diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..de6bb94c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,94 @@ +name: Build + +on: + workflow_call: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Check Node version + run: npm -v + + - name: Install Node dependencies + run: npm ci + + - name: Build JavaScript + run: npm run build + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: "8.4" + coverage: none + tools: composer:v2 + + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + + - name: Get Composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> ${GITHUB_OUTPUT} + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-php- + + - name: PHP Version + run: php -v + + - name: Install Root dependencies + run: composer install --no-dev --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --no-dev --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --no-dev --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Upload build artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.name }}-payload + retention-days: 7 + include-hidden-files: true + path: . + diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 00000000..ed377e59 --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,18 @@ +name: Code Quality + +on: + pull_request: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + trufflehog: + uses: ./.github/workflows/truffle-hog.yml + + virus-scan: + uses: ./.github/workflows/virus-scan.yml \ No newline at end of file diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml new file mode 100644 index 00000000..8a53b040 --- /dev/null +++ b/.github/workflows/coding-standards.yml @@ -0,0 +1,27 @@ +name: Coding Standards + +on: + pull_request: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + stylelint: + uses: ./.github/workflows/stylelint.yml + + eslint: + uses: ./.github/workflows/eslint.yml + + jest: + uses: ./.github/workflows/jest.yml + + phpcs: + uses: ./.github/workflows/phpcs.yml + + phpstan: + uses: ./.github/workflows/phpstan.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..d884c6be --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,31 @@ +name: Deploy + +on: + workflow_call: + inputs: + name: + required: true + type: string + url: + required: true + type: string + +permissions: + contents: read + +jobs: + deploy: + runs-on: ubuntu-latest + + environment: + name: ${{ inputs.name }} + url: ${{ inputs.url }} + + steps: + - name: Download build artifact + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.name }}-payload + + # TODO: Implement deployment + diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml new file mode 100644 index 00000000..5bef64fe --- /dev/null +++ b/.github/workflows/develop.yml @@ -0,0 +1,32 @@ +name: Deploy to Develop + +on: + push: + branches: + - develop + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + uses: ./.github/workflows/coding-standards.yml + + test: + uses: ./.github/workflows/code-quality.yml + needs: lint + + build: + uses: ./.github/workflows/build.yml + needs: test + + deploy: + uses: ./.github/workflows/deploy.yml + needs: build + with: + name: develop + url: https://develop.example.com diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml new file mode 100644 index 00000000..cbeea7da --- /dev/null +++ b/.github/workflows/eslint.yml @@ -0,0 +1,45 @@ +name: JavaScript Coding Standards + +on: + workflow_call: + +permissions: + contents: read + +jobs: + eslint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm ci + + - name: Run Lint JS + run: npm run lint-js diff --git a/.github/workflows/jest.yml b/.github/workflows/jest.yml new file mode 100644 index 00000000..2293f6df --- /dev/null +++ b/.github/workflows/jest.yml @@ -0,0 +1,45 @@ +name: JavaScript Unit Tests + +on: + workflow_call: + +permissions: + contents: read + +jobs: + jest: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm ci + + - name: Run Jest + run: npm run test diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml deleted file mode 100644 index 622959b6..00000000 --- a/.github/workflows/node.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Node - -on: - push: - branches: - - main - pull_request: - -jobs: - lint-js: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Lint JS - run: npm run lint-js - - lint-style: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Lint Style - run: npm run lint-style - - test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Run Jest - run: npm run test - - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - cache: "npm" - - - name: Install dependencies - run: npm install - - - name: Build - run: npm run build diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml new file mode 100644 index 00000000..dad4b89f --- /dev/null +++ b/.github/workflows/phpcs.yml @@ -0,0 +1,54 @@ +name: PHP Coding Standards + +on: + workflow_call: + +permissions: + contents: read + +jobs: + phpcs: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP with composer v2 + uses: shivammathur/setup-php@v2 + with: + php-version: "8.3" + tools: composer:v2 + + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + + - name: Get Composer Cache Directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-php- + + - name: Install Root dependencies + run: composer install --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Run PHPCS + run: composer lint diff --git a/.github/workflows/php.yml b/.github/workflows/phpstan.yml similarity index 77% rename from .github/workflows/php.yml rename to .github/workflows/phpstan.yml index a63fa8da..140e3a4e 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/phpstan.yml @@ -1,20 +1,18 @@ -name: PHP Checks +name: PHP Static Analysis on: - push: - branches: ["trunk"] - pull_request: - branches: ["trunk"] + workflow_call: permissions: contents: read jobs: - build: + phpstan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 - name: Setup PHP with composer v2 uses: shivammathur/setup-php@v2 @@ -31,11 +29,14 @@ jobs: - name: Validate Theme composer.json and composer.lock run: composer validate --strict --working-dir=themes/10up-theme - - name: Cache Composer packages + - name: Get Composer Cache Directory id: composer-cache - uses: actions/cache@v3 + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 with: - path: vendor + path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php- @@ -49,8 +50,5 @@ jobs: - name: Install Theme dependencies run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme - - name: Run PHPCS - run: composer lint - - name: Run PHPStan run: composer static diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml new file mode 100644 index 00000000..37a168de --- /dev/null +++ b/.github/workflows/production.yml @@ -0,0 +1,32 @@ +name: Deploy to Production + +on: + push: + branches: + - trunk + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + uses: ./.github/workflows/coding-standards.yml + + test: + uses: ./.github/workflows/code-quality.yml + needs: lint + + build: + uses: ./.github/workflows/build.yml + needs: test + + deploy: + uses: ./.github/workflows/deploy.yml + needs: build + with: + name: production + url: https://www.example.com diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 00000000..3519218f --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,32 @@ +name: Deploy to Staging + +on: + push: + branches: + - staging + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + uses: ./.github/workflows/coding-standards.yml + + test: + uses: ./.github/workflows/code-quality.yml + needs: lint + + build: + uses: ./.github/workflows/build.yml + needs: test + + deploy: + uses: ./.github/workflows/deploy.yml + needs: build + with: + name: staging + url: https://staging.example.com diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml new file mode 100644 index 00000000..01f96c85 --- /dev/null +++ b/.github/workflows/stylelint.yml @@ -0,0 +1,46 @@ +name: CSS Coding Standards + +on: + workflow_call: + +permissions: + contents: read + +jobs: + stylelint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: "npm" + + - name: Get npm cache directory + id: npm-cache-dir + run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} + + - name: Cache npm dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Check Node version + run: node -v + + - name: Check NPM version + run: npm -v + + - name: Install dependencies + run: npm ci + + - name: Run Lint Style + run: npm run lint-style + diff --git a/.github/workflows/truffle-hog.yml b/.github/workflows/truffle-hog.yml new file mode 100644 index 00000000..05ae45c9 --- /dev/null +++ b/.github/workflows/truffle-hog.yml @@ -0,0 +1,39 @@ +name: Secret Scanning + +on: + workflow_call: + +permissions: + contents: read + +jobs: + trufflehog: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Trufflehog exclusions + run: | + if [ ! -f .trufflehog-exclude.txt ]; then + echo "# Paths to exclude from TruffleHog scanning" > .trufflehog-exclude.txt + echo "node_modules/" >> .trufflehog-exclude.txt + echo "vendor/" >> .trufflehog-exclude.txt + echo "dist/" >> .trufflehog-exclude.txt + echo "build/" >> .trufflehog-exclude.txt + fi + + - name: Run Trufflehog on latest commits + id: trufflehog + uses: trufflesecurity/trufflehog@main + continue-on-error: true + with: + path: ./ + extra_args: --results=verified,unknown --exclude-paths .trufflehog-exclude.txt + + - name: Trufflehog Scan Failure + if: steps.trufflehog.outcome == 'failure' + run: exit 1 \ No newline at end of file diff --git a/.github/workflows/virus-scan.yml b/.github/workflows/virus-scan.yml new file mode 100644 index 00000000..4b0a567d --- /dev/null +++ b/.github/workflows/virus-scan.yml @@ -0,0 +1,57 @@ +name: Virus Scan + +on: + workflow_call: + +permissions: + contents: read + +jobs: + virus-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP with composer v2 + uses: shivammathur/setup-php@v2 + with: + php-version: "8.3" + tools: composer:v2 + + - name: Validate Root composer.json and composer.lock + run: composer validate --strict + + - name: Validate Plugin composer.json and composer.lock + run: composer validate --strict --working-dir=mu-plugins/10up-plugin + + - name: Validate Theme composer.json and composer.lock + run: composer validate --strict --working-dir=themes/10up-theme + + - name: Get Composer Cache Directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Cache Composer dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-php- + + - name: Install Root dependencies + run: composer install --prefer-dist --no-progress + + - name: Install Plugin dependencies + run: composer install --prefer-dist --no-progress --working-dir=mu-plugins/10up-plugin + + - name: Install Theme dependencies + run: composer install --prefer-dist --no-progress --working-dir=themes/10up-theme + + - name: Virus Scanning + uses: 10up/wp-scanner-action@v1 + with: + content_dir: './' + composer_build: 'false'