From 1acc0b6052bfd7838443e61ba48609b2bf73fa2c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 6 May 2026 06:58:48 +0000 Subject: [PATCH 1/3] Initial plan From 41cedd9aa9174ae1b5bc1edbdda48e00ab3135fc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 6 May 2026 07:03:17 +0000 Subject: [PATCH 2/3] Add WordPress agent-skills: copilot-setup-steps, npm script, and install helper Agent-Logs-Url: https://github.com/WPBoilerplate/wordpress-plugin-boilerplate/sessions/1f21c354-ec71-4f6d-9dae-052f895339b5 Co-authored-by: raftaar1191 <22215595+raftaar1191@users.noreply.github.com> --- .github/workflows/copilot-setup-steps.yml | 45 +++++++++++++++++++++++ .gitignore | 3 ++ package.json | 3 +- scripts/install-agent-skills.sh | 35 ++++++++++++++++++ 4 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/copilot-setup-steps.yml create mode 100755 scripts/install-agent-skills.sh diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml new file mode 100644 index 0000000..869db32 --- /dev/null +++ b/.github/workflows/copilot-setup-steps.yml @@ -0,0 +1,45 @@ +name: "Copilot Setup Steps" + +# Automatically run the setup steps when they are changed to allow for easy validation, and +# allow manual testing through the repository's "Actions" tab +on: + workflow_dispatch: + push: + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml + +jobs: + # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot. + copilot-setup-steps: + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: "20" + cache: "npm" + + - name: Install Node.js dependencies + run: npm ci + + - name: Set up PHP + uses: shivammathur/setup-php@v2 + with: + php-version: "8.1" + tools: composer + + - name: Install PHP dependencies + run: composer install --no-dev --optimize-autoloader + + - name: Fetch and install latest WordPress agent skills + run: bash scripts/install-agent-skills.sh "${GITHUB_WORKSPACE}" diff --git a/.gitignore b/.gitignore index db27c0d..011977e 100644 --- a/.gitignore +++ b/.gitignore @@ -63,6 +63,9 @@ contributors.md # WP ENV /.wp-env.override.json +# Agent Skills (auto-generated – run `npm run skills:install` to refresh) +/.github/skills/ + # Screenshots /screenshots/ diff --git a/package.json b/package.json index 8ac0c47..26e00a1 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "env:stop": "wp-env stop", "env:restart": "wp-env stop && wp-env start", "env:clean": "wp-env clean all", - "env:reset": "wp-env destroy && wp-env start" + "env:reset": "wp-env destroy && wp-env start", + "skills:install": "bash scripts/install-agent-skills.sh" }, "devDependencies": { "@wordpress/env": "latest", diff --git a/scripts/install-agent-skills.sh b/scripts/install-agent-skills.sh new file mode 100755 index 0000000..2e3adb4 --- /dev/null +++ b/scripts/install-agent-skills.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# Fetches the latest WordPress agent skills and installs them into .github/skills/ +# so that VS Code and GitHub Copilot can discover them automatically. +# +# Usage: +# bash scripts/install-agent-skills.sh [dest] +# +# dest Path to the repository root (defaults to the directory containing this +# script's parent, i.e. the repo root when run from any location). + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DEST="${1:-"$(dirname "$SCRIPT_DIR")"}" +WORK_DIR="/tmp/agent-skills" + +echo "==> Cleaning up previous agent-skills clone (if any)..." +rm -rf "$WORK_DIR" + +echo "==> Cloning latest WordPress agent skills..." +git clone --depth=1 https://github.com/WordPress/agent-skills.git "$WORK_DIR" + +echo "==> Building skillpack for VS Code / GitHub Copilot..." +node "$WORK_DIR/shared/scripts/skillpack-build.mjs" \ + --out="$WORK_DIR/dist" \ + --clean \ + --targets=vscode + +echo "==> Installing skills into ${DEST}/.github/skills/ ..." +node "$WORK_DIR/shared/scripts/skillpack-install.mjs" \ + --from="$WORK_DIR/dist" \ + --dest="$DEST" \ + --targets=vscode + +echo "==> Done. Skills are available in ${DEST}/.github/skills/" From 95bc20caec6d5fbab78940d88e0da4cec4b58e2b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 6 May 2026 07:07:10 +0000 Subject: [PATCH 3/3] Fix: upgrade glob to 11.1.0 to patch CLI command-injection CVE Agent-Logs-Url: https://github.com/WPBoilerplate/wordpress-plugin-boilerplate/sessions/1f21c354-ec71-4f6d-9dae-052f895339b5 Co-authored-by: raftaar1191 <22215595+raftaar1191@users.noreply.github.com> --- package-lock.json | 71 ++++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 37 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index f80a34c..f2a50fd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "@wordpress/scripts": "latest", "@wordpress/stylelint-config": "^23.23.0", "copy-webpack-plugin": "latest", - "glob": "latest", + "glob": "^11.1.0", "mini-css-extract-plugin": "latest", "path": "latest", "webpack-fix-style-only-entries": "latest", @@ -2779,29 +2779,6 @@ } } }, - "node_modules/@isaacs/balanced-match": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz", - "integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": "20 || >=22" - } - }, - "node_modules/@isaacs/brace-expansion": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz", - "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@isaacs/balanced-match": "^4.0.1" - }, - "engines": { - "node": "20 || >=22" - } - }, "node_modules/@isaacs/cliui": { "version": "8.0.2", "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", @@ -12054,15 +12031,16 @@ } }, "node_modules/glob": { - "version": "11.0.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.3.tgz", - "integrity": "sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==", + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz", + "integrity": "sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==", + "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", "dev": true, - "license": "ISC", + "license": "BlueOak-1.0.0", "dependencies": { "foreground-child": "^3.3.1", "jackspeak": "^4.1.1", - "minimatch": "^10.0.3", + "minimatch": "^10.1.1", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^2.0.0" @@ -12097,17 +12075,40 @@ "dev": true, "license": "BSD-2-Clause" }, + "node_modules/glob/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/glob/node_modules/brace-expansion": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz", + "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/glob/node_modules/minimatch": { - "version": "10.0.3", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.3.tgz", - "integrity": "sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==", + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", "dev": true, - "license": "ISC", + "license": "BlueOak-1.0.0", "dependencies": { - "@isaacs/brace-expansion": "^5.0.0" + "brace-expansion": "^5.0.5" }, "engines": { - "node": "20 || >=22" + "node": "18 || 20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" diff --git a/package.json b/package.json index 26e00a1..45e7b8d 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "@wordpress/scripts": "latest", "@wordpress/stylelint-config": "^23.23.0", "copy-webpack-plugin": "latest", - "glob": "latest", + "glob": "^11.1.0", "mini-css-extract-plugin": "latest", "path": "latest", "webpack-fix-style-only-entries": "latest",