diff --git a/.github/renovate-config.js b/.github/renovate-config.js index dc51ad0a1cb8..15aed33a1e75 100644 --- a/.github/renovate-config.js +++ b/.github/renovate-config.js @@ -36,7 +36,7 @@ module.exports = { ignoreScripts: false, gitAuthor: 'Renovate Bot (self-hosted) ', platform: 'github', - repositories: [ 'Automattic/jetpack' ], + repositories: [ 'anomiex/jetpack' ], // Extra code to run before creating a commit. allowedCommands: [ monorepoBase + '.github/files/renovate-post-upgrade-run.sh' ], diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6b898048ea46..a4ef7bee5e0a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -177,5 +177,5 @@ }, dependencyDashboardTitle: 'Renovate Dependency Updates', dependencyDashboardLabels: [ 'Primary Issue', '[Type] Janitorial' ], - dependencyDashboardFooter: 'The bot runs every two hours, and may be monitored or triggered ahead of schedule [here](https://github.com/Automattic/jetpack/actions/workflows/renovate.yml).', + dependencyDashboardFooter: 'The bot runs every two hours, and may be monitored or triggered ahead of schedule [here](https://github.com/anomiex/jetpack/actions/workflows/renovate.yml).', } diff --git a/.github/workflows/autotagger.yml b/.github/workflows/autotagger.yml deleted file mode 100644 index 1dd395805f54..000000000000 --- a/.github/workflows/autotagger.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: Monorepo Auto-tagger - -on: - push: - branches: - - trunk - - prerelease - - '*/branch-*' - -jobs: - tag: - name: Tag - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - - name: Fetch tags, shallowly and blobless - run: | - git fetch --depth=1 --filter=blob:none origin 'refs/tags/*:refs/tags/*' - - - name: Determine needed tags - id: get-tags - run: | - REF=${GITHUB_REF#refs/heads/} - if [[ "$REF" == */branch-* ]]; then - PROJECTS="$(jq -r --arg P "${REF%%/branch-*}" '.extra["release-branch-prefix"] | if type == "array" then . else [ . ] end | if index( $P ) then input_filename | match( "^projects/([^/]+/[^/]+)/composer.json$" ).captures[0].string else empty end' projects/*/*/composer.json)" - if [[ -n "$PROJECTS" ]]; then - echo "Branch $REF seems to be a release branch, checking matching projects." - else - echo "::notice::Branch $REF seems to be a release branch, but nothing uses that prefix so not checking any projects." - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - else - PROJECTS="$(jq -r 'if .extra["release-branch-prefix"] then empty else input_filename | match( "^projects/([^/]+/[^/]+)/composer.json$" ).captures[0].string end' projects/*/*/composer.json)" - if [[ -n "$PROJECTS" ]]; then - echo "Branch $REF is not a release branch, checking only projects without a release-branch-prefix." - else - echo "::notice::Branch $REF is not a release branch, but somehow no projects lack a release-branch-prefix?" - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - fi - - TAGS=() - while IFS= read -r SLUG; do - echo "Checking $SLUG..." - cd "$GITHUB_WORKSPACE/projects/$SLUG" - - CHANGES_DIR=$(jq -r '.extra.changelogger["changes-dir"] // "changelog"' composer.json) - if [[ ! -d "$CHANGES_DIR" || -n "$(ls -- "$CHANGES_DIR")" ]]; then - echo " Project $SLUG has changes in projects/$SLUG/$CHANGES_DIR/, not tagging." - continue - fi - - VER=$(sed -nEe 's/^## \[?([^]]*)\]? - .*/\1/;T;p;q' CHANGELOG.md || true) - echo " Version from changelog is ${VER:-}" - if [[ "$VER" =~ ^[0-9]+(\.[0-9]+)+$ ]]; then - if [[ -n "$( git tag -l "$SLUG@$VER" )" ]]; then - echo " Version $VER is already tagged" - else - echo " Version $VER ok to tag" - TAGS+=( "$SLUG@$VER" ) - fi - else - echo " Not tagging version $VER" - fi - done <<<"$PROJECTS" - - if [[ ${#TAGS[@]} -eq 0 ]]; then - echo "::notice::Nothing to tag." - echo "any=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - - printf "%s\n" "${TAGS[@]}" > "$GITHUB_WORKSPACE/to-tag.txt" - echo "any=true" >> "$GITHUB_OUTPUT" - - - name: Wait for prior instances of the workflow to finish - if: steps.get-tags.outputs.any == 'true' - uses: ./.github/actions/turnstile - with: - # Tagging should be reasonably quick, so poll more frequently. - poll-interval: 15 - - - name: Fetch tags, shallowly and blobless - if: steps.get-tags.outputs.any == 'true' - run: | - git fetch --force --depth=1 --filter=blob:none origin 'refs/tags/*:refs/tags/*' - - - name: Tag projects - if: steps.get-tags.outputs.any == 'true' - run: | - export GIT_AUTHOR_NAME=matticbot - export GIT_AUTHOR_EMAIL=matticbot@users.noreply.github.com - export GIT_COMMITTER_NAME=matticbot - export GIT_COMMITTER_EMAIL=matticbot@users.noreply.github.com - - EXIT=0 - echo "Creating tags..." - TOPUSH=() - while IFS= read -r T; do - if git tag "$T"; then - TOPUSH+=( "$T" ) - fi - done < "$GITHUB_WORKSPACE/to-tag.txt" - - if [[ ${#TOPUSH[@]} -gt 0 ]]; then - echo "Pushing tags..." - # GitHub has a limit on the number of tags that can be updated in a single push. So do them in batches. - # See https://github.blog/changelog/2022-06-15-block-potentially-destructive-git-pushes/ - DONE=() - while [[ ${#TOPUSH[@]} -gt 0 ]]; do - BATCH=( "${TOPUSH[@]:0:5}" ) - if git push origin "${BATCH[@]}"; then - DONE+=( "${BATCH[@]}" ) - else - echo "::error::Failed to create tags: ${BATCH[*]}" - EXIT=1 - fi - TOPUSH=( "${TOPUSH[@]:5}" ) - done - if [[ ${#DONE[@]} -gt 0 ]]; then - echo "::notice::Created tags: ${DONE[*]}" - fi - else - echo "::notice::No tags needed creation." - fi - exit $EXIT diff --git a/.github/workflows/build-docker-monorepo.yml b/.github/workflows/build-docker-monorepo.yml deleted file mode 100644 index 6dde5304d159..000000000000 --- a/.github/workflows/build-docker-monorepo.yml +++ /dev/null @@ -1,202 +0,0 @@ -name: Build Monorepo Docker -on: - push: - branches: [ 'trunk' ] - paths: - - 'tools/docker/Dockerfile.monorepo' - - 'tools/docker/bin/monorepo' - - '.github/versions.sh' - - '.github/workflows/build-docker-monorepo.yml' - pull_request: - paths: - - 'tools/docker/Dockerfile.monorepo' - - 'tools/docker/bin/monorepo' - - '.github/versions.sh' - - '.github/workflows/build-docker-monorepo.yml' -concurrency: - group: build-docker-monorepo-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - prepare: - name: Prepare - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 5 # 2025-11-20: Takes just a few seconds. - outputs: - php-version: ${{ steps.buildargs.outputs.php-version }} - composer-version: ${{ steps.buildargs.outputs.composer-version }} - node-version: ${{ steps.buildargs.outputs.node-version }} - pnpm-version: ${{ steps.buildargs.outputs.pnpm-version }} - labels: ${{ steps.buildargs.outputs.labels }} - tags: ${{ steps.buildargs.outputs.tags }} - images: ${{ steps.buildargs.outputs.images }} - - steps: - - uses: actions/checkout@v5 - - - name: Fetch build args - id: buildargs - env: - LABELS: | - org.opencontainers.image.title=Jetpack Monorepo Environment - org.opencontainers.image.description=Environment for building and testing the Jetpack Monorepo. - org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}/blob/trunk/tools/docker/README.md - run: | - source .github/versions.sh - source .github/files/gh-funcs.sh - - gh_set_output php-version "$PHP_VERSION" - gh_set_output composer-version "$COMPOSER_VERSION" - gh_set_output node-version "$NODE_VERSION" - gh_set_output pnpm-version "$PNPM_VERSION" - gh_set_output labels "$LABELS" - - # We're not git-tagging for the env. Just tag all trunk builds as latest. - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - gh_set_output tags "type=raw,latest" - gh_set_output images $'automattic/jetpack-monorepo\nghcr.io/automattic/jetpack-monorepo' - elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then - gh_set_output tags "type=ref,event=pr" - gh_set_output images "ghcr.io/automattic/jetpack-monorepo" - else - echo "Unknown GITHUB_EVENT_NAME $GITHUB_EVENT_NAME" - exit 1 - fi - - build: - name: Build Jetpack Monorepo Environment (${{ matrix.platform }}) - runs-on: ${{ matrix.runner }} - needs: prepare - permissions: - packages: write - contents: read - timeout-minutes: 15 # 2025-11-20: Arm64 build takes about 6 minutes, amd64 build about 3. - strategy: - matrix: - include: - - runner: ubuntu-latest - platform: amd64 - - runner: ubuntu-24.04-arm - platform: arm64 - - steps: - - uses: actions/checkout@v5 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - context: tools/docker - file: tools/docker/Dockerfile.monorepo - platforms: linux/${{ matrix.platform }} - # For push by digest, the "tags" are just the images. We tag later. - tags: ${{ needs.prepare.outputs.images }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - build-args: | - PHP_VERSION=${{ needs.prepare.outputs.php-version }} - COMPOSER_VERSION=${{ needs.prepare.outputs.composer-version }} - NODE_VERSION=${{ needs.prepare.outputs.node-version }} - PNPM_VERSION=${{ needs.prepare.outputs.pnpm-version }} - - - name: Export digest - env: - TEMP: ${{ runner.temp }} - DIGEST: ${{ steps.build.outputs.digest }} - run: | - mkdir -p "$TEMP/digests" - touch "$TEMP/digests/${DIGEST#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-${{ matrix.platform }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - name: Merge and publish Jetpack Monorepo Environment - runs-on: ubuntu-latest - needs: [ prepare, build ] - permissions: - packages: write - contents: read - timeout-minutes: 5 # 2025-11-20: Merge takes less than a minute. - - steps: - - name: Download digests - uses: actions/download-artifact@v5 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - tags: ${{ needs.prepare.outputs.tags }} - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools create $(jq -cr --arg IMG "$IMAGE" '.tags | map( select( startswith( $IMG + ":" ) ) | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf "$IMAGE@sha256:%s " *) - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) - - - name: Inspect image - env: - VERSION: ${{ steps.meta.outputs.version }} - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools inspect "$IMAGE:$VERSION" - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml deleted file mode 100644 index 858154efb2e8..000000000000 --- a/.github/workflows/build-docker.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: Build Docker -on: - push: - branches: [ 'trunk' ] - paths: - - 'tools/docker/Dockerfile' - - 'tools/docker/bin/run.sh' - - 'tools/docker/config/*' - - '.github/versions.sh' - - '.github/workflows/build-docker.yml' - pull_request: - paths: - - 'tools/docker/Dockerfile' - - 'tools/docker/bin/run.sh' - - 'tools/docker/config/*' - - '.github/versions.sh' - - '.github/workflows/build-docker.yml' -concurrency: - group: build-docker-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - prepare: - name: Prepare - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 5 # 2025-11-20: Takes just a few seconds. - outputs: - php-version: ${{ steps.buildargs.outputs.php-version }} - composer-version: ${{ steps.buildargs.outputs.composer-version }} - node-version: ${{ steps.buildargs.outputs.node-version }} - pnpm-version: ${{ steps.buildargs.outputs.pnpm-version }} - labels: ${{ steps.buildargs.outputs.labels }} - tags: ${{ steps.buildargs.outputs.tags }} - images: ${{ steps.buildargs.outputs.images }} - - steps: - - uses: actions/checkout@v5 - - - name: Fetch build args - id: buildargs - env: - LABELS: | - org.opencontainers.image.title=Jetpack Development Environment - org.opencontainers.image.description=Unified environment for developing in the Jetpack Monorepo using Docker containers. - org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}/blob/trunk/tools/docker/README.md - run: | - source .github/versions.sh - source .github/files/gh-funcs.sh - - gh_set_output php-version "$PHP_VERSION" - gh_set_output composer-version "$COMPOSER_VERSION" - gh_set_output node-version "$NODE_VERSION" - gh_set_output pnpm-version "$PNPM_VERSION" - gh_set_output labels "$LABELS" - - # We're not git-tagging for the env. Just tag all trunk builds as latest. - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - gh_set_output tags "type=raw,latest" - gh_set_output images $'automattic/jetpack-wordpress-dev\nghcr.io/automattic/jetpack-wordpress-dev' - elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then - gh_set_output tags "type=ref,event=pr" - gh_set_output images "ghcr.io/automattic/jetpack-wordpress-dev" - else - echo "Unknown GITHUB_EVENT_NAME $GITHUB_EVENT_NAME" - exit 1 - fi - - build: - name: Build Jetpack Dev Environment (${{ matrix.platform }}) - runs-on: ${{ matrix.runner }} - needs: prepare - permissions: - packages: write - contents: read - timeout-minutes: 15 # 2025-11-20: Arm64 build takes about 6 minutes, amd64 build about 3. - strategy: - matrix: - include: - - runner: ubuntu-latest - platform: amd64 - - runner: ubuntu-24.04-arm - platform: arm64 - - steps: - - uses: actions/checkout@v5 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - context: tools/docker - platforms: linux/${{ matrix.platform }} - # For push by digest, the "tags" are just the images. We tag later. - tags: ${{ needs.prepare.outputs.images }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true - build-args: | - PHP_VERSION=${{ needs.prepare.outputs.php-version }} - COMPOSER_VERSION=${{ needs.prepare.outputs.composer-version }} - NODE_VERSION=${{ needs.prepare.outputs.node-version }} - PNPM_VERSION=${{ needs.prepare.outputs.pnpm-version }} - - - name: Export digest - env: - TEMP: ${{ runner.temp }} - DIGEST: ${{ steps.build.outputs.digest }} - run: | - mkdir -p "$TEMP/digests" - touch "$TEMP/digests/${DIGEST#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-linux-${{ matrix.platform }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - name: Merge and publish Jetpack Dev Environment - runs-on: ubuntu-latest - needs: [ prepare, build ] - permissions: - packages: write - contents: read - timeout-minutes: 5 # 2025-11-20: Merge takes less than a minute. - - steps: - - name: Download digests - uses: actions/download-artifact@v5 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: matticbot - password: ${{ secrets.DOCKER_HUB_MATTICBOT_TOKEN }} - - - name: Log in to GitHub Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - flavor: latest=false - tags: ${{ needs.prepare.outputs.tags }} - images: ${{ needs.prepare.outputs.images }} - labels: ${{ needs.prepare.outputs.labels }} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools create $(jq -cr --arg IMG "$IMAGE" '.tags | map( select( startswith( $IMG + ":" ) ) | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf "$IMAGE@sha256:%s " *) - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) - - - name: Inspect image - env: - VERSION: ${{ steps.meta.outputs.version }} - run: | - while IFS= read -r IMAGE; do - echo "=== $IMAGE ===" - docker buildx imagetools inspect "$IMAGE:$VERSION" - done < <( jq -r '.tags[] | sub( ":.*"; "" )' <<< "$DOCKER_METADATA_OUTPUT_JSON" ) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index dacb83b045fc..000000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,295 +0,0 @@ -name: Build -on: - push: - branches: - - 'trunk' - - 'prerelease' - # The `**/*/` works around the fact that GitHub considers a leading `**/` as meaning "zero or more path components" where we want "one or more". - - '**/*/branch-**' - pull_request: -concurrency: - # Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter. - group: build-${{ github.event_name == 'push' && github.run_id || 'pr' }}-${{ github.ref }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -jobs: - build: - name: Build all projects - runs-on: ubuntu-latest - timeout-minutes: 30 # 2025-11-06: Build times have crept up to ~15–20 minutes as we've added more projects, bump to 30. - env: - # Hard-code a specific directory to avoid paths in vendor/composer/installed.json changing every build. - BUILD_BASE: /tmp/jetpack-build - # This string is used as a unique identifier of test reminder comments on PRs. - TEST_COMMENT_INDICATOR: "" - outputs: - any_plugins: ${{ steps.plugins.outputs.any }} - changed_projects: ${{ steps.changed.outputs.projects }} - - steps: - - uses: actions/checkout@v5 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Pnpm install - run: pnpm install - - - name: Detect changed projects - id: changed - run: | - CHANGED="$(EXTRA=build .github/files/list-changed-projects.sh)" - echo "projects=${CHANGED}" >> "$GITHUB_OUTPUT" - - - name: Check if a WordPress.com test reminder comment is needed. - id: check-test-reminder-comment - uses: actions/github-script@v7 - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }} - env: - CHANGED: ${{ steps.changed.outputs.projects }} - with: - script: | - const { checkTestPendingComment } = require('.github/files/build-reminder-comment/check-test-reminder-comment.js') - const data = await checkTestPendingComment( github, context, core ); - return data; - - # We need the tree (but not the blob) for packages that will have -alpha version numbers so the timestamp appending works right. - # We also need the tree for js-packages/social-logos/src/svg so the font build will work right. - - name: Deepen tree for packages - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - mapfile -t PROJECTS < <(jq -r 'to_entries[] | select( .value ) | .key' <<<"$CHANGED") - if [[ ${#PROJECTS[@]} -gt 0 ]]; then - depth=$( git rev-list --count --first-parent HEAD ) - [[ "$depth" -lt 1000 ]] && depth=1000 - BASE=$PWD - REF=$(git rev-parse HEAD) - for SLUG in $(pnpm jetpack dependencies list --add-dependencies --extra="build" --ignore-root "${PROJECTS[@]}"); do - cd "$BASE/projects/$SLUG/" - if [[ "$SLUG" == packages/* ]]; then - SUBDIR=. - # Only deepen if it'll be a -alpha, i.e. it has changelog entries - CHANGES_DIR="$(jq -r '.extra.changelogger["changes-dir"] // "changelog"' composer.json)" - [[ -d "$CHANGES_DIR" && -n "$(ls -- "$CHANGES_DIR")" ]] || continue - elif [[ "$SLUG" == js-packages/social-logos ]]; then - SUBDIR=./src/svg - else - continue - fi - echo "Checking depth for $SLUG" - while git log --format='%h, %D,' -1 "$SUBDIR" | grep ', grafted,'; do - depth=$((depth * 2)) - echo "::group::Deepen to $depth" - echo "/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=$depth --filter=blob:none origin $REF" - /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=$depth --filter=blob:none origin "$REF" - echo "::endgroup::" - done - done - fi - - - name: Build changed projects - id: build - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - mapfile -t PROJECTS < <(jq -r 'to_entries[] | select( .value ) | .key' <<<"$CHANGED") - if [[ ${#PROJECTS[@]} -eq 0 ]]; then - echo "Nothing to build. Generating empty artifact." - mkdir "$BUILD_BASE" - touch "$BUILD_BASE/mirrors.txt" - else - pnpm jetpack build -v --no-pnpm-install --for-mirrors="$BUILD_BASE" "${PROJECTS[@]}" - fi - - - name: Filter mirror list for release branch - if: github.ref == 'refs/heads/prerelease' || contains( github.ref, '/branch-' ) - run: .github/files/filter-mirrors-for-release-branch.sh - - - name: Determine plugins to publish - id: plugins - run: | - jq -r 'if .extra["mirror-repo"] and ( .extra["beta-plugin-slug"] // .extra["wp-plugin-slug"] ) then [ ( input_filename | sub( "/composer\\.json$"; "" ) ), .extra["mirror-repo"], .extra["beta-plugin-slug"] // .extra["wp-plugin-slug"] ] else empty end | @tsv' projects/plugins/*/composer.json | while IFS=$'\t' read -r SRC MIRROR SLUG; do - if [[ -e "$BUILD_BASE/$MIRROR" ]] && grep -q --fixed-strings --line-regexp "$MIRROR" "$BUILD_BASE/mirrors.txt"; then - printf '%s\t%s\t%s\n' "$SRC" "$MIRROR" "$SLUG" - fi - done > "$BUILD_BASE/plugins.tsv" - if [[ -s "$BUILD_BASE/plugins.tsv" ]]; then - cat "$BUILD_BASE/plugins.tsv" - echo "any=true" >> "$GITHUB_OUTPUT" - else - echo "No plugins were built" - echo "any=false" >> "$GITHUB_OUTPUT" - fi - - # GitHub's artifact stuff doesn't preserve permissions or file case. Sigh. - # This is the official workaround: https://github.com/actions/upload-artifact#maintaining-file-permissions-and-case-sensitive-files - # It'll also make it faster to upload and download though, so maybe it's a win anyway. - - name: Create archive - run: tar --owner=0 --group=0 --xz -cvvf build.tar.xz -C "$BUILD_BASE" --transform 's,^\.,build,' . - - - name: Store build as artifact - uses: actions/upload-artifact@v4 - with: - name: jetpack-build - path: build.tar.xz - # Retain trunk builds for 7 days so we can manually download for branch comparisons. Branch builds only need one day so the beta builder can slurp it up to distribute. - retention-days: ${{ github.ref == 'refs/heads/trunk' && 7 || 1 }} - # Already compressed. - compression-level: 0 - - - name: Store plugins.tsv as artifact - if: steps.plugins.outputs.any == 'true' - uses: actions/upload-artifact@v4 - with: - name: plugins.tsv - path: ${{ env.BUILD_BASE }}/plugins.tsv - # We don't really care about this artifact, its presence is a flag to the post-build job. - retention-days: 1 - - - name: Update reminder with testing instructions - id: update-reminder-comment - uses: actions/github-script@v7 - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && fromJSON(steps.check-test-reminder-comment.outputs.result)['commentId'] != 0 }} - env: - BRANCH_NAME: ${{ github.head_ref }} - DATA: ${{ steps.check-test-reminder-comment.outputs.result }} - with: - script: | - const { checkTestReminderComment } = require('.github/files/build-reminder-comment/check-test-reminder-comment.js') - await checkTestReminderComment( github, context, core ); - - jetpack_beta: - name: Create artifact for Jetpack Beta plugin - runs-on: ubuntu-latest - needs: build - if: needs.build.outputs.any_plugins == 'true' - timeout-minutes: 10 # 2025-11-06: Successful runs should take about 30 seconds. But sometimes the upload is slow. - steps: - - uses: actions/checkout@v5 - with: - path: monorepo - - - name: Download build artifact - uses: actions/download-artifact@v5 - with: - name: jetpack-build - - name: Extract build archive - run: tar --xz -xvvf build.tar.xz build - - - name: Prepare plugin zips - id: prepare - env: - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - run: | - mkdir work - mkdir zips - - # Current version must compare greather than any previously used current version for this PR. - # Assume GH run IDs are monotonic. - VERSUFFIX="${GITHUB_RUN_ID}-g${SHA:0:8}" - - ANY_BUILT=false - - while IFS=$'\t' read -r SRC MIRROR SLUG; do - echo "::group::$MIRROR (src=$SRC slug=$SLUG)" - - if [[ ! -e "build/$MIRROR" ]]; then - echo "Plugin was not built, skipping." - echo "::endgroup::" - continue - fi - - if ! grep -q --fixed-strings --line-regexp "$MIRROR" build/mirrors.txt; then - echo "Plugin is not being mirrored in this build, skipping." - echo "::endgroup::" - continue - fi - - # The Jetpack Beta Tester plugin needs the base directory name to be like "${SLUG}-dev", so copy it over. - mv "build/$MIRROR" "work/${SLUG}-dev" - - # Copy testing docs that are not included in the mirror. - if [[ -e "$SRC/to-test.md" ]]; then - cp "$SRC/to-test.md" "work/${SLUG}-dev/" - fi - - # Extract and update version. - CURRENT_VERSION=$(monorepo/tools/plugin-version.sh "work/${SLUG}-dev/")-$VERSUFFIX - echo "Using version $CURRENT_VERSION" - echo "$CURRENT_VERSION" > "work/${SLUG}-dev/version.txt" - # Don't use plugin-version.sh here, updating JETPACK__VERSION would clutter stats. - sed -i -e 's/Version: .*$/Version: '"$CURRENT_VERSION"'/' "work/${SLUG}-dev"/*.php - - # Remove .github directory. - rm -rf "work/${SLUG}-dev/.github" - - # Zip the plugin - ( cd work && zip -9 -r "../zips/${SLUG}-dev.zip" "${SLUG}-dev" ) - - ANY_BUILT=true - - echo "::endgroup::" - done < build/plugins.tsv - if ! $ANY_BUILT; then - echo "No plugins were built" - fi - echo "any-built=$ANY_BUILT" >> "$GITHUB_OUTPUT" - - - name: Create plugins artifact - uses: actions/upload-artifact@v4 - if: steps.prepare.outputs.any-built == 'true' - with: - name: plugins - path: zips - # Only need to retain for a day since the beta builder slurps it up to distribute. - retention-days: 1 - # Already compressed. - compression-level: 0 - - update_mirrors: - name: Push to mirror repos - runs-on: ubuntu-latest - needs: build - - if: github.event_name == 'push' && github.repository == 'Automattic/jetpack' - - # Not setting a job-level timeout because it would be kind of pointless with the blocking step. Set a step timeout for all other steps instead. - steps: - - uses: actions/checkout@v5 - with: - path: monorepo - timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds - - - name: Download build artifact - uses: actions/download-artifact@v5 - with: - name: jetpack-build - timeout-minutes: 2 # 2025-11-06: Successful runs normally take a few seconds - - name: Extract build archive - run: tar --xz -xvvf build.tar.xz build - timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds - - - name: Wait for prior instances of the workflow to finish - uses: ./monorepo/.github/actions/turnstile - - - name: Push changed projects - uses: ./monorepo/projects/github-actions/push-to-mirrors - with: - source-directory: ${{ github.workspace }}/monorepo - token: ${{ secrets.API_TOKEN_GITHUB }} - upstream-ref-since: '2024-04-10' # No point in checking 12 years of earlier commits from before we started adding "Upstream-Ref". - username: matticbot - working-directory: ${{ github.workspace }}/build - timeout-minutes: 10 # 2025-11-06: Successful runs seem to take a minute or two. diff --git a/.github/workflows/check-actions-rate-limit.yml b/.github/workflows/check-actions-rate-limit.yml index 6aa949eda55a..2e7178dd556e 100644 --- a/.github/workflows/check-actions-rate-limit.yml +++ b/.github/workflows/check-actions-rate-limit.yml @@ -6,6 +6,7 @@ jobs: check: name: Check Actions rate limit runs-on: ubuntu-latest + permissions: {} steps: - name: Check rate limit env: diff --git a/.github/workflows/coverage-check.yml b/.github/workflows/coverage-check.yml index c5a81203259b..2c2ed6aa3fd0 100644 --- a/.github/workflows/coverage-check.yml +++ b/.github/workflows/coverage-check.yml @@ -14,9 +14,7 @@ concurrency: cancel-in-progress: true permissions: - checks: read - pull-requests: write - statuses: write + contents: read jobs: code-coverage-label: diff --git a/.github/workflows/delete-mirror-branches.yml b/.github/workflows/delete-mirror-branches.yml deleted file mode 100644 index 079b02e2cd6b..000000000000 --- a/.github/workflows/delete-mirror-branches.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Delete mirror branches -on: - delete: - -jobs: - delete: - name: Delete `${{ github.event.ref }}` - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-20: Less than a minute. - if: github.event_name == 'delete' && github.repository == 'Automattic/jetpack' && github.event.ref == 'prerelease' - steps: - - uses: actions/checkout@v5 - with: - ref: trunk - - name: Delete branches - env: - TOKEN: ${{ secrets.API_TOKEN_GITHUB }} - REF: heads/${{ github.event.ref }} - run: | - for repo in $(jq -r '.extra["mirror-repo"] // empty' projects/*/*/composer.json | sort -u); do - echo "::group::Deleting $REF on $repo" - RES="$(curl -v -L -X DELETE --header "Authorization: Bearer $TOKEN" "https://api.github.com/repos/$repo/git/refs/$REF")" - echo '::endgroup::' - echo "$RES" - done diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml deleted file mode 100644 index 6e9df45ec5cf..000000000000 --- a/.github/workflows/e2e-tests.yml +++ /dev/null @@ -1,419 +0,0 @@ -name: E2E Tests - -on: - pull_request: - paths-ignore: - - '**.md' - - '**/changelog/**' - repository_dispatch: - types: [ 'e2e tests**' ] - -concurrency: - group: e2e-tests-${{ github.event_name }}-${{ github.ref }}-${{ github.event.action }} - cancel-in-progress: true - -env: - FORCE_COLOR: 1 - USE_CLOUDFLARE_TUNNEL: ${{ vars.E2E_TUNNEL_TYPE == 'cloudflare' && '1' || '' }} - -jobs: - create-test-matrix: - name: "Determine tests matrix" - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-20: The pnpm install may take a few minutes on cache miss. - # Only run tests in the main repository - if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - outputs: - matrix: ${{ steps.evaluate.outputs.matrix }} - build-matrix: ${{ steps.evaluate.outputs.build-matrix }} - steps: - - uses: actions/checkout@v5 - - # For pull requests, list-changed-projects.sh needs the merge base. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - - - name: Setup tools - uses: ./.github/actions/tool-setup - - # Required for list-changed-projects.sh - - name: Install monorepo - run: | - pnpm install - - - name: Create test plan - id: evaluate - env: - DISPATCH_REPO: ${{ github.event.client_payload.repository }} - REF_NAME: ${{ github.event.client_payload.ref_name }} - REF_TYPE: ${{ github.event.client_payload.ref_type }} - run: | - MATRIX="$(node .github/files/e2e-tests/e2e-matrix.js)" - echo "matrix: $MATRIX" - echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - if [[ "$GITHUB_EVENT_NAME" == repository_dispatch ]]; then - echo "No build needed for $GITHUB_EVENT_NAME" - BUILD_MATRIX="[]" - else - BUILD_MATRIX=$(jq -c '[ .[] | select( .suite | startswith( "atomic" ) | not ) | { buildGroup: .buildGroup, path: .path } ] | unique' <<<"$MATRIX") - echo "build matrix: $BUILD_MATRIX" - BAD=$( jq -r '[ group_by( .buildGroup )[] | select( length > 1 ) | .[0].buildGroup ] | unique | join( "," )' <<<"$BUILD_MATRIX" ) - if [[ -n "$BAD" ]]; then - echo "::error::One or more build groups have multiple paths: $BAD" - exit 1 - fi - fi - echo "build-matrix=$BUILD_MATRIX" >> "$GITHUB_OUTPUT" - - build-projects: - name: "E2E: Build ${{ matrix.buildGroup }}" - runs-on: ubuntu-latest - needs: create-test-matrix - timeout-minutes: 25 # 2025-11-20: These can vary dramatically, but most builds are around 5 minutes. - if: needs.create-test-matrix.outputs.build-matrix != '[]' - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-test-matrix.outputs.build-matrix ) }} - steps: - - name: Ensure ${{ matrix.buildGroup }} build cache - id: jetpack-build-cache - uses: actions/cache/restore@v4 - with: - lookup-only: true - path: | - . - !./.github/ - key: ${{ matrix.buildGroup }}-${{ github.sha }} - - - name: Checkout code - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - uses: actions/checkout@v5 - - - name: Setup tools - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - uses: ./.github/actions/tool-setup - - - name: Install monorepo - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - run: pnpm install - - - name: Build projects - id: build-step - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - env: - COMPOSER_ROOT_VERSION: "dev-trunk" - BUILD_DIR: ./build-output - PROJECT_PATH: ${{ matrix.path }} - run: | - find . -path ./.github -prune -o -type f -print | sort > /tmp/before.txt - echo "::group::Build plugin(s)" - cd "$PROJECT_PATH" - pnpm run build - cd "$GITHUB_WORKSPACE" - echo "::endgroup::" - - # We only want to save the files that were actually created or changed. - # But we can't just list them for actions/cache/save, "Argument list too long". - # So instead we delete all the unchanged files so we can tell actions/cache/save - # to save everything that's left. - git -c core.quotepath=off diff --name-only | sort > /tmp/changed.txt - if [[ -s /tmp/changed.txt ]]; then - grep -F -x -v -f /tmp/changed.txt /tmp/before.txt > /tmp/remove.txt - else - cp /tmp/before.txt /tmp/remove.txt - fi - xargs -d '\n' rm < /tmp/remove.txt - find . -type d -empty -delete - - - name: Save ${{ matrix.buildGroup }} build cache - if: steps.jetpack-build-cache.outputs.cache-hit != 'true' - id: jetpack-build-cache-save - uses: actions/cache/save@v4 - with: - path: | - . - !./.github/ - key: ${{ steps.jetpack-build-cache.outputs.cache-primary-key }} - - e2e-tests: - name: "${{ matrix.project }} e2e tests" - runs-on: ubuntu-latest - needs: [ create-test-matrix, build-projects ] - # The "always() && ! cancelled() && ! failure()" bit is needed to still run if the build was skipped. - if: > - always() && ! cancelled() && ! failure() && - needs.create-test-matrix.result == 'success' && needs.create-test-matrix.outputs.matrix != '[]' - timeout-minutes: 25 # 2025-11-20: These can vary dramatically, but most runs are 3-10 minutes. - env: - WP_DEBUG_PATH: '${{ github.workspace }}/tools/docker/wordpress/wp-content/debug.log' - PROJECT_NAME: '${{ matrix.project }}' # used in tests for enhanced reporting of global projects - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-test-matrix.outputs.matrix ) }} - steps: - - uses: actions/checkout@v5 - - - name: Restore ${{ matrix.buildGroup }} build cache - id: jetpack-build-cache - if: needs.build-projects.result == 'success' && ! startsWith( matrix.suite, 'atomic' ) - uses: actions/cache/restore@v4 - with: - path: | - . - !./.github/ - key: ${{ matrix.buildGroup }}-${{ github.sha }} - fail-on-cache-miss: true - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Install cloudflared - if: env.USE_CLOUDFLARE_TUNNEL - run: | - curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/download/2025.7.0/cloudflared-linux-amd64.deb - echo "a65ceb838f1deb941f7ea9101ff54eaba04179135fd562456a59ea293479e113 cloudflared.deb" | sha256sum -c - sudo dpkg -i cloudflared.deb - - - name: Install monorepo - run: | - pnpm install - - - name: Checkout jetpack-production - if: github.event_name == 'repository_dispatch' && github.event.client_payload.repository != 'Automattic/jetpack-production' - uses: actions/checkout@v5 - with: - repository: Automattic/jetpack-production - path: build-output/build/Automattic/jetpack-production - - - name: Checkout mirror repo - if: github.event_name == 'repository_dispatch' - uses: actions/checkout@v5 - with: - repository: ${{ github.event.client_payload.repository }} - ref: ${{ github.event.client_payload.ref_name }} - path: build-output/build/${{ github.event.client_payload.repository }} - - - name: Prepare build - env: - COMPOSER_ROOT_VERSION: "dev-trunk" - BUILD_DIR: ./build-output - PROJECT_PATH: ${{ matrix.path }} - SUITE: ${{ matrix.suite }} - BUILD_JOB_RESULT: ${{ needs.build-projects.result }} - run: | - # Only execute these steps if the event name is 'repository_dispatch' - if [[ "$GITHUB_EVENT_NAME" == repository_dispatch ]]; then - if [[ "$BUILD_JOB_RESULT" != 'skipped' ]]; then - echo "::error::Build job ran but result is not being used!" - exit 1 - fi - - echo "::group::Update volume mapping" - .github/files/e2e-tests/map-plugins-for-e2e-env.sh - echo "::endgroup::" - elif [[ "$SUITE" != atomic* ]]; then - echo "Using artifact from build-projects job" - fi - - - name: Test environment set-up - working-directory: ${{ matrix.path }} - env: - CONFIG_KEY: ${{ secrets.E2E_CONFIG_KEY }} - SUITE: ${{ matrix.suite }} - PROJECT_NAME: ${{ matrix.project }} - HOST_CWD: ${{ github.workspace }} - run: | - echo "::group::Decrypt config" - pnpm run config:decrypt - echo "::endgroup::" - - # Ensure that wp debug.log exists and the web process can write to it - mkdir -p "$(dirname "$WP_DEBUG_PATH")" - touch "$WP_DEBUG_PATH" - chmod 0666 "$WP_DEBUG_PATH" - - if [[ "${SUITE}" != atomic* && "${SUITE}" != vip ]]; then - echo "::group::Start docker environment" - pnpm run env:up - echo "::endgroup::" - - echo "::group::Create tunnel" - nohup pnpm run tunnel:up "$HOME/tunnel.log" - echo "::endgroup::" - fi - - if [ "${SUITE}" == gutenberg ]; then - echo "::group::Setting up Gutenberg" - pnpm e2e-env gb-setup - echo "::endgroup::" - fi - - - name: Wait for atomic site to be ready - if: ${{ startsWith(matrix.suite, 'atomic') }} - working-directory: ${{ matrix.path }} - env: - DISPATCH_REF_NAME: ${{ github.event.client_payload.ref_name }} - DISPATCH_REF_TYPE: ${{ github.event.client_payload.ref_type }} - run: | - SITE="atomic" - - if [[ "${DISPATCH_REF_NAME}" != trunk ]]; then - SITE="atomicRc" - fi - - echo "TEST_SITE=${SITE}" >> $GITHUB_ENV - - # Wait for the site to pick up latest tag version (DISPATCH_REF_NAME) - TEST_SITE="${SITE}" node "$GITHUB_WORKSPACE/tools/e2e-commons/bin/update-beta-version.js" $DISPATCH_REF_TYPE $DISPATCH_REF_NAME - - - name: Set up VIP site - if: ${{ matrix.suite == 'vip' }} - working-directory: ${{ matrix.path }} - run: | - echo "TEST_SITE=vip" >> $GITHUB_ENV - - - name: Run ${{ matrix.project }} tests - working-directory: ${{ matrix.path }} - env: - JSON_ARGS: ${{ toJSON(matrix.testArgs) }} - run: | - mapfile -t TEST_ARGS < <(jq -r '.[]' <<<"$JSON_ARGS") - pnpm run test:run "${TEST_ARGS[@]}" - - - name: Write report metadata - if: ${{ always() }} - env: - SUITE: ${{ matrix.suite }} - PR_NUMBER: ${{ github.event.pull_request.number }} - OUTPUT_PATH: ${{ matrix.path }} - run: .github/files/e2e-tests/report-metadata.sh - - - name: Test environment tear-down - if: ${{ always() }} - working-directory: ${{ matrix.path }} - continue-on-error: true - run: | - # Copy debug.log to output folder, if it exists - [[ ! -f "$WP_DEBUG_PATH" ]] || { mkdir -p "output/logs" && cp "$WP_DEBUG_PATH" "output/logs/php_errors.log"; } - - pnpm run tunnel:down - echo "::group::Tunnel logs" - cat "$HOME/tunnel.log" - echo "::endgroup::" - - # Update permissions to workaround https://github.com/actions/cache/issues/753 - sudo chown -R runner:docker "$GITHUB_WORKSPACE/tools/docker" - - - name: Upload test artifacts - if: ${{ always() }} - continue-on-error: true - uses: actions/upload-artifact@v4 - with: - name: test-output-${{ matrix.project }} - path: ${{ matrix.path }}/output - include-hidden-files: true - - test-report: - name: "Test report" - runs-on: ubuntu-latest - if: ${{ always() && needs.e2e-tests.result != 'cancelled' }} - needs: [e2e-tests] - - steps: - - name: Set report context - id: report-context - env: - DISPATCH_REF_NAME: ${{ github.event.client_payload.ref_name }} - DISPATCH_REPO: ${{ github.event.client_payload.repository }} - PR_TITLE: ${{ github.event.pull_request.title }} - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - REPOSITORY=$GITHUB_REPOSITORY - - if [ "$GITHUB_EVENT_NAME" == pull_request ]; then - BRANCH=$GITHUB_HEAD_REF - elif [ "$GITHUB_EVENT_NAME" == repository_dispatch ]; then - BRANCH=$DISPATCH_REF_NAME - REPOSITORY=$DISPATCH_REPO - else - BRANCH=${GITHUB_REF:11} - fi - - echo "EVENT_TYPE=e2e run $GITHUB_RUN_ID at $GITHUB_EVENT_NAME on $GITHUB_REPOSITORY" >> "$GITHUB_OUTPUT" - echo "CLIENT_PAYLOAD=$( jq -nrc --arg repository "$REPOSITORY" --arg branch "$BRANCH" --arg pr_title "$PR_TITLE" --arg pr_number "$PR_NUMBER" --arg run_id "$GITHUB_RUN_ID" '{ repository: $repository, branch: $branch, pr_title: $pr_title, pr_number: $pr_number, run_id: $run_id }' )" >> "$GITHUB_OUTPUT" - - - name: Trigger test report workflow - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.E2E_TEST_REPORTS_TOKEN }} - repository: automattic/jetpack-e2e-reports - event-type: ${{ steps.report-context.outputs.event_type }} - client-payload: ${{ steps.report-context.outputs.client_payload }} - - - name: Display link to test report in Action Summary - uses: actions/github-script@v7 - with: - script: | - await core.summary - .addHeading( 'E2E Test Report' ) - .addLink( - `E2E Test Report`, - `https://automattic.github.io/jetpack-e2e-reports/${ context.issue.number }/report/` - ) - .addBreak() - .addRaw('Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.', true) - .write() - - slack-notification: - name: "Slack notification" - runs-on: ubuntu-latest - if: ${{ always() && needs.e2e-tests.result != 'cancelled' }} - needs: [e2e-tests] - - steps: - - uses: actions/checkout@v5 - - - name: Set up tools - uses: ./.github/actions/tool-setup - - - name: Build action - env: - COMPOSER_ROOT_VERSION: dev-trunk - run: | - pnpm install - composer install - composer build-development - working-directory: ./projects/github-actions/test-results-to-slack - - - name: Download test artifacts - uses: actions/download-artifact@v5 - with: - path: test-output - - - name: Decrypt config - env: - CONFIG_KEY: ${{ secrets.E2E_CONFIG_KEY }} - run: ./.github/files/e2e-tests/encryption.sh decrypt - - - name: Tag release candidate runs - if: github.event_name == 'repository_dispatch' && github.event.client_payload.ref_type == 'tag' - env: - VERSION: ${{ github.event.client_payload.ref_name }} - run: echo "NOTIFICATION_SUITE=rc-${VERSION}" >> $GITHUB_ENV - - - name: "Send notification" - uses: ./projects/github-actions/test-results-to-slack - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - slack_token: ${{ secrets.SLACK_TOKEN }} - slack_channel: ${{ secrets.SLACK_E2E_CHANNEL }} - slack_icon_emoji: ":jetpack:" - suite_name: ${{ env.NOTIFICATION_SUITE }} - playwright_report_path: test-output/**/summary.json - playwright_output_dir: test-output/**/results - rules_configuration_path: .github/files/e2e-tests/notification-rules.json - - diff --git a/.github/workflows/gardening.yml b/.github/workflows/gardening.yml deleted file mode 100644 index cc6fdab583ca..000000000000 --- a/.github/workflows/gardening.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Gardening -on: - pull_request_target: # When a PR is opened, edited, updated, closed, or a label is added. - types: [opened, reopened, synchronize, edited, labeled, closed ] - issues: # For auto-triage of issues. - types: [opened, reopened, labeled, edited, closed] - issue_comment: # To gather support references in issue comments. - types: [created] - push: - branches: - - trunk # Every time a PR is merged to trunk. -concurrency: - # For pull_request_target, cancel any concurrent jobs with the same type (e.g. "opened", "labeled") and branch. - # Don't cancel any for other events, accomplished by grouping on the unique run_id. - group: gardening-${{ github.event_name }}-${{ github.event.action }}-${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.run_id }} - cancel-in-progress: true - -permissions: - # ./.github/actions/turnstile - actions: read - # actions/checkout - contents: read - # ./projects/github-actions/repo-gardening - # read: octokit.rest.issues.listComments, octokit.rest.issues.get, octokit.rest.issues.listLabelsForRepo, octokit.rest.issues.listLabelsOnIssue, octokit.rest.issues.listMilestones - # write: octokit.rest.issues.addAssignees, octokit.rest.issues.addLabels, octokit.rest.issues.createComment, octokit.rest.issues.removeLabel, octokit.rest.issues.update, octokit.rest.issues.updateComment - issues: write - # ./projects/github-actions/repo-gardening - # read: octokit.rest.issues.listComments, octokit.rest.pulls.listFiles, octokit.rest.issues.listLabelsForRepo, octokit.rest.issues.listLabelsOnIssue, octokit.rest.issues.listMilestonesoctokit.rest.issues.listMilestones - # write: octokit.rest.issues.addAssignees, octokit.rest.issues.addLabels, octokit.rest.issues.createComment, octokit.rest.issues.removeLabel, octokit.rest.issues.update, octokit.rest.issues.updateComment - pull-requests: write - -jobs: - repo-gardening: - name: "Manage labels and assignees" - runs-on: ubuntu-latest - if: github.event_name == 'pull_request_target' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - timeout-minutes: 10 # 2025-11-06: Successful runs seem to take a minute or two, primarily since we wait for previous runs to complete. - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Building Action - env: - COMPOSER_ROOT_VERSION: dev-trunk - run: | - pnpm install - composer install - composer build-development - working-directory: ./projects/github-actions/repo-gardening - - - name: Check out the PR - if: github.event_name == 'pull_request_target' && github.event.pull_request.state != 'closed' - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # DO NOT run any code in this checkout. Not even an `npm install`. - path: ./pr-checkout - - - name: Wait for prior instances of the workflow to finish - uses: ./.github/actions/turnstile - with: - # Split issues and issue_comment triggers from the rest. Otherwise a lot of issue work can result in pushes to trunk timing out. - events: ${{ ( github.event_name == 'issues' || github.event_name == 'issue_comment' ) && 'issues issue_comment' || '' }} - ignore-events: ${{ ( github.event_name != 'issues' && github.event_name != 'issue_comment' ) && 'issues issue_comment' || '' }} - - - name: "Run the action (assign, manage milestones, for issues and PRs)" - uses: ./projects/github-actions/repo-gardening - env: - PR_WORKSPACE: ${{ github.workspace }}${{ github.event_name == 'pull_request_target' && '/pr-checkout' || '' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - slack_token: ${{ secrets.SLACK_TOKEN }} - slack_team_channel: ${{ secrets.SLACK_TEAM_CHANNEL }} - slack_design_channel: ${{ secrets.SLACK_DESIGN_CHANNEL }} - slack_editorial_channel: ${{ secrets.SLACK_EDITORIAL_CHANNEL }} - slack_he_triage_channel: ${{ secrets.SLACK_HE_TRIAGE_CHANNEL }} - slack_quality_channel: ${{ secrets.SLACK_QUALITY_CHANNEL }} - triage_projects_token: ${{ secrets.PROJECT_AUTOMATION_TOKEN }} - project_board_url: ${{ secrets.PROJECT_BOARD_URL }} - openai_api_key: ${{ secrets.OPENAI_API_KEY }} diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml deleted file mode 100644 index a2ecdf7e56e8..000000000000 --- a/.github/workflows/linting.yml +++ /dev/null @@ -1,705 +0,0 @@ -# This workflow holds jobs for linting, currently PHP and JavaScript. -# -# The jobs are all set up to only run if appropriate files have changed; the -# `changed_files` job is used to determine whether files have changed in -# various categories so the rest of the jobs can know whether to run or not. - -name: Linting - -on: - pull_request: - push: - branches: - - trunk -concurrency: - group: linting-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -permissions: - # actions/checkout - contents: read - -jobs: - - ### Job to categorize changed files. Other jobs depend on this to know when they should run. - ### On trunk pushes, all jobs run (no file filtering). - changed_files: - name: detect changed files - runs-on: ubuntu-latest - timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds - permissions: - # actions/checkout - contents: read - # dorny/paths-filter - pull-requests: read - outputs: - # Whether any PHP files have changed. - php: ${{ steps.filter.outputs.php }} - - # Whether any JavaScript files have changed. - js: ${{ steps.filter.outputs.js }} - - # Whether any style files have changed. - css: ${{ steps.filter.outputs.css }} - - # Whether any lock files have changed. - lockfiles: ${{ steps.filter.outputs.lockfiles }} - - # Whether any GitHub Actions yaml files have changed. - ghactionsfiles: ${{ steps.filter.outputs.ghactionsfiles }} - - # Whether any miscellaneous files related to linting have changed. - misc: ${{ steps.filter.outputs.misc }} - - # Whether any miscellaneous files related to PHP linting have changed. - misc_php: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_php == 'true' }} - - # Whether any miscellaneous files related to JS linting have changed. - misc_js: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_js == 'true' }} - - # Whether any miscellaneous files related to CSS linting have changed. - misc_css: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_css == 'true' }} - - # JSON string holding an array of files in phpcs-excludelist.json that have changed. - php_excluded_files: ${{ steps.filterPHP.outputs.php_excluded_files }} - - # JSON string holding an array of files in eslint-excludelist.json that have changed. - js_excluded_files: ${{ steps.filterJS.outputs.js_excluded_files }} - - # Whether any excluded files were modified or deleted. - excludelist: ${{ steps.filterExcludeList.outputs.excluded_files != '[]' || steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_php == 'true' || steps.filter.outputs.misc_js == 'true' || steps.filter.outputs.misc_excludelist == 'true' }} - - # Whether any auto-updated Phan stub files were changed. - phanstubs: ${{ steps.filter.outputs.phanstubs == 'true' }} - - steps: - - if: github.event_name == 'pull_request' - uses: actions/checkout@v5 - - - if: github.event_name == 'pull_request' - uses: dorny/paths-filter@v3 - id: filter - with: - list-files: json - filters: | - php: - # If any PHP file changed, they need checking. - - added|modified: - - '**.php' - js: - # If any JS file changed, they need checking. - - added|modified: - - '**.cjs' - - '**.js' - - '**.jsx' - - '**.mjs' - - '**.ts' - - '**.tsx' - - '**.svelte' - css: - # If any style file changed, they need checking. - - added|modified: - - '**.css' - - '**.scss' - excludelist: - # If any PHP or JS file changed or was deleted, we need to check the excludelist. - - modified|deleted: - - '**.php' - - '**.js' - - '**.jsx' - - '**.ts' - lockfiles: - - 'composer.json' - - 'composer.lock' - - 'package.json' - - 'pnpm-lock.yaml' - - '**/composer.json' - - '**/composer.lock' - - '**/package.json' - ghactionsfiles: - - '.github/workflows/*.{yml,yaml}' - - '.github/actions/*/action.{yml,yaml}' - - 'projects/github-actions/*/action.{yml,yaml}' - # If we edit the linting JS files, we need to run it. - - 'tools/js-tools/lint-gh-actions.{js,mjs}' - misc_php: - # If composer, phpcs config, or the codesniffer package itself changed, there may be a new standard. - - 'composer.json' - - 'composer.lock' - - '.phpcs.config.xml' - - '.phpcs.xml.dist' - - '.phpcsignore' - - '**/.phpcs.dir.xml' - - '**/.phpcsignore' - - 'projects/packages/codesniffer/**' - # If the excludelist changed, run to ensure newly non-excluded files pass. - - 'tools/phpcs-excludelist.json' - # If other files used by this workflow changed, run it to test those changes. - - 'tools/parallel-lint.sh' - - '.github/files/php-linting-phpcs.xml' - - '.github/matchers/phpcs-problem-matcher.json' - - '.github/matchers/php-lint-problem-matcher.json' - misc_js: - # If package or eslint config changed, there may be new checks. - - 'package.json' - - 'tools/js-tools/package.json' - - 'pnpm-lock.yaml' - - '.eslintignore' - - '.eslintignore.root' - - 'eslint.config.*' - - '**/.eslintignore' - - '**/eslint.config.*' - # If the excludelist changed, run to ensure newly non-excluded files pass. - - 'tools/eslint-excludelist.json' - misc_css: - # If Stylelint config changed, there may be new checks. - - .stylelintignore - - stylelint.config.mjs - - '**/stylelint.config.{js,mjs,cjs}' - - tools/js-tools/stylelint.config.base.mjs - misc_excludelist: - - 'tools/cleanup-excludelists.sh' - - 'tools/js-tools/check-excludelist-diff.js' - misc: - # If the workflow itself changed, everything should re-run. - - '.github/workflows/linting.yml' - phanstubs: - # If auto-generated Phan stub files are changed, we may want to post a warning to the PR. - - '.phan/stubs/**' - - - if: github.event_name == 'pull_request' - id: filterPHP - shell: bash - env: - PHP_FILES: ${{ steps.filter.outputs.php_files }} - run: | - EXCLUDED_FILES=$(jq --argjson files "$PHP_FILES" --slurpfile excludes tools/phpcs-excludelist.json -nc '$files - ($files - $excludes[0])') - echo "php_excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" - echo "Excluded files:" - jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' - - - if: github.event_name == 'pull_request' - id: filterJS - shell: bash - env: - JS_FILES: ${{ steps.filter.outputs.js_files }} - run: | - EXCLUDED_FILES=$(jq --argjson files "$JS_FILES" --slurpfile excludes tools/eslint-excludelist.json -nc '$files - ($files - $excludes[0])') - echo "js_excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" - echo "Excluded files:" - jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' - - - if: github.event_name == 'pull_request' - id: filterExcludeList - shell: bash - env: - FILES: ${{ steps.filter.outputs.excludelist_files }} - run: | - EXCLUDED_FILES=$(jq --argjson files "$FILES" --slurpfile phpexcludes tools/phpcs-excludelist.json --slurpfile jsexcludes tools/eslint-excludelist.json -nc '$files - ($files - $phpexcludes[0] - $jsexcludes[0])') - echo "excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" - echo "Excluded files:" - jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' - - ### Runs `php -l` over all PHP files, in all relevant PHP versions - # Local equivalent: `composer php:lint` - # We don't use an `if` here because GH Actions had issues expanding the name when we did. See also: - # - https://github.com/Automattic/jetpack/pull/17940 - # - https://github.com/Automattic/jetpack/pull/18979 - php_lint: - name: PHP lint (${{ matrix.php-versions }}) - runs-on: ubuntu-latest - needs: changed_files - continue-on-error: ${{ matrix.experimental }} - timeout-minutes: 3 # 2025-11-06: Successful runs seem to take ~1 minute - - strategy: - fail-fast: false - matrix: - php-versions: [ '7.2', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5' ] - experimental: [ false ] - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - php: ${{ matrix.php-versions }} - node: false - - - name: Install dependencies - run: | - # Install stuff ignoring platform reqs. - composer install --ignore-platform-reqs - # Remove stuff we don't need here that fails some platform reqs. - # This will complain if we missed any. - composer remove --dev sirbrillig/phpcs-changed automattic/jetpack-codesniffer automattic/jetpack-phan-plugins phan/phan - - - name: Run linter - run: | - echo "::add-matcher::.github/matchers/php-lint-problem-matcher.json" - composer php:lint -- --checkstyle - echo "::remove-matcher owner=php-lint" - - ### Runs phpcs on all PHP files not listed in phpcs-excludelist.json. - # Local equivalent: `composer phpcs:lint:required` - # On trunk: runs on all non-excluded PHP files - # On PRs: runs only if PHP files or relevant config changed - phpcs: - name: PHP Code Sniffer (non-excluded files only) - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_php == 'true' - timeout-minutes: 5 # 2025-11-06: Successful runs seem to take ~2 minutes. Leaving some extra for future expansion. - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Install dependencies - run: composer install - - - name: Run phpcs - run: | - echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" - composer phpcs:lint:required -- --report=emacs --standard=.github/files/php-linting-phpcs.xml - echo "::remove-matcher owner=phpcs" - - ### Runs PHPCompatibility over all PHP files. - # Local equivalent: `composer phpcs:compatibility` - # On trunk: runs on all PHP files - # On PRs: runs only if PHP files or relevant config changed - phpcompatibility: - name: PHP Compatibility - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_php == 'true' - timeout-minutes: 5 # 2025-11-06: Successful runs seem to take ~1 minute. Leaving some extra for future expansion. - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Install dependencies - run: composer install - - - name: Run phpcs for PHPCompatibility - run: | - echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" - composer phpcs:compatibility -- --report=emacs . - echo "::remove-matcher owner=phpcs" - - ### Runs phpcs-changed on PHP files listed in phpcs-excludelist.json. - # Local equivalent: `composer phpcs:changed -- --git-base= ` - # `` is the branch this PR is to be merged into, probably `origin/trunk`. - # - # Pre-commit, you might also `git add` the relevant files and run `composer phpcs:changed` - phpcs_changed: - name: PHP Code Sniffer (changes to excluded files only) - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'pull_request' && needs.changed_files.outputs.php_excluded_files != '[]' - continue-on-error: true - timeout-minutes: 5 # 2025-11-06: Successful runs seem to take 30 seconds. Leaving some extra for future expansion. - - steps: - # We don't need full git history, but phpcs-changed does need everything up to the merge-base. - - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 10 - - uses: ./.github/actions/deepen-to-merge-base - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Install dependencies - run: composer install - - - name: Run phpcs-changed - shell: bash - env: - SHA: ${{ github.event.pull_request.base.sha }} - FILES: ${{ needs.changed_files.outputs.php_excluded_files }} - run: | - echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" - composer phpcs:changed -- --report=json --standard=.github/files/php-linting-phpcs.xml --git-base=$SHA $(jq -rn --argjson files "$FILES" '$files[]') | - jq -r '.files | to_entries | .[] | .key as $key | .value.messages[] | [ $key, ":", .line, ":", .column, ": ", .type, " - ", .message, " (", .source, ")" ] | map(tostring) | join("")' - echo "::remove-matcher owner=phpcs" - - ### Runs eslint on JS files not listed in eslint-excludelist.json - # Local equivalent: `pnpm run lint-required` - # On trunk: runs on all non-excluded JS files - # On PRs: runs only if JS files or relevant config changed - eslint: - name: ESLint (non-excluded files only) - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.js == 'true' || needs.changed_files.outputs.misc_js == 'true' - timeout-minutes: 10 # 2025-11-06: Runs now take ~5 minutes due to now installing all php/js deps to ensure valid linting. - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Monorepo pnpm install - run: pnpm install - - run: pnpm run lint-required - - ### Runs eslint-changed on JS files listed in eslint-excludelist.json. - # Local equivalent: `pnpm run lint-changed --git-base=` - # `` is the branch this PR is to be merged into, probably `origin/trunk`. - # - # Pre-commit, you might also `git add` the relevant files and run `pnpm run lint-changed` - eslint_changed: - name: ESLint (changes to excluded files only) - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'pull_request' && needs.changed_files.outputs.js_excluded_files != '[]' - continue-on-error: true - timeout-minutes: 10 # 2025-11-06: Takes about a minute, but rarely runs. - - steps: - # We don't need full git history, but eslint-changed does need everything up to the merge-base. - - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 10 - - uses: ./.github/actions/deepen-to-merge-base - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Monorepo pnpm install - run: pnpm install - - name: Run eslint-changed - env: - SHA: ${{ github.event.pull_request.base.sha }} - FILES: ${{ needs.changed_files.outputs.js_excluded_files }} - run: pnpm run lint-changed --git-base=$SHA $(jq -rn --argjson files "$FILES" '$files[]') - - ### Runs lint-style on all CSS/SCSS files in the monorepo except those ignored in .stylelintignore. - # Local equivalent: `pnpm run lint-style .` - # On trunk: runs on all CSS/SCSS files - # On PRs: runs only if CSS/SCSS files or relevant config changed - lint_style: - name: Stylelint - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.css == 'true' || needs.changed_files.outputs.misc_css == 'true' - timeout-minutes: 5 # 2025-11-06: Takes a bit more than a minute, so give a little wiggle room. - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Monorepo pnpm install - run: pnpm install - - name: Run lint-style - run: pnpm lint-style --formatter=compact . && echo 'Everything checks out!' - - ### Lints GitHub Actions yaml files. - # Local equivalent: `./tools/js-tools/lint-gh-actions.mjs ` - # On trunk: runs on all GitHub Actions yaml files - # On PRs: runs only if GitHub Actions files or relevant config changed - lint_gh_actions: - name: Lint GitHub Actions yaml files - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.ghactionsfiles == 'true' || needs.changed_files.outputs.misc == 'true' - timeout-minutes: 5 # 2025-11-06: Takes less than a minute. - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - php: false - - - run: pnpm install - - name: Run lint - run: ./tools/js-tools/lint-gh-actions.mjs -v '.github/workflows/*.{yml,yaml}' '.github/actions/*/action.{yml,yaml}' 'projects/github-actions/*/action.{yml,yaml}' - - ### Checks that copied files (e.g. readme, license) are in sync - # Local equivalent: `./tools/check-copied-files.sh` - copied_files: - name: Copied files are in sync - runs-on: ubuntu-latest - timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds. - - steps: - - uses: actions/checkout@v5 - - run: ./tools/check-copied-files.sh - - ### Runs tools/cleanup-excludelists.sh and checks for any changes - # Local equivalent: `tools/cleanup-excludelists.sh` - # On trunk: always runs - # On PRs: runs only if excludelist-related files changed - check_excludelists: - name: Check linter exclude lists - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.excludelist == 'true' - timeout-minutes: 10 # 2025-11-06: The check itself takes 2 minutes. - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - run: composer install - - name: Monorepo pnpm install - run: pnpm install - - - name: Cleanup excludelists - run: tools/cleanup-excludelists.sh - - name: Check for changes to exclude lists - run: tools/js-tools/check-excludelist-diff.js - - ### Checks that changelogger change files are being created. - # Local equivalent: Probably `tools/check-changelogger-use.php origin/trunk HEAD` - changelogger_used: - name: Changelogger use - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-06: Takes a few seconds. - steps: - # We don't need full git history, but tools/check-changelogger-use.php does need everything up to the merge-base. - - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 10 - - uses: ./.github/actions/deepen-to-merge-base - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Check change files are touched for touched projects - env: - BASE: ${{ github.event.pull_request.base.sha }} - HEAD: ${{ github.event.pull_request.head.sha }} - run: tools/check-changelogger-use.php --debug "$BASE" "$HEAD" - - ### Checks that changelogger change files are valid. - # Local equivalent: `./tools/changelogger-validate-all.sh` - changelogger_valid: - name: Changelogger validity - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-06: Takes less than a minute. - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Check change file validity - run: tools/changelogger-validate-all.sh -vv - - ### Checks that lock files are up to date. - # Local equivalent: .github/files/check-lock-files.sh - # Note that may modify lock files in your working tree! - # On trunk: always runs - # On PRs: runs only if lock files or relevant config changed - lock_files: - name: "Lock files are up to date" - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.lockfiles == 'true' || needs.changed_files.outputs.misc == 'true' - timeout-minutes: 7 # 2025-11-06: Successful runs seem to take about 2 minutes. - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - run: .github/files/check-lock-files.sh - - ### Check that monorepo packages are correctly referenced. - # Local equivalent: tools/check-intra-monorepo-deps.sh -v && .github/files/check-monorepo-package-repos.sh - # On trunk: always runs - # On PRs: runs only if lock files or relevant config changed - monorepo_package_refs: - name: Monorepo package version refs - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'push' || needs.changed_files.outputs.lockfiles == 'true' || needs.changed_files.outputs.misc == 'true' - timeout-minutes: 7 # 2025-11-06: Takes a minute or two. - steps: - - uses: actions/checkout@v5 - - name: Setup tools - uses: ./.github/actions/tool-setup - - run: pnpm install - - run: tools/check-intra-monorepo-deps.sh -v - - run: .github/files/check-monorepo-package-repos.sh - - ### Checks against project structure, e.g. that composer.json exists. - # Local equivalent: `./.github/files/lint-project-structure.sh` - project_structure: - name: Project structure - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-06: Takes a minute or two. - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - run: pnpm install - - run: .github/files/lint-project-structure.sh - - ### Warn on manual updates to Phan auto-generated stubs - phan_stubs: - name: Phan stubs - runs-on: ubuntu-latest - needs: changed_files - if: github.event_name == 'pull_request' && needs.changed_files.outputs.phanstubs == 'true' && github.event.pull_request.user.login != 'matticbot' - timeout-minutes: 5 # 2025-11-06: Probably takes about a minute. - permissions: - # actions/checkout - contents: read - # step "Warn about stubs" - pull-requests: write - steps: - - uses: actions/checkout@v5 - - uses: ./.github/actions/deepen-to-merge-base - id: deepen - - name: Warn about stubs - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.pull_request.number }} - BASE: ${{ steps.deepen.outputs.merge-base }} - HEAD: ${{ github.event.pull_request.head.sha }} - run: | - COMMENTS='[]' - while IFS= read -r FILE; do - # TODO: If they add a way to do file-level comments in this API, switch to that. - COMMENTS=$( jq --arg file "$FILE" '. += [ { path: $file, body: "This file is automatically generated and should not be edited directly. See the comment at the top of the file for details.\n\nIf you have any questions, ping `@Automattic/jetpack-monorepo`.", position: 1 } ]' <<<"$COMMENTS" ) - done < <( git -c core.quotepath=off diff --name-only "$BASE"...HEAD -- .phan/stubs/ ':!.phan/stubs/photon-opencv-stubs.php' ':!.phan/stubs/wordpress-constants.php' ':!.phan/stubs/wordpress-globals.jsonc' ) - if [[ "$COMMENTS" != "[]" ]]; then - REQ=$( jq -n --arg commit_id "$HEAD" --argjson comments "$COMMENTS" '{ commit_id: $commit_id, body: "", event: "COMMENT", comments: $comments }' ) - echo "POST /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" - echo "REQUEST=$REQ" - gh api "/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" -X POST --input - <<<"$REQ" - exit 1 - fi - - typecheck: - name: Type checking - runs-on: ubuntu-latest - timeout-minutes: 10 # 2025-11-20: Takes around 3 minutes. - steps: - - uses: actions/checkout@v5 - - name: Setup tools - uses: ./.github/actions/tool-setup - - name: Pnpm install - run: pnpm install - - name: Run type checking - # Can't just `pnpm typecheck` here, GitHub won't match the output files correctly - # and unfortunately https://github.com/microsoft/TypeScript/issues/36221 is still open. - run: | - EXIT=0 - set -o pipefail - for DIR in $( jq -r 'if .scripts.typecheck then input_filename | sub( "/package.json"; "" ) else empty end' projects/*/*/package.json projects/*/*/tests/e2e/package.json tools/*/package.json 2>/dev/null ); do - if ! ( cd "$DIR" && pnpm run typecheck ) | sed -uE 's#^.+\([0-9,]+\): error #'"$DIR"'/&#'; then - EXIT=1 - fi - done - exit $EXIT - - phan: - name: Static analysis - runs-on: ubuntu-latest - timeout-minutes: 25 # 2025-11-20: Up to about 10 minutes now that we're running against the old WP and Woo stubs too. - steps: - - uses: actions/checkout@v5 - - name: Setup tools - uses: ./.github/actions/tool-setup - - name: Pnpm install - run: pnpm install - - name: Add back removed packages in case of a release branch. - run: | - echo "Checking for non-mirrored require-dev packages, in case this is testing a release branch" - for FILE in projects/*/*/composer.json; do - PKGS=() - readarray -t PKGS < <( jq -r '.extra["non-mirrored-require-dev"] // empty | .[] | . += "=@dev"' "$FILE" ) - if [[ ${#PKGS[@]} -gt 0 ]]; then - echo "::group::Adding packages for $FILE: ${PKGS[*]}" - # Make sure monorepo repositories entry is present. - JSON=$( jq --tab '.repositories //= [] | if any( .repositories[]; .type == "path" and ( .url | startswith( "../" ) ) and .options?.monorepo? ) then . else .repositories += [ { type: "path", url: "../../packages/*", options: { monorepo: true } } ] end' "$FILE" ) - echo "$JSON" > "$FILE" - composer require --working-dir="${FILE%/composer.json}" --dev "${PKGS[@]}" - echo "::endgroup::" - fi - done - - name: Run phan - run: pnpm jetpack phan --all -v --update-baseline --format github - - name: Run phan for previous WP version and old Woo - env: - # Don't bother complaining about unused suppressions that may be used with the newer stubs. See .phan/config.base.php for how this gets applied. - NO_PHAN_UNUSED_SUPPRESSION: 1 - run: | - composer update --prefer-lowest php-stubs/wordpress-stubs php-stubs/wordpress-tests-stubs php-stubs/woocommerce-stubs - # Don't re-update baselines here, only check. - pnpm jetpack phan --all -v --format github - - name: Check baselines - run: | - # Anything changed? (with a side of printing the diff) - if git diff --exit-code --ignore-matching-lines='^ // ' -- .phan/baseline.php '*/.phan/baseline.php'; then - exit 0 - fi - - # Collect which projects changed to suggest the right command. - PROJECTS=() - for f in $( git -c core.quotepath=off diff --name-only -- .phan/baseline.php '*/.phan/baseline.php' ); do - # --name-only and --ignore-matching-lines don't combine, so we have to do the check separately. - if git diff --quiet --exit-code --ignore-matching-lines='^ // ' -- "$f"; then - continue - fi - - if [[ "$f" == ".phan/baseline.php" ]]; then - SLUG=monorepo - elif [[ "$f" == projects/*/*/.phan/baseline.php ]]; then - SLUG=${f%/.phan/baseline.php} - SLUG=${SLUG#projects/} - elif SLUG=$( grep -v '^[ \t]*\/\/' .phan/monorepo-pseudo-projects.jsonc | jq -re --arg f "${f%.phan/baseline.php}" 'to_entries[] | select( .value == $f ) | .key' ); then - : # Ok - else - SLUG= - fi - if grep -q 'This baseline has no suppressions' "$f"; then - if [[ -n "$SLUG" ]]; then - echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it, or if you want to keep it (e.g. if you expect new unfixed issues to be added in the future) you can run \`jetpack phan --update-baseline $SLUG\` to update it." - else - echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it." - fi - elif [[ -n "$SLUG" ]]; then - PROJECTS+=( "$SLUG" ) - else - echo "::error file=$f::This Phan baseline has changed and should be updated. This Action was unable to determine the command needed to update it; please report this to the Monorepo team." - fi - done - if [[ ${#PROJECTS[@]} -gt 0 ]]; then - echo "::error::Phan baselines have changed (good job!). Run \`jetpack phan --update-baseline ${PROJECTS[*]}\` to update them." - fi - exit 1 diff --git a/.github/workflows/phpcompatibility-dev.yml b/.github/workflows/phpcompatibility-dev.yml deleted file mode 100644 index 5f49eba3cf33..000000000000 --- a/.github/workflows/phpcompatibility-dev.yml +++ /dev/null @@ -1,83 +0,0 @@ -# This Github Action is temporary, to run the development version of PHPCompatibility to test for PHP 8 issues. -# -# Once we're getting that by default (likely due to an upgrade of automattic/jetpack-codesniffer to pull a version of phpcompatibility/phpcompatibility-wp that pulls phpcompatibility/php-compatibility 10.0+), -# this action and .github/files/phpcompatibility-dev-phpcs.xml should be deleted. - -name: PHP Compatibility - -on: pull_request -concurrency: - group: phpcompatibility-dev-${{ github.event_name }}-${{ github.ref }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - -jobs: - changed_files: - name: detect changed files - runs-on: ubuntu-latest - timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds. - outputs: - php: ${{ steps.filter.outputs.php }} - misc: ${{ steps.filter.outputs.misc }} - - steps: - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - php: - # If any PHP file changed, they need checking. - - '**.php' - misc: - # If composer or phpcs config changed, there may be a new standard. - - 'composer.json' - - 'composer.lock' - - '.phpcs.config.xml' - - '.phpcs.xml.dist' - - '.phpcsignore' - - '**/.phpcs.dir.xml' - - '**/.phpcsignore' - # If other files used by this workflow changed, run it to test those changes. - - '.github/files/phpcompatibility-dev-phpcs.xml' - - '.github/matchers/phpcs-problem-matcher.json' - - '.github/workflows/phpcompatibility-dev.yml' - - phpcompatibility: - name: dev branch for PHP 8.0 - runs-on: ubuntu-latest - needs: changed_files - if: needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc == 'true' - timeout-minutes: 7 # 2025-11-06: Successful runs seem to take ~2 minutes. - - steps: - - uses: actions/checkout@v5 - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - - name: Install dependencies - run: composer install - - - name: Upgrade PHPCompatibility - run: | - if [[ -e vendor/phpcompatibility/php-compatibility/PHPCompatibility/Sniffs/ControlStructures/NewNonCapturingCatchSniff.php ]]; then - echo "::error file=.github/workflows/phpcompatibility-dev.yml,line=4,col=1::It looks like PHPCompatibility is already at version 10.0, making this Github Action obsolete. Please remove it." - exit 1 - fi - composer remove --dev --no-update automattic/jetpack-codesniffer - composer require --dev --no-update phpcompatibility/php-compatibility='dev-develop as 9.9999.9999' - composer require --dev --no-update phpcompatibility/phpcompatibility-wp=dev-master - # Update any other packages needing update now too. - composer update - # Even though we uninstalled our codesniffer package, we need the compat rulesets to be found. - vendor/bin/phpcs --config-set installed_paths "$(vendor/bin/phpcs --config-show | sed -n 's/^installed_paths: //p'),../../../projects/packages/codesniffer" - - - name: Run phpcs for PHPCompatibility - run: | - echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" - vendor/bin/phpcs -p -s --report=emacs --standard=.github/files/phpcompatibility-dev-phpcs.xml - echo "::remove-matcher owner=phpcs" diff --git a/.github/workflows/post-build.yml b/.github/workflows/post-build.yml deleted file mode 100644 index e1e8ee75142b..000000000000 --- a/.github/workflows/post-build.yml +++ /dev/null @@ -1,483 +0,0 @@ -name: Post-Build -run-name: Post-Build on ${{ github.event.workflow_run.head_branch }} -on: - workflow_run: - types: [ 'completed' ] - workflows: - - Build -concurrency: - # Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter. - group: post-build-${{ github.event.workflow_run.event == 'push' && github.run_id || 'pr' }}-${{ github.event.workflow_run.head_branch }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: "dev-trunk" - SUMMARY: Post-Build run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for Build run [#${{ github.event.workflow_run.id }}](${{ github.event.workflow_run.html_url }}) - -permissions: - actions: read - contents: read - pull-requests: read - -# Note the job logic here is a bit unusual. That's because this workflow is triggered by `workflow_run`, and so is not shown on the PR by default. -# Instead we have to manually report back, including where we could normally just skip or let a failure be handled. -# - If the "Build" job failed, we need to set our status as failed too (build_failed). -# - If the find_artifact job fails for some reason, we need a step to explicitly report that back. -# - If no plugins are found, we need to explicitly report back a "skipped" status. -# - And the upgrade_test job both explicitly sets "in progress" at its start and updates at its end. -# -# If you're wanting to add a new check, you'd want to do the following: -# - Add a step in the `setup` workflow to create your check, and a corresponding output for later steps to have the ID. -# - Add a step in the `build_failed` workflow to set your run to cancelled. -# - Add a job to run whatever tests you need to run, with steps similar to the `upgrade_test` workflow's "Get token", "Notify check in progress", and "Notify final status". -# - Add a step in the `no_plugins` workflow to set your run to skipped if your job only runs when there are plugins built. - -jobs: - setup: - name: Setup - runs-on: ubuntu-latest - timeout-minutes: 2 # 2025-11-20: Takes a few seconds. - outputs: - upgrade_check: ${{ steps.upgrade_check.outputs.id }} - wpcom_filename_check: ${{ steps.wpcom_filename_check.outputs.id }} - steps: - - name: Log info - run: | - echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY - - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Create "Test plugin upgrades" check' - id: upgrade_check - uses: ./.github/actions/check-run - with: - name: Test plugin upgrades - sha: ${{ github.event.workflow_run.head_sha }} - status: queued - title: Test queued... - summary: | - ${{ env.SUMMARY }} - token: ${{ steps.get_token.outputs.token }} - - - name: 'Create "Test wpcom filename restrictions" check' - id: wpcom_filename_check - uses: ./.github/actions/check-run - with: - name: Test wpcom filename restrictions - sha: ${{ github.event.workflow_run.head_sha }} - status: queued - title: Test queued... - summary: | - ${{ env.SUMMARY }} - token: ${{ steps.get_token.outputs.token }} - - build_failed: - name: Handle build failure - runs-on: ubuntu-latest - needs: setup - if: github.event.workflow_run.conclusion != 'success' - timeout-minutes: 2 # 2025-11-20: Seems like it should be fast. - steps: - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Mark "Test plugin upgrades" cancelled' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: cancelled - title: Build failed - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the build did not succeed. - token: ${{ steps.get_token.outputs.token }} - - - name: 'Mark "Test wpcom filename restrictions" cancelled' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: cancelled - title: Build failed - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the build did not succeed. - token: ${{ steps.get_token.outputs.token }} - - find_artifact: - name: Find artifact - runs-on: ubuntu-latest - needs: setup - if: github.event.workflow_run.conclusion == 'success' - timeout-minutes: 2 # 2025-11-20: Takes a few seconds. - outputs: - zip_url: ${{ steps.run.outputs.zip_url }} - any_plugins: ${{ steps.run.outputs.any_plugins }} - steps: - - uses: actions/checkout@v5 - - - name: Find artifact - id: run - env: - TOKEN: ${{ github.token }} - URL: ${{ github.event.workflow_run.artifacts_url }} - run: | - for (( i=1; i<=5; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Fetch list of artifacts (attempt $i/5)" - JSON="$(curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$URL" - )" - echo "$JSON" - echo "::endgroup::" - ZIPURL="$(jq -r '.artifacts | map( select( .name == "jetpack-build" ) ) | sort_by( .created_at ) | last | .archive_download_url // empty' <<<"$JSON")" - PLUGINS="$(jq -r '.artifacts[] | select( .name == "plugins.tsv" )' <<<"$JSON")" - if [[ -n "$ZIPURL" ]]; then - break - fi - done - [[ -z "$ZIPURL" ]] && { echo "::error::Failed to find artifact."; exit 1; } - echo "Zip URL: $ZIPURL" - echo "zip_url=${ZIPURL}" >> "$GITHUB_OUTPUT" - if [[ -z "$PLUGINS" ]]; then - echo "Any plugins? No" - echo "any_plugins=false" >> "$GITHUB_OUTPUT" - else - echo "Any plugins? Yes" - echo "any_plugins=true" >> "$GITHUB_OUTPUT" - fi - - - name: Get token - id: get_token - if: ${{ ! success() }} - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - name: 'Mark "Test plugin upgrades" failed' - if: ${{ ! success() }} - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: failure - title: Failed to find build artifact - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the "Find artifact" step failed. - token: ${{ steps.get_token.outputs.token }} - - name: 'Mark "Test wpcom filename restrictions" failed' - if: ${{ ! success() }} - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: failure - title: Failed to find build artifact - summary: | - ${{ env.SUMMARY }} - - Post-build run aborted because the "Find artifact" step failed. - token: ${{ steps.get_token.outputs.token }} - - no_plugins: - name: Handle no-plugins - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'false' - timeout-minutes: 2 # 2025-11-20: Takes a few seconds. - steps: - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: 'Mark "Test plugin upgrades" skipped' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: skipped - title: No plugins were built - summary: | - ${{ env.SUMMARY }} - - Post-build run skipped because no plugins were built. - token: ${{ steps.get_token.outputs.token }} - - - name: 'Mark "Test wpcom filename restrictions" skipped' - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: skipped - title: No plugins were built - summary: | - ${{ env.SUMMARY }} - - Post-build run skipped because no plugins were built. - token: ${{ steps.get_token.outputs.token }} - - prepare_upgrade_test: - name: Prepare plugin upgrades matrix - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'true' - outputs: - matrix: ${{ steps.matrix.outputs.matrix }} - timeout-minutes: 5 # 2025-11-20: Takes a few seconds. - - steps: - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - env: - # Work around a weird node 16/openssl 3 issue in the docker env - OPENSSL_CONF: '/dev/null' - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify check in progress - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - status: in_progress - title: Test started... - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build/plugins.tsv - - - name: Prepare matrix - id: matrix - run: | - RET=$( jq -c -s --raw-input 'split( "\n" )[0:-1] | map( split( "\t" ) | { src: .[0], mirror: .[1], slug: .[2] } )' build/plugins.tsv ) - jq '.' <<<"$RET" - echo "matrix=$RET" >> "$GITHUB_OUTPUT" - - upgrade_test: - name: Test upgrades for ${{ matrix.slug }} - runs-on: ubuntu-latest - needs: [ setup, find_artifact, prepare_upgrade_test ] - if: needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 15 # 2025-11-20: Successful runs seem to take about 2 minutes, but give some extra time for the downloads. - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.prepare_upgrade_test.outputs.matrix ) }} - env: - PLUGIN_SRC: ${{ matrix.src }} - PLUGIN_MIRROR: ${{ matrix.mirror }} - PLUGIN_SLUG: ${{ matrix.slug }} - services: - db: - image: mariadb:lts - env: - MARIADB_ROOT_PASSWORD: wordpress - ports: - - 3306:3306 - options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5 - container: - image: ghcr.io/automattic/jetpack-wordpress-dev:latest - env: - WP_DOMAIN: localhost - WP_ADMIN_USER: wordpress - WP_ADMIN_EMAIL: wordpress@example.com - WP_ADMIN_PASSWORD: wordpress - WP_TITLE: Hello World - MYSQL_HOST: db:3306 - MYSQL_DATABASE: wordpress - MYSQL_USER: root - MYSQL_PASSWORD: wordpress - HOST_PORT: 80 - ports: - - 80:80 - - steps: - - uses: actions/checkout@v5 - with: - path: trunk - - uses: actions/checkout@v5 - with: - ref: ${{ github.event.workflow_run.head_commit.id }} - path: commit - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build - - - name: Setup WordPress - run: trunk/.github/files/test-plugin-update/setup.sh - - - name: Prepare plugin zips - run: trunk/.github/files/test-plugin-update/prepare-zips.sh - - - name: Test upgrades - run: trunk/.github/files/test-plugin-update/test.sh - - post_upgrade_test: - name: Finalize plugin test - runs-on: ubuntu-latest - needs: [ setup, find_artifact, upgrade_test ] - if: always() && needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 5 # 2025-11-20: Takes a few seconds. - - steps: - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - uses: ./.github/actions/gh-app-token - env: - # Work around a weird node 16/openssl 3 issue in the docker env - OPENSSL_CONF: '/dev/null' - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify final status - uses: ./.github/actions/check-run - with: - id: ${{ needs.setup.outputs.upgrade_check }} - conclusion: ${{ needs.upgrade_test.result }} - title: ${{ needs.upgrade_test.result == 'success' && 'Tests passed' || needs.upgrade_test.result == 'cancelled' && 'Cancelled' || 'Tests failed' }} - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - wpcom_filename_test: - name: Test wpcom filename restrictions - runs-on: ubuntu-latest - needs: [ setup, find_artifact ] - if: needs.find_artifact.outputs.any_plugins == 'true' - timeout-minutes: 15 # 2025-11-20: Less than a minute, but leave time for the downloads. - steps: - - uses: actions/checkout@v5 - with: - path: trunk - - uses: actions/checkout@v5 - with: - ref: ${{ github.event.workflow_run.head_commit.id }} - path: commit - - - name: Get token - id: get_token - uses: ./trunk/.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Notify check in progress - uses: ./trunk/.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - status: in_progress - title: Test started... - summary: | - ${{ env.SUMMARY }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} - - - name: Download build artifact - env: - TOKEN: ${{ github.token }} - ZIPURL: ${{ needs.find_artifact.outputs.zip_url }} - shell: bash - run: | - for (( i=1; i<=2; i++ )); do - [[ $i -gt 1 ]] && sleep 10 - echo "::group::Downloading artifact (attempt $i/2)" - curl -v -L --get \ - --header "Authorization: token $TOKEN" \ - --url "$ZIPURL" \ - --output "artifact.zip" - echo "::endgroup::" - if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then - break - fi - done - [[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; } - unzip artifact.zip - tar --xz -xvvf build.tar.xz build - - - name: Test filename restrictions - id: tests - run: trunk/.github/files/test-wpcom-filename-restrictions.sh - - - name: Notify final status - if: always() - uses: ./trunk/.github/actions/check-run - with: - id: ${{ needs.setup.outputs.wpcom_filename_check }} - conclusion: ${{ job.status }} - title: ${{ job.status == 'success' && 'Tests passed' || job.status == 'cancelled' && 'Cancelled' || 'Tests failed' }} - summary: | - ${{ env.SUMMARY }} - - ${{ steps.tests.outputs.info }} - - See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details. - token: ${{ steps.get_token.outputs.token }} diff --git a/.github/workflows/pr-is-up-to-date.yml b/.github/workflows/pr-is-up-to-date.yml deleted file mode 100644 index 8a6baaf74570..000000000000 --- a/.github/workflows/pr-is-up-to-date.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: PR is up-to-date -on: - pull_request_target: - branches: [ trunk ] - push: - branches: [ trunk ] - tags: - - pr-update-to - - pr-update-to-projects/** - -jobs: - check: - name: Check - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-20: The run on push to the tag might take a minute or two. - steps: - - # We basically have two workflows in one here, one for pushes to trunk and one for PRs and pushes to tags. - # The reason we don't separate them into two is because GitHub's UI would then always be showing a skipped job - # in the PR check list, which is kind of annoying. - - # First, the "PR or tag" job. - - - name: Checkout trunk for tag push or PR - uses: actions/checkout@v5 - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - with: - ref: trunk - token: ${{ secrets.API_TOKEN_GITHUB }} - - # On a PR, we need to fetch (but not check out) the actual PR too. - - name: Deepen to merge base - if: github.event_name != 'push' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Determine tags for PR or tag and paths for tag push - id: determine - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - env: - REF: ${{ github.event.pull_request.head.sha }} - run: | - TAGS=() - TAG= - PATHS= - if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then - TAG="${GITHUB_REF#refs/tags/}" - if [[ "$TAG" == pr-update-to-* ]]; then - PATHS="${TAG#pr-update-to-}" - fi - else - TMP="$(git -c core.quotepath=off diff --name-only "origin/trunk...${REF}" projects/*/*/ | sed -nE 's!^(projects/[^/]+/[^/]+)/.*!pr-update-to-\1!p' | sort -u)" - mapfile -t TAGS <<<"$TMP" - TAGS+=( pr-update-to ) - fi - echo "pr-tags=${TAGS[*]}" >> "$GITHUB_OUTPUT" - echo "push-tag=$TAG" >> "$GITHUB_OUTPUT" - echo "push-paths=$PATHS" >> "$GITHUB_OUTPUT" - - - name: Check PR or tag push - if: github.event_name != 'push' || github.ref != 'refs/heads/trunk' - uses: ./projects/github-actions/pr-is-up-to-date - with: - tags: ${{ steps.determine.outputs.pr-tags }} - tag: ${{ steps.determine.outputs.push-tag }} - paths: ${{ steps.determine.outputs.push-paths }} - token: ${{ secrets.API_TOKEN_GITHUB }} - status: PR is up to date - - # Second, the "push to trunk" job. - - - name: Checkout push to trunk - uses: actions/checkout@v5 - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - with: - # The "Check whether the tag needs updating for trunk commit" needs the previous commit for diffing. - fetch-depth: 2 - token: ${{ secrets.API_TOKEN_GITHUB }} - - - name: Wait for prior instances of the workflow to finish - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - uses: ./.github/actions/turnstile - - - name: Check whether the tag needs updating for trunk commit - if: github.event_name == 'push' && github.ref == 'refs/heads/trunk' - run: .github/files/pr-update-to.sh diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 82f8ad78df13..0b7376ddeff8 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -18,8 +18,6 @@ on: - full - lookup - extract - schedule: - - cron: '0 0/2 * * *' concurrency: group: renovate-${{ github.ref }} diff --git a/.github/workflows/slack-branch-existence-notification.yml b/.github/workflows/slack-branch-existence-notification.yml deleted file mode 100644 index fe674816bd3d..000000000000 --- a/.github/workflows/slack-branch-existence-notification.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: Slack branch existence notification -on: - create: - delete: - -jobs: - notify: - name: Notify - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-20: Takes a few seconds. - if: github.event.ref == 'prerelease' - - steps: - - uses: actions/checkout@v5 - with: - ref: trunk - - name: Generate message - id: message - env: - SLACK_RELEASES_CHANNEL: ${{ secrets.SLACK_RELEASES_CHANNEL }} - run: | - source .github/files/gh-funcs.sh - - if [[ "$GITHUB_EVENT_NAME" == 'create' ]]; then - gh_set_output message "$( - jq -nc --arg C "$SLACK_RELEASES_CHANNEL" --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | { - channel: $C, - icon_emoji: ":lock:", - text: "Incoming release! Prerelease branch was created by \( $e.sender.login ).", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: ":holdontoyourbutts: Incoming release! Prerelease branch was created by \( $e.sender.login ).", - }, - } - ], - }' - )" - elif [[ "$GITHUB_EVENT_NAME" == 'delete' ]]; then - gh_set_output message "$( - jq -nc --arg C "$SLACK_RELEASES_CHANNEL" --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | { - channel: $C, - icon_emoji: ":unlock:", - text: "Prerelease branch was deleted by \( $e.sender.login ).", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: "Prerelease branch was deleted by \( $e.sender.login ).", - }, - } - ], - }' - )" - else - echo "::error::Unknown event \"$GITHUB_EVENT_NAME\"" - exit 1 - fi - - - name: Send message to releases channel - uses: slackapi/slack-github-action@v2.1.0 - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message }} diff --git a/.github/workflows/slack-workflow-failed.yml b/.github/workflows/slack-workflow-failed.yml deleted file mode 100644 index cf8af5913323..000000000000 --- a/.github/workflows/slack-workflow-failed.yml +++ /dev/null @@ -1,168 +0,0 @@ -name: CI Results -run-name: ${{ github.event.workflow.name }} on ${{ github.event.workflow_run.head_branch }} -on: - workflow_run: - types: [ 'completed' ] - workflows: - - Build - - Build Docker - - Gardening - - k6 Tests for Jetpack Staging Test Sites - - Linting - - Monorepo Auto-tagger - - Post-Build - - PR is up-to-date - - Tests - - Update Jetpack Staging Test Sites - - Update Phan stubs - branches: [ 'trunk', 'prerelease', '*/branch-*' ] - -jobs: - notify: - name: Notify failure - runs-on: ubuntu-latest - if: ${{ github.repository == 'Automattic/jetpack' && github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'issues' && github.event.workflow_run.event != 'issue_comment' }} - - steps: - - uses: actions/checkout@v5 - - name: Generate message - id: message - env: - SLACK_JP_ALERTS_CHANNEL: ${{ secrets.SLACK_JP_ALERTS_CHANNEL }} - SLACK_RELEASES_CHANNEL: ${{ secrets.SLACK_RELEASES_CHANNEL }} - run: | - source .github/files/gh-funcs.sh - - # If this is triggered off of another "workflow_run" workflow, it'll always see the head_branch as "trunk". - # In that case, we assume it's setting display_title to be like "NAME on BRANCH" and extract the branch from there. - if jq -e '.workflow_run.event == "workflow_run"' "$GITHUB_EVENT_PATH" &>/dev/null; then - TITLE=$(jq -r '.workflow_run.display_title' "$GITHUB_EVENT_PATH") - BRANCH=${TITLE##* on } - echo "branch=$BRANCH" >> "$GITHUB_OUTPUT" - DATA=$( jq -nc --slurpfile event "$GITHUB_EVENT_PATH" --arg branch "$BRANCH" '$event[0] as $e | $e.workflow_run as $run | - { - workflow_name: $e.workflow.name, - branch: $branch, - run_id: $run.id, - run_url: $run.html_url, - duration: ( ( $run.updated_at | fromdateiso8601 ) - ( $run.run_started_at | fromdateiso8601 ) | strftime( "%H:%M:%S" ) ), - } - ' ) - else - BRANCH=$(jq -r '.workflow_run.head_branch' "$GITHUB_EVENT_PATH") - echo "branch=$BRANCH" >> "$GITHUB_OUTPUT" - DATA=$( jq -nc --slurpfile event "$GITHUB_EVENT_PATH" '$event[0] as $e | $e.workflow_run as $run | - ( $run.head_commit.message | sub( "\n.*"; ""; "m" ) | match( " \\(#([0-9]+)\\)$" ).captures[0].string // null ) as $pr | - { - workflow_name: $e.workflow.name, - branch: $run.head_branch, - run_id: $run.id, - run_url: $run.html_url, - duration: ( ( $run.updated_at | fromdateiso8601 ) - ( $run.run_started_at | fromdateiso8601 ) | strftime( "%H:%M:%S" ) ), - commit: "\( $run.head_commit.id[0:8] ) \( $run.head_commit.message | sub( "\n.*"; ""; "m" ) )", - author: ( $run.head_commit.author.name ), - commit_url: "\( $run.head_repository.html_url )/commit/\( $run.head_commit.id )", - pr: $pr, - pr_url: ( if $pr then "\( $run.head_repository.html_url )/pull/\( $pr )" else null end ) - } - ' ) - fi - - jq -r '[ - "### \( .workflow_name ) failed on \( .branch )", - "", - if .commit then "Commit: \( .commit )" else empty end, - if .author then "Author: \( .author )" else empty end, - "Duration: \( .duration )", - "", - ( - [ - "[Run #\( .run_id )](\( .run_url ))", - if .commit_url then "[Commit](\( .commit_url ))" else empty end, - if .pr then "[PR #\( .pr )](\( .pr_url ))" else empty end - ] | join( " | " ) - ) - ] | join( "\n" )' <<<"$DATA" >> $GITHUB_STEP_SUMMARY - - MSG=$( jq -c ' - { - icon_emoji: ":github-rejected:", - text: "*\( .workflow_name ) failed on \( .branch )*\n<\( .run_url )|Run #\( .run_id )>", - blocks: [ - { - type: "section", - text: { - type: "mrkdwn", - text: "*\( .workflow_name ) failed on \( .branch )*" - } - }, - { - type: "context", - elements: [ - if .commit then { - type: "plain_text", - text: "Commit: \( .commit )", - emoji: false - } else empty end, - if .author then { - type: "plain_text", - text: "Author: \( .author )", - emoji: false - } else empty end, - { - type: "plain_text", - text: "Duration: \( .duration )" - } - ] - }, - { - type: "actions", - elements: [ - { - type: "button", - text: { - type: "plain_text", - text: "Run #\( .run_id )" - }, - url: .run_url - }, - if .commit_url then { - type: "button", - text: { - type: "plain_text", - text: "Commit" - }, - url: .commit_url - } else empty end, - if .pr then { - type: "button", - text: { - type: "plain_text", - text: "PR #\( .pr )" - }, - url: .pr_url, - } else empty end - ] - } - ] - } - ' <<<"$DATA" ) - - gh_set_output message_alerts "$( jq -c --arg C "$SLACK_JP_ALERTS_CHANNEL" '.channel |= $C' <<<"$MSG" )" - gh_set_output message_releases "$( jq -c --arg C "$SLACK_RELEASES_CHANNEL" '.channel |= $C' <<<"$MSG" )" - - - name: Send message to alerts channel - uses: slackapi/slack-github-action@v2.1.0 - if: steps.message.outputs.branch == 'trunk' - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message_alerts }} - - - name: Send message to releases channel - uses: slackapi/slack-github-action@v2.1.0 - if: contains( steps.message.outputs.branch, '/branch-' ) || steps.message.outputs.branch == 'prerelease' - with: - token: ${{ secrets.SLACK_TOKEN }} - method: chat.postMessage - payload: ${{ steps.message.outputs.message_releases }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 2cfb2ce36fd9..000000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: 'Mark stale pull requests' -on: - schedule: - # Run every 6 hours at xx:30. - - cron: '30 */6 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - timeout-minutes: 10 # 2025-11-20: Takes less than a minute. - steps: - - uses: actions/stale@v10 - with: - # Get PRs in ascending (oldest first) order. - ascending: true - operations-per-run: 50 - # PRs: Mark as stale after 2 months, close after 1 month more - days-before-pr-stale: 60 - days-before-pr-close: 31 - delete-branch: true - # Label to use when marking a PR as stale - stale-pr-label: '[Status] Stale' - # PRs with these labels will never be considered stale. - exempt-pr-labels: '[Pri] High,[Pri] BLOCKER,FixTheFlows,[Status] Keep Open' - # Message to be added to stale PRs. - stale-pr-message: | -

This PR has been marked as stale. This happened because:

- -
    -
  • It has been inactive for the past 3 months.
    • -
  • It hasn't been labeled `[Pri] BLOCKER`, `[Pri] High`, `[Status] Keep Open`, etc.
    • -
- -

If this PR is still useful, please do a [trunk merge or rebase](https://github.com/Automattic/jetpack/blob/trunk/docs/git-workflow.md#keeping-your-branch-up-to-date) - and otherwise make sure it's up to date and has clear testing instructions. - You may also want to ping possible reviewers in case they've forgotten about it. - Please close this PR if you think it's not valid anymore — if you - do, please add a brief explanation.

- -

If the PR is not updated (or at least commented on) in another month, it will be automatically closed.

- close-pr-message: | -

This PR has been automatically closed as it has not been updated in some time. - If you want to resume work on the PR, feel free to restore the branch and reopen the PR.

- # Ignore issues, only operating on pull requests. - days-before-issue-stale: -1 - days-before-issue-close: -1 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 399cb72031fc..000000000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,441 +0,0 @@ -name: Tests - -on: - pull_request: - push: - branches: ['trunk', '*/branch-*'] - -concurrency: - # Trunk runs need to not be cancelled for concurrency, mainly for code coverage. Everything else can be. - group: tests-${{ github.event_name }}-${{ github.ref }}-${{ github.event_name == 'push' && github.ref == 'refs/heads/trunk' && github.run_id || '' }} - cancel-in-progress: true - -env: - COMPOSER_ROOT_VERSION: 'dev-trunk' - -jobs: - create-matrix: - name: 'Determine tests matrix' - runs-on: ubuntu-latest - timeout-minutes: 2 # 2025-11-20: Takes a few seconds. - outputs: - matrix: ${{ steps.create-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v5 - - id: create-matrix - run: | - MATRIX="$(.github/files/generate-ci-matrix.php)" - echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - - run-tests: - name: ${{ matrix.name }} - runs-on: ${{ matrix.runner }} - needs: create-matrix - services: - database: - image: mariadb:12.0 - env: - MARIADB_ROOT_PASSWORD: root - ports: - - 3306:3306 - options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5 - continue-on-error: ${{ matrix.experimental }} - timeout-minutes: ${{ matrix.timeout }} - env: - TEST_SCRIPT: ${{ matrix.script }} - WP_BRANCH: ${{ matrix.wp }} - PHP_VERSION: ${{ matrix.php }} - NODE_VERSION: ${{ matrix.node }} - MONOREPO_BASE: ${{ github.workspace }} - WITH_WOOCOMMERCE: ${{ matrix.with-woocommerce }} - WITH_WPCOMSH: ${{ matrix.with-wpcomsh }} - strategy: - fail-fast: false - matrix: - include: ${{ fromJson( needs.create-matrix.outputs.matrix ) }} - - # Note matrix-job outputs are kind of weird. Last-to-run job that sets a non-empty value wins. - outputs: - did-coverage: ${{ ( steps.run-tests.conclusion != 'cancelled' && steps.process-coverage.conclusion == 'success' && steps.upload-artifacts.conclusion == 'success' ) && 'true' || '' }} - coverage-status: ${{ matrix.script == 'test-coverage' && steps.run-tests.conclusion || '' }} - - steps: - - uses: actions/checkout@v5 - with: - # Test coverage checks require a fetch depth > 1. - fetch-depth: 2 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - php: ${{ matrix.php }} - coverage: ${{ matrix.script == 'test-coverage' && 'pcov' || 'none' }} - node: ${{ matrix.node }} - - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - - name: Detect changed projects - id: changed - run: | - CHANGED="$(EXTRA=test .github/files/list-changed-projects.sh)" - - # Only test certain plugins in combination with WC - if [[ "$WITH_WOOCOMMERCE" == true ]]; then - echo "Testing with WooCommerce, filtering for projects that have WooCommerce-specific tests." - CHANGED=$( jq -c 'with_entries( select( .key == "plugins/jetpack" ) )' <<<"$CHANGED" ) - fi - - ANY_PLUGINS="$(jq --argjson changed "$CHANGED" -n '$changed | with_entries( select( .key | startswith( "plugins/" ) ) ) | any')" - echo "projects=${CHANGED}" >> "$GITHUB_OUTPUT" - echo "any-plugins=${ANY_PLUGINS}" >> "$GITHUB_OUTPUT" - - - name: Select WordPress version - if: matrix.wp != 'none' - run: .github/files/select-wordpress-tag.sh - - - name: Composer Install - env: - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - # If we're going to be making WorDBless use WP "nightlies", remove the relevant package from Composer's cache to get the latest version. - if [[ "$WP_BRANCH" == 'trunk' && ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) ]]; then - echo "::group::Clear composer cache for roots/wordpress" - DIR=$(composer config cache-files-dir) - rm -rf "$DIR/roots/wordpress" "$DIR/roots/wordpress-no-content" - echo "::endgroup::" - fi - - echo "::group::Composer" - composer install --working-dir=tools/php-test-env - - if [[ ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) && ( "$WP_BRANCH" == 'trunk' || "$WP_BRANCH" == 'previous' ) ]]; then - VER=$(composer --format=json --working-dir="tools/php-test-env" show | jq -r '.installed[] | select( .name == "roots/wordpress" ) | .version') - if [[ -n "$VER" ]]; then - INSVER=$WORDPRESS_TAG - [[ "$WORDPRESS_TAG" == 'trunk' ]] && INSVER="dev-main as $VER" - echo "Supposed to run tests against WordPress $WORDPRESS_TAG, so setting roots/wordpress and roots/wordpress-no-content to \"$INSVER\"" - # Composer seems to sometimes have issues with deleting the wordpress dir on its own, so do it manually first. - rm -rf "tools/php-test-env/wordpress" - composer --working-dir="tools/php-test-env" require --dev "roots/wordpress:$INSVER" "roots/wordpress-no-content:$INSVER" - fi - fi - echo "::endgroup::" - - echo "Checking for non-mirrored require-dev packages, in case this is testing a release branch" - for SLUG in $( jq -r 'keys[]' <<<"$CHANGED" ); do - PKGS=() - readarray -t PKGS < <( jq -r '.extra["non-mirrored-require-dev"] // empty | .[] | . += "=@dev"' "projects/$SLUG/composer.json" ) - if [[ ${#PKGS[@]} -gt 0 ]]; then - echo "::group::Adding packages for $SLUG: ${PKGS[*]}" - # Make sure monorepo repositories entry is present. - JSON=$( jq --tab '.repositories //= [] | if any( .repositories[]; .type == "path" and ( .url | startswith( "../" ) ) and .options?.monorepo? ) then . else .repositories += [ { type: "path", url: "../../packages/*", options: { monorepo: true } } ] end' "projects/$SLUG/composer.json" ) - echo "$JSON" > "projects/$SLUG/composer.json" - # Use --no-install and --ignore-platform-reqs here. Code below (either in .github/files/setup-wordpress-env.sh or the "Run project tests" step) will do a `composer install` or `composer update` as necessary. - composer require --working-dir="projects/$SLUG/" --dev --no-install --ignore-platform-reqs "${PKGS[@]}" - echo "::endgroup::" - fi - done - - - name: Setup WordPress environment for plugin tests - env: - API_TOKEN_GITHUB: ${{ secrets.GITHUB_TOKEN }} - CHANGED: ${{ steps.changed.outputs.projects }} - if: steps.changed.outputs.any-plugins == 'true' && matrix.wp != 'none' - run: .github/files/setup-wordpress-env.sh - - - name: Run project tests - id: run-tests - env: - FORCE_PACKAGE_TESTS: ${{ matrix.force-package-tests && 'true' || 'false' }} - CHANGED: ${{ steps.changed.outputs.projects }} - run: | - EXIT=0 - declare -A PIDS - PIDS=() - MAXPIDS=$( nproc ) - FAILED=() - mkdir artifacts - [[ "$TEST_SCRIPT" == "test-coverage" ]] && mkdir coverage - for P in composer.json projects/*/*/composer.json; do - if [[ ${#PIDS[@]} -ge $MAXPIDS ]]; then - if ! wait -fn -p PID "${!PIDS[@]}"; then - echo "::error::Tests for ${PIDS[$PID]} failed!" - FAILED+=( "${PIDS[$PID]}" ) - EXIT=1 - fi - echo "Finished ${PIDS[$PID]}" - unset PIDS[$PID] - fi - - if [[ "$P" == "composer.json" ]]; then - DIR="." - SLUG="monorepo" - else - DIR="${P%/composer.json}" - SLUG="${DIR#projects/}" - fi - - if [[ "${SLUG%%/*}" != "plugins" && "$WP_BRANCH" != 'latest' && "$WP_BRANCH" != 'none' && "$FORCE_PACKAGE_TESTS" != "true" ]]; then - echo "Skipping $SLUG, only plugins run for WP_BRANCH = $WP_BRANCH" - continue - fi - - if ! jq --argjson changed "$CHANGED" --arg p "$SLUG" -ne '$changed[$p] // false' > /dev/null; then - echo "Skipping $SLUG, no changes in it or its dependencies" - elif ! jq --arg script "$TEST_SCRIPT" -e '.scripts[$script] // false' "$P" > /dev/null; then - echo "Skipping $SLUG, no test script is defined in composer.json" - elif php -r 'exit( preg_match( "/^>=\\s*(\\d+\\.\\d+)$/", $argv[1], $m ) && version_compare( PHP_VERSION, $m[1], "<" ) ? 0 : 1 );' "$( jq -r '.require.php // ""' "$P" )"; then - echo "Skipping $SLUG, requires PHP $( jq -r '.require.php // ""' "$P" ) but PHP version is $( php -r 'echo PHP_VERSION;' )" - else - if jq --arg script "skip-$TEST_SCRIPT" -e '.scripts[$script] // false' "$P" > /dev/null; then - { composer --working-dir="$DIR" run "skip-$TEST_SCRIPT"; CODE=$?; } || true - if [[ $CODE -eq 3 ]]; then - echo "Skipping tests for $SLUG due to skip-$TEST_SCRIPT script" - continue - elif [[ $CODE -ne 0 ]]; then - echo "::error::Script skip-$TEST_SCRIPT failed to run $CODE!" - FAILED+=( "$SLUG" ) - EXIT=1 - continue - fi - fi - - echo "Running tests for $SLUG" - { - # Composer install, if appropriate. Note setup-wordpress-env.sh did it already for plugins. - if [[ "${SLUG%%/*}" != "plugins" && ( "$TEST_SCRIPT" == "test-php" || "$TEST_SCRIPT" == "test-coverage" ) ]]; then - if [[ "$TEST_SCRIPT" == "test-coverage" ]] && - ! jq -e '.scripts["test-php"]' "$DIR/composer.json" &>/dev/null - then - echo "Skipping composer install, assuming test-coverage is only JS because the project has no test-php." - else - if [[ ! -f "$DIR/composer.lock" ]]; then - echo 'No composer.lock, running `composer update`' - composer --working-dir="$DIR" update - elif composer --working-dir="$DIR" check-platform-reqs --lock; then - echo 'Platform reqs pass, running `composer install`' - composer --working-dir="$DIR" install - if [[ "$TEST_SCRIPT" == "test-php" ]] && composer info --locked phpunit/phpunit &>/dev/null; then - echo 'Updating PHPUnit in case a newer version than locked is usable' - composer --working-dir="$DIR" update -W phpunit/phpunit - fi - else - echo 'Platform reqs failed, running `composer update`' - composer --working-dir="$DIR" update - fi - fi - fi - - if [[ "${SLUG%%/*}" == "plugins" ]]; then - export WP_TESTS_CONFIG_FILE_PATH="$WORDPRESS_DEVELOP_DIR/wp-tests-config.${SLUG##*/}.php" - fi - - mkdir -p "artifacts/$SLUG" - export ARTIFACTS_DIR="$GITHUB_WORKSPACE/artifacts/$SLUG" - if [[ "$TEST_SCRIPT" == "test-coverage" ]]; then - mkdir -p "coverage/$SLUG" - export COVERAGE_DIR="$GITHUB_WORKSPACE/coverage/$SLUG" - fi - FAIL=false - if ! composer run --timeout=0 --working-dir="$DIR" "$TEST_SCRIPT"; then - FAIL=true - fi - - # Actions seems to slow down if there are a lot of files, so clean up Composer stuff after each test. - # We don't do it for JS stuff, as that might break things with how JS does package deps. - rm -rf "$DIR/vendor" "$DIR/jetpack_vendor" "$DIR/wordpress" - - if $FAIL; then - echo "Tests for $SLUG failed!" - exit 1 - fi - } 2> >( sed -u 's!^!['"$SLUG"'] !' >&2 ) > >( sed -u 's!^!['"$SLUG"'] !' ) & - PIDS[$!]=$SLUG - fi - done - while [[ ${#PIDS[@]} -gt 0 ]]; do - if ! wait -fn -p PID "${!PIDS[@]}"; then - echo "::error::Tests for ${PIDS[$PID]} failed!" - FAILED+=( "${PIDS[$PID]}" ) - EXIT=1 - fi - echo "Finished ${PIDS[$PID]}" - unset PIDS[$PID] - done - - if [[ ${#FAILED[@]} -gt 0 ]]; then - echo '' - echo 'The following tests failed:' - printf " - %s\n" "${FAILED[@]}" - fi - - exit $EXIT - - - name: Process coverage results - id: process-coverage - env: - CHANGED: ${{ steps.changed.outputs.projects }} - if: matrix.script == 'test-coverage' && always() - run: .github/files/coverage-munger/process-coverage.sh - - - name: Check for artifacts - id: check-artifacts - # Default for `if` is `success()`, we want this to run always. - if: always() - run: | - [[ -d artifacts ]] && find artifacts -type d -empty -delete - if [[ -d artifacts ]]; then - echo "any=true" >> "$GITHUB_OUTPUT" - else - echo "any=false" >> "$GITHUB_OUTPUT" - fi - - name: Upload artifacts - id: upload-artifacts - if: always() && steps.check-artifacts.outputs.any == 'true' - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.artifact }} - path: artifacts - include-hidden-files: true - retention-days: 7 - - publish-coverage-data: - name: Publish coverage data - runs-on: ubuntu-latest - timeout-minutes: 10 # 2025-11-20 Takes about 2 minutes. - needs: run-tests - if: always() && needs.run-tests.outputs.did-coverage == 'true' && github.repository == 'Automattic/jetpack' && ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name || github.event_name == 'push' && github.ref == 'refs/heads/trunk' ) - steps: - - uses: actions/checkout@v5 - - - name: Get token - id: get_token - if: github.event_name == 'pull_request' - uses: ./.github/actions/gh-app-token - with: - app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }} - private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }} - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Download coverage artifact - uses: actions/download-artifact@v5 - with: - name: 'Code coverage' - path: coverage - - - name: Upload coverage results - env: - PR_ID: ${{ github.event_name != 'pull_request' && 'trunk' || github.event.pull_request.number }} - SECRET: ${{ secrets.CODECOV_SECRET }} - STATUS: ${{ needs.run-tests.outputs.coverage-status }} - PR_HEAD: ${{ github.event.pull_request.head.sha }} - POST_MESSAGE_TOKEN: ${{ steps.get_token.outputs.token }} - run: .github/files/coverage-munger/upload-coverage.sh - - storybook-test: - name: Storybook tests - runs-on: ubuntu-latest - timeout-minutes: 20 # 2025-11-20: Takes about 4 minutes - steps: - - uses: actions/checkout@v5 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - - name: Detect changed projects - id: changed - run: | - CHANGED=$( .github/files/list-changed-projects.sh ) - PROJECTS=$( node -e 'const r = { "js-packages/storybook": true }; for ( const p of require( "./projects/js-packages/storybook/storybook/projects.js" ).projects ) { const m = p.match( /\/projects\/([^/]+\/[^/]+)(?:$|\/)/ ); m && ( r[ m[1] ] = true ); } console.log( JSON.stringify( r ) );' ) - - ANY=$( jq --argjson changed "$CHANGED" --argjson projects "$PROJECTS" -n '$changed | with_entries( select( $projects[ .key ] ) ) | any' ) - echo "any=${ANY}" >> "$GITHUB_OUTPUT" - - - name: Build storybook - if: steps.changed.outputs.any == 'true' - run: | - pnpm jetpack build -v js-packages/storybook - - - name: Install playwright - if: steps.changed.outputs.any == 'true' - run: | - cd projects/js-packages/storybook - pnpm exec playwright install --with-deps chromium - - - name: Test storybook - if: steps.changed.outputs.any == 'true' - env: - # Chromium bug, see https://github.com/microsoft/playwright/issues/34046 - LANG: en_US - LC_ALL: en_US - run: | - cd projects/js-packages/storybook - node bin/webserver.mjs - REFERENCE_URL=https://automattic.github.io/jetpack-storybook/ pnpm exec test-storybook -c storybook --url 'http://127.0.0.1:6006/index.html' - - # Probably this should be a linting test, but we don't run linting on trunk or release branches. - plugin-deps: - name: Check plugin monorepo dep versions - runs-on: ubuntu-latest - timeout-minutes: 5 # 2025-11-20: Takes less than a minute. - steps: - - uses: actions/checkout@v5 - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - node: false - - name: Run check - run: | - if [[ "$GITHUB_EVENT_NAME" == 'push' ]]; then - REF="${GITHUB_REF#refs/heads/}" - elif [[ "$GITHUB_EVENT_NAME" == 'pull_request' || "$GITHUB_EVENT_NAME" == 'pull_request_target' ]]; then - REF="$GITHUB_BASE_REF" - else - echo "::error::Unsupported github event \"$GITHUB_EVENT_NAME\"" - exit 1 - fi - echo "Detected target ref \"$REF\"" - - if [[ "$REF" == trunk ]]; then - ARGS=( --dev ) - elif [[ "$REF" == */branch-* ]]; then - ARGS=( --release ) - TMP="$(jq -r --arg P "${REF%%/branch-*}" '.extra["release-branch-prefix"] | if type == "array" then . else [ . ] end | if index( $P ) then input_filename | match( "^projects/plugins/([^/]+)/composer.json$" ).captures[0].string else empty end' projects/plugins/*/composer.json)" - while IFS= read -r LINE; do - ARGS+=( "$LINE" ) - done <<<"$TMP" - else - echo "Unsupported ref \"$REF\", ignoring" - exit 0 - fi - - echo "Running tools/check-plugin-monorepo-deps.sh ${ARGS[@]}" - tools/check-plugin-monorepo-deps.sh "${ARGS[@]}" diff --git a/.github/workflows/update-jetpack-staging-sites.yml b/.github/workflows/update-jetpack-staging-sites.yml deleted file mode 100644 index 43e7017bac49..000000000000 --- a/.github/workflows/update-jetpack-staging-sites.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Update Jetpack Staging Test Sites -# Ran as part of the `UpdateJetpackStaging` TeamCity build. -# After updating the sites, runs k6 tests against the same sites. - -on: - workflow_dispatch: - -jobs: - run_shell_script: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v5 - - - name: Env config - env: - SSH_KEY: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KEY }} - SSH_KNOWN_HOSTS: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KNOWN_HOSTS }} - run: | - mkdir -p ~/.ssh/ - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - echo "$SSH_KEY" > ~/.ssh/id_rsa - chmod 0600 ~/.ssh/id_rsa - - - name: Execute shell script - shell: bash - run: .github/files/jetpack-staging-sites/update-jetpack-staging-sites.sh - - run_k6_tests: - needs: run_shell_script - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v5 - - - name: Run k6 frontend tests - uses: grafana/k6-action@v0.3.0 - with: - filename: .github/files/jetpack-staging-sites/k6-frontend.js - env: - JETPACKSTAGING_K6_USERNAME: ${{ secrets.JETPACKSTAGING_K6_USERNAME }} - JETPACKSTAGING_K6_PASSWORD: ${{ secrets.JETPACKSTAGING_K6_PASSWORD }} - - - name: Run k6 backend tests - uses: grafana/k6-action@v0.3.0 - with: - filename: .github/files/jetpack-staging-sites/k6-backend.js - env: - JETPACKSTAGING_K6_USERNAME: ${{ secrets.JETPACKSTAGING_K6_USERNAME }} - JETPACKSTAGING_K6_PASSWORD: ${{ secrets.JETPACKSTAGING_K6_PASSWORD }} - - trigger_e2e_tests: - needs: run_shell_script - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v5 - - - name: Execute shell script - shell: bash - run: .github/files/jetpack-staging-sites/run-atomic-deploy-e2e-tests.sh - env: - SIGNATURE_KEY: ${{ secrets.ATOMIC_DEPLOY_E2E_TESTS_KEY }} - TRIGGER_URL: ${{ secrets.ATOMIC_DEPLOY_E2E_TESTS_URL }} diff --git a/.github/workflows/update-phan-stubs.yml b/.github/workflows/update-phan-stubs.yml index 229dd7a57fed..a0df1b12030f 100644 --- a/.github/workflows/update-phan-stubs.yml +++ b/.github/workflows/update-phan-stubs.yml @@ -1,14 +1,10 @@ name: Update Phan stubs on: workflow_dispatch: - schedule: - - cron: '22 0 * * 1,2,3,4,5' concurrency: group: update-phan-stubs-${{ github.ref }} -permissions: - contents: write - pull-requests: write +permissions: {} env: GIT_AUTHOR_NAME: matticbot @@ -66,7 +62,7 @@ jobs: git checkout -b update/phan-custom-stubs git commit -am 'phan: Update custom stubs' git push origin update/phan-custom-stubs - if ! gh pr create --title 'phan: Update custom stubs' --body 'This is an automatic update generated by a GitHub Action. If closed it will be recreated the next time the action runs.' --label '[Pri] Normal' --label '[Type] Janitorial' --label '[Status] Needs Review' --reviewer Automattic/jetpack-monorepo; then + if ! gh pr create --title 'phan: Update custom stubs' --body 'This is an automatic update generated by a GitHub Action. If closed it will be recreated the next time the action runs.' --label '[Pri] Normal' --label '[Type] Janitorial' --label '[Status] Needs Review'; then git push --delete origin update/phan-custom-stubs exit 1 fi diff --git a/.github/workflows/wpcloud.yml b/.github/workflows/wpcloud.yml deleted file mode 100644 index 958f555b8ace..000000000000 --- a/.github/workflows/wpcloud.yml +++ /dev/null @@ -1,171 +0,0 @@ -name: WP Cloud Unit Testing for WPCOMSH - -on: - pull_request: - push: - branches: ['trunk', '*/branch-*'] -concurrency: - group: wpcloud-wpcomsh - cancel-in-progress: false - # Concurrency is set up to make sure we can only run one WP Cloud testing job at the same time. - -jobs: - build: - name: Install the Monorepo and build wpcomsh - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - outputs: - wpcomsh: ${{ steps.changed.outputs.wpcomsh }} - steps: - - uses: actions/checkout@v5 - - # For pull requests, list-changed-projects.sh needs the merge base. - # But it doesn't have to be checked out. - - name: Deepen to merge base - if: github.event_name == 'pull_request' - uses: ./.github/actions/deepen-to-merge-base - with: - checkout: false - - - name: Setup tools - uses: ./.github/actions/tool-setup - with: - # Match PHP version on WP Cloud so the right vendor packages get installed. - php: 8.1 - - name: Monorepo install - run: | - echo "::group::Pnpm" - pnpm install - echo "::endgroup::" - - name: Detect if wpcomsh has changed - id: changed - run: | - CHANGED="$(EXTRA=test .github/files/list-changed-projects.sh)" - - WPCOMSH_CHANGED="$(jq --argjson changed "$CHANGED" -n '$changed | has( "plugins/wpcomsh" ) ')" - echo "wpcomsh=${WPCOMSH_CHANGED}" >> "$GITHUB_OUTPUT" - - name: Build wpcomsh - if: steps.changed.outputs.wpcomsh == 'true' - run: | - find . -path ./.github -prune -o -type f -print | sort > /tmp/before.txt - echo "::group::Installing and building wpcomsh" - rm projects/plugins/wpcomsh/composer.lock - pnpm jetpack build -v --deps plugins/wpcomsh - echo "::endgroup::" - - # We only want to save the files that were actually created or changed. - # But we can't just list them for actions/cache/save, "Argument list too long". - # So instead we delete all the unchanged files so we can tell actions/cache/save - # to save everything that's left. - git -c core.quotepath=off diff --name-only | sort > /tmp/changed.txt - if [[ -s /tmp/changed.txt ]]; then - grep -F -x -v -f /tmp/changed.txt /tmp/before.txt > /tmp/remove.txt - else - cp /tmp/before.txt /tmp/remove.txt - fi - xargs -d '\n' rm < /tmp/remove.txt - find . -type d -empty -delete - - - name: Save wpcomsh build cache - if: steps.changed.outputs.wpcomsh == 'true' - id: wpcomsh-build-cache-save - uses: actions/cache/save@v4 - with: - path: | - . - !./.github/ - key: ${{ github.sha }} - deploy: - name: Run PHPUnit on the WP Cloud test site - runs-on: ubuntu-latest - needs: build - if: needs.build.outputs.wpcomsh == 'true' - steps: - - uses: actions/checkout@v5 - - - name: Restore wpcomsh build cache - id: wpcomsh-build-cache - uses: actions/cache/restore@v4 - with: - path: | - . - !./.github/ - key: ${{ github.sha }} - fail-on-cache-miss: true - - - name: Setup tools - uses: ./.github/actions/tool-setup - - - name: Install monorepo - run: | - pnpm install - - - name: Configure Github to be able to SSH to the WP Cloud site - run: | - echo "::group::Initializing" - mkdir -vp ~/.ssh/ - chmod -v 700 ~/.ssh - - touch ~/.ssh/id_site - touch ~/.ssh/known_hosts - touch ~/.ssh/config - chmod 600 ~/.ssh/id_site - chmod 600 ~/.ssh/known_hosts - chmod 600 ~/.ssh/config - echo "$SSH_KEY" > ~/.ssh/id_site - echo "wrote ~/.ssh/id_site" - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - echo "wrote ~/.ssh/known_hosts" - echo "Host jpwpcomsh" > ~/.ssh/config - echo " Hostname sftp.wp.com" >> ~/.ssh/config - echo " User wpcom-jetpackisbestpack-default-237778992" >> ~/.ssh/config - echo " IdentityFile ~/.ssh/id_site" >> ~/.ssh/config - echo " IdentitiesOnly yes" >> ~/.ssh/config - echo "::endgroup::" - - echo "::group::Transferring wpcomsh to the testing server" - # This can give errors if the previous state was broken, so ignore them - ssh jpwpcomsh "wp --skip-plugins --skip-themes dereferenced freshen > /dev/null 2>&1" || echo "wp dereferenced freshen has exited with code $?" - ssh jpwpcomsh "rm -rf /tmp/old-* > /dev/null 2>&1" - pnpm jetpack rsync --non-interactive wpcomsh jpwpcomsh:/srv/htdocs/wp-content/mu-plugins - scp -r projects/plugins/wpcomsh/bin jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/ - scp -r projects/plugins/wpcomsh/tests jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/ - echo "::endgroup::" - - # Do a basic check to verify the site is loading - echo "::group::Verify things load" - CODE=0 - SITE_URL=$(ssh jpwpcomsh "wp option get siteurl" 2>/dev/null) || CODE=$? - if [[ $CODE -ne 0 ]]; then - echo 'Unable to run a basic `wp` command! Something is wrong with the site.' - elif [[ ! "$SITE_URL" =~ ^https?://[a-z0-9_.-]+$ ]]; then - echo 'Site URL retrieved does not seem to be a URL.' - CODE=1 - else - echo 'No issues using a simple command in WP-CLI.' - curl -s --fail "$SITE_URL" > /dev/null || CODE=$? - if [[ $CODE -ne 0 ]]; then - echo 'Unable to load site! Something is wrong with the site.' - else - echo 'No issues slurping site with `curl`.' - fi - fi - echo "::endgroup::" - - # Proceed with tests if all seems well - if [[ $CODE -eq 0 ]]; then - echo "::group::Run PHPUnit tests" - # The test on WP Cloud won't use `phpunit-select-config`, so select config manually. - scp projects/plugins/wpcomsh/phpunit.9.xml.dist jpwpcomsh:/srv/htdocs/wp-content/mu-plugins/wpcomsh/phpunit.xml.dist - ssh jpwpcomsh "/srv/htdocs/wp-content/mu-plugins/wpcomsh/bin/run-phpunit-tests.sh" || CODE=$? - echo "::endgroup::" - fi - - echo "::group::teardown" - rm -rvf ~/.ssh/ - echo "::endgroup::" - echo "Exiting with exit code $CODE" - exit $CODE - env: - SSH_KEY: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KEY }} - SSH_KNOWN_HOSTS: ${{ secrets.UPDATEJETPACKSTAGING_SSH_KNOWN_HOSTS }} diff --git a/.phan/stubs/amp-stubs.php b/.phan/stubs/amp-stubs.php index 65d38bfb05e8..1bf6eb79a178 100644 --- a/.phan/stubs/amp-stubs.php +++ b/.phan/stubs/amp-stubs.php @@ -1,6 +1,6 @@