml | 3 +++ .github/workflows/deploy.yml | 5 ++++- .github/workflows/eslint.yml | 3 +++ .github/workflows/jest.yml | 3 +++ .github/workflows/phpcs.yml | 3 +++ .github/workflows/phpstan.yml | 3 +++ .github/workflows/stylelint.yml | 3 +++ .github/workflows/truffle-hog.yml | 3 +++ .github/workflows/virus-scan.yml | 3 +++ 9 files changed, 28 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 954ef1d9..b712fbda 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,6 +3,9 @@ name: Build on: workflow_call: +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 01ccfd24..d884c6be 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,10 +10,13 @@ on: required: true type: string +permissions: + contents: read + jobs: deploy: runs-on: ubuntu-latest - + environment: name: ${{ inputs.name }} url: ${{ inputs.url }} diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 013ccc64..6999924d 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -3,6 +3,9 @@ name: JavaScript Coding Standards on: workflow_call: +permissions: + contents: read + jobs: eslint: runs-on: ubuntu-latest diff --git a/.github/workflows/jest.yml b/.github/workflows/jest.yml index 88a1e79d..290c547b 100644 --- a/.github/workflows/jest.yml +++ b/.github/workflows/jest.yml @@ -3,6 +3,9 @@ name: JavaScript Unit Tests on: workflow_call: +permissions: + contents: read + jobs: jest: runs-on: ubuntu-latest diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml index e46cc6e2..dad4b89f 100644 --- a/.github/workflows/phpcs.yml +++ b/.github/workflows/phpcs.yml @@ -3,6 +3,9 @@ name: PHP Coding Standards on: workflow_call: +permissions: + contents: read + jobs: phpcs: runs-on: ubuntu-latest diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index a0f9d417..140e3a4e 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -3,6 +3,9 @@ name: PHP Static Analysis on: workflow_call: +permissions: + contents: read + jobs: phpstan: runs-on: ubuntu-latest diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml index a77fc740..12281a43 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -3,6 +3,9 @@ name: CSS Coding Standards on: workflow_call: +permissions: + contents: read + jobs: stylelint: runs-on: ubuntu-latest diff --git a/.github/workflows/truffle-hog.yml b/.github/workflows/truffle-hog.yml index d26e8293..05ae45c9 100644 --- a/.github/workflows/truffle-hog.yml +++ b/.github/workflows/truffle-hog.yml @@ -3,6 +3,9 @@ name: Secret Scanning on: workflow_call: +permissions: + contents: read + jobs: trufflehog: runs-on: ubuntu-latest diff --git a/.github/workflows/virus-scan.yml b/.github/workflows/virus-scan.yml index aa397973..4b0a567d 100644 --- a/.github/workflows/virus-scan.yml +++ b/.github/workflows/virus-scan.yml @@ -3,6 +3,9 @@ name: Virus Scan on: workflow_call: +permissions: + contents: read + jobs: virus-scan: runs-on: ubuntu-latest From 50a9bc5acf8b51627a5b5da5d79ea7ca362070f7 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 11:07:03 +0200 Subject: [PATCH 09/10] validate composer file --- .github/workflows/build.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b712fbda..84f2a1d7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -54,6 +54,15 @@ jobs: coverage: none tools: composer:v2 + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + - name: Get Composer cache directory id: composer-cache run: echo "dir=$(composer config cache-files-dir)" >> ${GITHUB_OUTPUT} From 21036b739765acd5d6f6e10ca9a42556c50b1c18 Mon Sep 17 00:00:00 2001 From: Clayton Collie Date: Thu, 31 Jul 2025 11:52:46 +0200 Subject: [PATCH 10/10] Code review fixes --- .github/workflows/build.yml | 5 +---- .github/workflows/develop.yml | 2 +- .github/workflows/eslint.yml | 5 +---- .github/workflows/jest.yml | 5 +---- .github/workflows/production.yml | 2 +- .github/workflows/staging.yml | 2 +- .github/workflows/stylelint.yml | 5 +---- 7 files changed, 7 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 84f2a1d7..de6bb94c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,14 +35,11 @@ jobs: - name: Check Node version run: node -v - - name: Setup NPM - run: npm install -g npm@latest - - name: Check Node version run: npm -v - name: Install Node dependencies - run: npm install + run: npm ci - name: Build JavaScript run: npm run build diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index e41a59a7..5bef64fe 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -29,4 +29,4 @@ jobs: needs: build with: name: develop - url: https://develop.fueled.com + url: https://develop.example.com diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 6999924d..cbeea7da 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -35,14 +35,11 @@ jobs: - name: Check Node version run: node -v - - name: Setup NPM - run: npm install -g npm@latest - - name: Check NPM version run: npm -v - name: Install dependencies - run: npm install + run: npm ci - name: Run Lint JS run: npm run lint-js diff --git a/.github/workflows/jest.yml b/.github/workflows/jest.yml index 290c547b..2293f6df 100644 --- a/.github/workflows/jest.yml +++ b/.github/workflows/jest.yml @@ -35,14 +35,11 @@ jobs: - name: Check Node version run: node -v - - name: Setup NPM - run: npm install -g npm@latest - - name: Check NPM version run: npm -v - name: Install dependencies - run: npm install + run: npm ci - name: Run Jest run: npm run test diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index 23c7d0ee..37a168de 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -29,4 +29,4 @@ jobs: needs: build with: name: production - url: https://www.fueled.com + url: https://www.example.com diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 8e5e5c74..3519218f 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -29,4 +29,4 @@ jobs: needs: build with: name: staging - url: https://staging.fueled.com + url: https://staging.example.com diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml index 12281a43..01f96c85 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -35,14 +35,11 @@ jobs: - name: Check Node version run: node -v - - name: Setup NPM - run: npm install -g npm@latest - - name: Check NPM version run: npm -v - name: Install dependencies - run: npm install + run: npm ci - name: Run Lint Style run: npm run lint-style