Coding standards and code quality

Author: claytoncollie

.github/workflows/code-quality.yml

@@ -0,0 +1,11 @@
+name: Code Quality
+
+on:
+  pull_request:
+
+jobs:
+  trufflehog:
+    uses: ./.github/workflows/truffle-hog.yml
+
+  virus-scan:
+    uses: ./.github/workflows/virus-scan.yml

.github/workflows/coding-standards.yml

@@ -0,0 +1,17 @@
+name: Coding Standards
+
+on:
+  pull_request:
+
+jobs:
+  stylelint:
+    uses: ./.github/workflows/stylelint.yml
+
+  eslint:
+    uses: ./.github/workflows/eslint.yml
+
+  phpcs:
+    uses: ./.github/workflows/phpcs.yml
+
+  phpstan:
+    uses: ./.github/workflows/phpstan.yml

.github/workflows/eslint.yml

@@ -0,0 +1,44 @@
+name: JavaScript Coding Standards
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  eslint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: "npm"
+
+      - name: Cache node modules
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Check Node version
+        run: node -v
+
+      - name: Setup NPM
+        run: npm install -g npm@latest
+
+      - name: Check NPM version
+        run: npm -v
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run Lint JS
+        run: npm run lint-js

.github/workflows/jest.yml

@@ -0,0 +1,44 @@
+name: JavaScript Unit Tests
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  jest:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: "npm"
+
+      - name: Cache node modules
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Check Node version
+        run: node -v
+
+      - name: Setup NPM
+        run: npm install -g npm@latest
+
+      - name: Check NPM version
+        run: npm -v
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run Jest
+        run: npm run test

.github/workflows/node.yml

@@ -1,20 +1,18 @@
-name: PHP Checks
+name: PHP Coding Standards
 
 on:
-  push:
-    branches: ["trunk"]
-  pull_request:
-    branches: ["trunk"]
+  workflow_call:
 
 permissions:
   contents: read
 
 jobs:
-  build:
+  phpcs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4
 
       - name: Setup PHP with composer v2
         uses: shivammathur/setup-php@v2
@@ -51,6 +49,3 @@ jobs:
 
       - name: Run PHPCS
         run: composer lint
-
-      - name: Run PHPStan
-        run: composer static

.github/workflows/php.yml renamed to .github/workflows/phpcs.yml

@@ -0,0 +1,51 @@
+name: PHP Static Analysis
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  phpstan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP with composer v2
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.3"
+          tools: composer:v2
+
+      - name: Validate Root composer.json and composer.lock
+        run: composer validate --strict
+
+      - name: Validate Plugin composer.json and composer.lock
+        run: composer validate --strict --working-dir=mu-plugins/10up-plugin
+
+      - name: Validate Theme composer.json and composer.lock
+        run: composer validate --strict --working-dir=themes/10up-theme
+
+      - name: Cache Composer packages
+        id: composer-cache
+        uses: actions/cache@v4
+        with:
+          path: vendor
+          key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-php-
+
+      - name: Install Root dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: Install Plugin dependencies
+        run: composer install --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin
+
+      - name: Install Theme dependencies
+        run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme
+
+      - name: Run PHPStan
+        run: composer static

.github/workflows/phpstan.yml

@@ -0,0 +1,45 @@
+name: CSS Coding Standards
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  stylelint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: "npm"
+
+      - name: Cache node modules
+        uses: actions/cache@v4
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Check Node version
+        run: node -v
+
+      - name: Setup NPM
+        run: npm install -g npm@latest
+
+      - name: Check NPM version
+        run: npm -v
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run Lint Style
+        run: npm run lint-style
+

.github/workflows/stylelint.yml

@@ -0,0 +1,39 @@
+name: Secret Scanning
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  trufflehog:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Trufflehog exclusions
+        run: |
+            if [ ! -f .trufflehog-exclude.txt ]; then
+              echo "# Paths to exclude from TruffleHog scanning" > .trufflehog-exclude.txt
+              echo "node_modules/" >> .trufflehog-exclude.txt
+              echo "vendor/" >> .trufflehog-exclude.txt
+              echo "dist/" >> .trufflehog-exclude.txt
+              echo "build/" >> .trufflehog-exclude.txt
+            fi
+
+      - name: Run Trufflehog on latest commits
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@main
+        continue-on-error: true
+        with:
+          path: ./
+          extra_args: --results=verified,unknown --exclude-paths .trufflehog-exclude.txt
+
+      - name: Trufflehog Scan Failure
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1