Port CI/CD, testing, and robustness features from CHIP for Gravity Forms#4
Merged
Conversation
Features ported: - GitHub Actions: plugin-check, deploy, prepare-release, pr-summary, release-zip - Composer dev dependencies: phpunit, wp-mock, phpcs, wpcs - PHPUnit tests for Chip_Givewp_API - PHPCS configuration for WordPress standards - Version bump scripts with AI-generated changelogs - Per-credential keyed API singleton (md5 hash) to prevent cross-contamination - MySQL GET_LOCK verification and duplicate-processing guard - Company UID-based public key caching for webhook verification - Webhook signature fallback to API lookup on verification failure - Cancel URL setting with custom redirect on payment failure - Per-form credential resolution for block-gateway refunds - .gitattributes for clean release ZIPs Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
wzul
force-pushed
the
feature/port-gravity-forms-features
branch
from
ece142f to
2fdd525
Compare
…) tags GiveWP historically uses plain version tags without 'v' prefix. Updated workflows and scripts to handle both conventions: - prepare-release.yml: check for both tag formats, search both for prev tag - deploy.yml: trigger on both tag patterns, extract version from either - bump-version.sh: use plain tag in manual instructions Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The feature/port-gravity-forms-features branch trigger was temporary. Workflow should only run on main branch for production CI. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Align with Gravity Forms template so final echo instructions tell users to create v${VERSION} tags.
- Ported from chip-for-gravity-forms - Includes GiveWP base plugin dependency - Added .wp-env.json to .gitattributes export-ignore
developer.chip-in.asia → docs.chip-in.asia
Adds package-lock.json, yarn.lock, /dist/, /build/, ci-build/, .wordpress-org/, .phpunit.cache, diff.txt, changelog_entry.md.
- Remove .wordpress-org/ from .gitignore (was preventing tracking) - Already present in .gitattributes as export-ignore (excludes from release zip only) - Add all downloaded PNG assets to git tracking
- Version: 1.2.2 → 1.3.0 - Date: 2026-05-19 → 2026-05-29 - Updated in plugin header, constant, readme stable tag, changelog, and test bootstrap
- Remove old 1.2.1 changelog entry from readme.txt - Add GitHub releases link for full changelog history - Keeps changelog.txt as the canonical full changelog
- Fix API singleton description (keyed singleton, not new instance every call) - Add get_company_uid(), cancel_payment(), webhook fallback, company-UID public key caching - Update dev dependency name (10up/wp_mock) - Add .wp-env.json, .wordpress-org/ to file list - Mention new settings fields (chip-due-strict, chip-due-strict-timing, chip-cancel-url) - Update version references from 1.2.2 to 1.3.0
- readme.txt: Requires at least 4.7 → 6.3 - readme.txt: Minimum Requirements WordPress 4.7 → 6.3 - changelog.txt: add entry for WordPress minimum bump - CLAUDE.md: add Minimum WordPress 6.3 line
- Add continue-on-error: true to Plugin Check step - Add comment referencing WordPress/plugin-check-action#579 - TODO: revert once upstream issue is fixed
Tag 1.2.1 (2025-02-07) existed but was missing from changelog.txt: - Fixed - Issue with Option-Based Form Editor where payment info show escaped output. - Fixed - Remove filtering for webhook to prevent unpredictable failure for openssl_verify.
Fixes reported by PHPCS across the entire codebase:
- Added doc comments for all classes, methods, and properties
- Fixed loose comparisons (==/!=) to strict (===/!==)
- Applied Yoda conditions throughout
- Renamed class files to match WordPress naming convention (class-{ClassName}.php)
- Updated all include/require statements for renamed files
- Removed underscore prefix from $instance properties
- Fixed wp_enqueue_script calls to include version and in_footer
- Fixed in_array to use strict comparison
- Replaced stripslashes with wp_kses_post for escaping
- Replaced wp_redirect with wp_safe_redirect
- Fixed inline comments to end with full stops
- Fixed count() inside loop condition
- Added phpcs.xml exclusions for structural constraints (main file name, GiveWP interface params, base64_decode, nonce verification in webhooks, custom capabilities)
- Escaped exception messages properly
After PHPCS rename, bootstrap.php still referenced old filenames.
- Remove chip-send-receipt field from settings UI (global and per-form) - Remove send_receipt param from legacy purchase creation - Remove send_receipt param from block gateway createPayment - Receipt behavior now controlled entirely by CHIP brand configuration
…omizable - getLegacyFormFieldMarkup now reads chip-content setting (same as legacy gateway) - If no custom content is set, uses a better default: 'Complete your donation securely. You will be redirected to CHIP's payment page.' - Output is properly escaped with wp_kses_post - Users can customize the message via Donation Instructions in CHIP settings
- Default value changed from 'Pay with Online Banking/Credit Cards/Debit Cards' to 'Complete your donation securely. You will be redirected to CHIP's payment page to finalize your transaction.' - More professional, clearer about the redirect flow - Users can still customize per form or globally
…ent setting - chip-gateway.js now reads message from gwp_chip_block.content (localized) - enqueueScript passes chip-content setting via wp_localize_script - Falls back to new default if no custom content set - Script version updated to GWP_CHIP_MODULE_VERSION for cache busting
- Remove wordpress/plugin-check-action (upstream issue #579) - Implement manual wp-env + wp plugin-check CLI steps - Uses .wp-env.override.json for CI-specific plugin mapping - Adds explicit plugin activation and container stabilization sleep - Removes continue-on-error since this is a first-class check again
wp plugin-check → wp plugin check (space, not hyphen)
- Rename GIVE_CHIP_ROOT_URL → GWP_CHIP_ROOT_URL (proper plugin prefix) - Fix non-prefixed variables in uninstall.php ( → ) - Add phpcs:ignore comments for nonce verification in listener.php (CHIP callbacks use passphrase, not nonces) - Add phpcs:ignore comments for GiveWP core hooks (give_before_chip_info_fields, give_after_chip_info_fields, give_forms_content_options_select, give_donor-note_email_notification)
Updates the setup-node action from v4 to v6 to stay on the latest supported major version line. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ebar - Adds Option C: a simple sidebar panel in the GiveWP 3.0 Visual Form Builder that links to the existing per-form CHIP settings tab - New JS: chip-gateway-form-builder.js uses Gutenberg addFilter to inject InspectorControls PanelBody with a link button - New PHP action: class-chip-givewp-enqueue-form-builder-scripts.php hooked to givewp_form_builder_enqueue_scripts - No build step required — uses standard WordPress JS packages already loaded in the form builder
Proactive fix for GitHub's Node.js 20 deprecation (removal: Sep 16 2026).
- wp plugin check now uses --format=json with jq parsing - Counts both ERROR and WARNING types; fails if either > 0 - Ignores trademarked_term (wp in plugin name is already published) - Shows human-readable table + JSON summary in logs
Node 24 breaks @wordpress/env environment initialization.
wp-env run cli prepends '✔ Ran...' status messages to stdout, making jq fail. Added grep filter to keep only JSON array/object lines.
All instances are GiveWP core hooks that third-party gateways must use. Added to --ignore-codes alongside trademarked_term.
WP plugin-check returns non-zero even when warnings are filtered via --ignore-codes. Added || true to the JSON capture command so our jq parsing controls the actual CI pass/fail state.
Testing if @wordpress/env is now compatible with Node 24.
Confirmed: Node 24 still causes 'Environment not initialized' in @wordpress/env. Added inline comment with upstream issue reference.
Testing wp-env compatibility with Node 22.
Testing wp-env compatibility with Node 26.
Tested all versions: - Node 20: works - Node 22: works (chosen) - Node 24: broken - Node 26: broken Node 22 is the latest version that doesn't break @wordpress/env.
- wp_safe_redirect only allows local URLs by default (falls back to wp-admin) - Checkout URL (CHIP domain) and Cancel URL (user-configured external) now use wp_redirect() with PHPCS rationale comments - Internal redirects (failed page, success page) keep wp_safe_redirect
- Adds cancel_redirect alongside failure_redirect in both legacy and block gateways - cancel_redirect uses status=cancel (vs status=error for failure) - Listener now detects cancel status in handle_processing() and: - Sets payment status to 'cancelled' (not 'failed') - Redirects to chip-cancel-url or failed page - Removes duplicate form_id/customization/prefix variable declarations
- New field chip-success-url in settings (global and per-form) - Listener redirects to custom success URL after payment completion - Falls back to GiveWP default success page if not configured
…ar description Settings page now grouped into 4 sections: - Credentials (Secret Key, Test Secret Key, Brand ID) - Donation Display (Donation Instructions, Collect Billing Details) - Payment Timing (Due Strict, Due Strict Timing) - Redirects (Success URL, Cancel URL) Form builder sidebar description updated to accurately reflect all available options: credentials, display, timing, redirects.
- class-chipgateway.php: 'unsucessful' → 'unsuccessful' - readme.txt: 'as per documented in' → 'as documented in' - readme.txt: 'To do an automatic install of,' → 'To do an automatic install of CHIP for GiveWP,' - readme.txt: 'Brand ID and Secret Key available' → 'are available' - readme.txt: 'This plugin rely on' → 'This plugin relies on' - readme.txt: 'GIVE_CHIP_ROOT_URL' → 'GWP_CHIP_ROOT_URL'
Add multicheck setting at the bottom of CHIP settings page allowing merchants to restrict available payment methods on CHIP checkout. Valid options: fpx, fpx_b2b1, crypto_coin, dnqr, duitnow_qr, maestro, mastercard, mpgs_apple_pay, mpgs_google_pay, razer, razer_atome, razer_grabpay, razer_maybankqr, razer_shopeepay, razer_tng, shopee_pay, visa. - Setting is optional: if none selected, parameter is omitted. - Applies to both legacy and block gateway purchase creation. - PHPCS auto-fixed array alignment in admin settings. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…tion Replace three separate card checkboxes with one 'Cards (Visa, Mastercard, Maestro)' option in the payment method whitelist. When selected, it expands to the three individual payment methods in the CHIP purchase params. Applies to both legacy and block gateways. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- metabox.js: Remove obsolete chip-send-receipt toggle; add toggles for chip-success-url, chip-cancel-url, chip-payment-method-whitelist so per-form custom fields show/hide correctly in the legacy editor. - changelog.txt/readme.txt: Update with new 1.3.0 features (payment_method_whitelist, success/cancel URL, cancel_redirect, settings reorganization). - class-chipgateway.php: Align getLegacyFormFieldMarkup fallback text with settings default; add trim() to block gateway client.full_name. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this change?
This PR represents a major architectural overhaul for the CHIP for GiveWP plugin (v1.3.0), porting mature infrastructure patterns from the "CHIP for Gravity Forms" codebase to improve security, concurrency handling, and developer experience.
Key Technical Upgrades:
Chip_Givewp_API(renamed toclass-chip-givewp-api.php) now utilizes a keyed instance pattern cached by a hash of the secret key and brand ID. This ensures state isolation and prevents credential leakage in multi-site or multi-brand environments.class-chip-givewp-listener.php) implements MySQLGET_LOCKandRELEASE_LOCKvia$wpdb. This prevents race conditions between simultaneous webhook notifications and customer redirects, ensuring donation records are not duplicated.chip_blockgateway to explicitly implement thePaymentGatewayRefundableinterface, enabling native refund support within the GiveWP 3.x Visual Form Builder.composer.jsonfor dev dependencies and.wp-env.jsonfor Docker-based development.class-api.phptoclass-chip-givewp-api.php).ABSPATHguards to every file and replaced legacysizeof()withcount().Cancel URL,Due Strict, andDue Strict Timingfor finer control over payment expiration.CLAUDE.mdto provide architectural guidance for AI-assisted development.How to test
composer install. Verify the local environment boots usingwp-env start../vendor/bin/phpunitto execute the new test suite and./vendor/bin/phpcsto verify adherence to WP Coding Standards.class-chip-givewp-listener.php) prevents duplicate "Payment Completed" notes.Potential Risks & Review Items
class-purchase.php->class-chip-givewp-purchase.php) will break any third-party code or custom snippets that manuallyincludeorrequireplugin files.GET_LOCKassumes the DB user has permissions to manage locks. While standard for most WordPress hosts, highly restricted environments might behave unexpectedly.gwp_chip_public_key_{uid}).Is this PR safe for automatic approval?
No. This PR introduces database-level locking, a breaking PHP version bump, significant core architectural changes to API handling, and a total restructuring of the file system.
Images
N/A (Backend/Architectural changes)
Related Tasks / PRs
Checklist