ship-wp-ability skill: prefer shared categories and require mcp tool … #99601
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow holds jobs for linting, currently PHP and JavaScript. | |
| # | |
| # The jobs are all set up to only run if appropriate files have changed; the | |
| # `changed_files` job is used to determine whether files have changed in | |
| # various categories so the rest of the jobs can know whether to run or not. | |
| name: Linting | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - trunk | |
| concurrency: | |
| group: linting-${{ github.event_name }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| COMPOSER_ROOT_VERSION: "dev-trunk" | |
| permissions: | |
| # actions/checkout | |
| contents: read | |
| jobs: | |
| ### Job to categorize changed files. Other jobs depend on this to know when they should run. | |
| ### On trunk pushes, all jobs run (no file filtering). | |
| changed_files: | |
| name: detect changed files | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds | |
| permissions: | |
| # actions/checkout | |
| contents: read | |
| # dorny/paths-filter | |
| pull-requests: read | |
| outputs: | |
| # Whether any PHP files have changed. | |
| php: ${{ steps.filter.outputs.php }} | |
| # Whether any JavaScript files have changed. | |
| js: ${{ steps.filter.outputs.js }} | |
| # Whether any style files have changed. | |
| css: ${{ steps.filter.outputs.css }} | |
| # Whether any lock files have changed. | |
| lockfiles: ${{ steps.filter.outputs.lockfiles }} | |
| # Whether any GitHub Actions yaml files have changed. | |
| ghactionsfiles: ${{ steps.filter.outputs.ghactionsfiles }} | |
| # Whether any miscellaneous files related to linting have changed. | |
| misc: ${{ steps.filter.outputs.misc }} | |
| # Whether any miscellaneous files related to PHP linting have changed. | |
| misc_php: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_php == 'true' }} | |
| # Whether any miscellaneous files related to JS linting have changed. | |
| misc_js: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_js == 'true' }} | |
| # Whether any miscellaneous files related to CSS linting have changed. | |
| misc_css: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_css == 'true' }} | |
| # Whether any miscellaneous files related to Phan static analysis have changed. | |
| misc_phan: ${{ steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_phan == 'true' }} | |
| # JSON string holding an array of files in phpcs-excludelist.json that have changed. | |
| php_excluded_files: ${{ steps.filterPHP.outputs.php_excluded_files }} | |
| # JSON string holding an array of files in eslint-excludelist.json that have changed. | |
| js_excluded_files: ${{ steps.filterJS.outputs.js_excluded_files }} | |
| # Whether any excluded files were modified or deleted. | |
| excludelist: ${{ steps.filterExcludeList.outputs.excluded_files != '[]' || steps.filter.outputs.misc == 'true' || steps.filter.outputs.misc_php == 'true' || steps.filter.outputs.misc_js == 'true' || steps.filter.outputs.misc_excludelist == 'true' }} | |
| # Whether any auto-updated Phan stub files were changed. | |
| phanstubs: ${{ steps.filter.outputs.phanstubs == 'true' }} | |
| # Whether any project composer.json files were changed (for the mirror-repos check). | |
| projectcomposerjsons: ${{ steps.filter.outputs.projectcomposerjsons == 'true' }} | |
| steps: | |
| - if: github.event_name == 'pull_request' | |
| uses: actions/checkout@v6 | |
| - if: github.event_name == 'pull_request' | |
| uses: dorny/paths-filter@v4 | |
| id: filter | |
| with: | |
| list-files: json | |
| filters: | | |
| php: | |
| # If any PHP file changed, they need checking. | |
| - added|modified: | |
| - '**.php' | |
| js: | |
| # If any JS file changed, they need checking. | |
| - added|modified: | |
| - '**.js' | |
| - '**.jsx' | |
| - '**.cjs' | |
| - '**.mjs' | |
| - '**.ts' | |
| - '**.tsx' | |
| - '**.cts' | |
| - '**.mts' | |
| - '**.svelte' | |
| - '**.json' | |
| - '**.jsonc' | |
| - '**.json5' | |
| css: | |
| # If any style file changed, they need checking. | |
| - added|modified: | |
| - '**.css' | |
| - '**.scss' | |
| excludelist: | |
| # If any PHP or JS file changed or was deleted, we need to check the excludelist. | |
| - modified|deleted: | |
| - '**.php' | |
| - '**.ts' | |
| - '**.js' | |
| - '**.jsx' | |
| - '**.cjs' | |
| - '**.mjs' | |
| - '**.ts' | |
| - '**.tsx' | |
| - '**.cts' | |
| - '**.mts' | |
| - '**.svelte' | |
| - '**.json' | |
| - '**.jsonc' | |
| - '**.json5' | |
| lockfiles: | |
| - 'composer.json' | |
| - 'composer.lock' | |
| - 'package.json' | |
| - 'pnpm-lock.yaml' | |
| - 'pnpm-workspace.yaml' | |
| - '**/composer.json' | |
| - '**/composer.lock' | |
| - '**/package.json' | |
| ghactionsfiles: | |
| - '.github/workflows/*.{yml,yaml}' | |
| - '.github/actions/*/action.{yml,yaml}' | |
| - 'projects/github-actions/*/action.{yml,yaml}' | |
| # If we edit the linting JS files, we need to run it. | |
| - 'tools/js-tools/lint-gh-actions.{js,mjs}' | |
| misc_php: | |
| # If composer, phpcs config, or the codesniffer package itself changed, there may be a new standard. | |
| - 'composer.json' | |
| - 'composer.lock' | |
| - '.phpcs.config.xml' | |
| - '.phpcs.xml.dist' | |
| - '.phpcsignore' | |
| - '**/.phpcs.dir.xml' | |
| - '**/.phpcsignore' | |
| - 'projects/packages/codesniffer/**' | |
| # If the excludelist changed, run to ensure newly non-excluded files pass. | |
| - 'tools/phpcs-excludelist.json' | |
| # If other files used by this workflow changed, run it to test those changes. | |
| - 'tools/parallel-lint.sh' | |
| - '.github/files/php-linting-phpcs.xml' | |
| - '.github/matchers/phpcs-problem-matcher.json' | |
| - '.github/matchers/php-lint-problem-matcher.json' | |
| misc_js: | |
| # If package or eslint config changed, there may be new checks. | |
| - 'package.json' | |
| - 'tools/js-tools/package.json' | |
| - 'pnpm-lock.yaml' | |
| - 'pnpm-workspace.yaml' | |
| - '.eslintignore' | |
| - '.eslintignore.root' | |
| - 'eslint.config.*' | |
| - '**/.eslintignore' | |
| - '**/eslint.config.*' | |
| # If the excludelist changed, run to ensure newly non-excluded files pass. | |
| - 'tools/eslint-excludelist.json' | |
| misc_css: | |
| # If package or stylelint config changed, there may be new checks. | |
| - 'package.json' | |
| - 'tools/js-tools/package.json' | |
| - 'pnpm-lock.yaml' | |
| - 'pnpm-workspace.yaml' | |
| - .stylelintignore | |
| - stylelint.config.mjs | |
| - '**/stylelint.config.{js,mjs,cjs}' | |
| - tools/js-tools/stylelint.config.base.mjs | |
| misc_phan: | |
| # If root composer changed, there may be new stub packages. | |
| - 'composer.json' | |
| - 'composer.lock' | |
| # If Phan config or the CLI that runs it changed, re-run static analysis. | |
| - '.phan/**' | |
| - '**/.phan/**' | |
| - 'tools/cli/**' | |
| - 'projects/packages/phan-plugins/**' | |
| misc_excludelist: | |
| - 'tools/cleanup-excludelists.sh' | |
| - 'tools/js-tools/check-excludelist-diff.js' | |
| misc: | |
| # If the workflow itself changed, everything should re-run. | |
| - '.github/workflows/linting.yml' | |
| phanstubs: | |
| # If auto-generated Phan stub files are changed, we may want to post a warning to the PR. | |
| - '.phan/stubs/**' | |
| projectcomposerjsons: | |
| - 'projects/*/*/composer.json' | |
| - if: github.event_name == 'pull_request' | |
| id: filterPHP | |
| shell: bash | |
| env: | |
| PHP_FILES: ${{ steps.filter.outputs.php_files }} | |
| run: | | |
| EXCLUDED_FILES=$(jq --argjson files "$PHP_FILES" --slurpfile excludes tools/phpcs-excludelist.json -nc '$files - ($files - $excludes[0])') | |
| echo "php_excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" | |
| echo "Excluded files:" | |
| jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' | |
| - if: github.event_name == 'pull_request' | |
| id: filterJS | |
| shell: bash | |
| env: | |
| JS_FILES: ${{ steps.filter.outputs.js_files }} | |
| run: | | |
| EXCLUDED_FILES=$(jq --argjson files "$JS_FILES" --slurpfile excludes tools/eslint-excludelist.json -nc '$files - ($files - $excludes[0])') | |
| echo "js_excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" | |
| echo "Excluded files:" | |
| jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' | |
| - if: github.event_name == 'pull_request' | |
| id: filterExcludeList | |
| shell: bash | |
| env: | |
| FILES: ${{ steps.filter.outputs.excludelist_files }} | |
| run: | | |
| EXCLUDED_FILES=$(jq --argjson files "$FILES" --slurpfile phpexcludes tools/phpcs-excludelist.json --slurpfile jsexcludes tools/eslint-excludelist.json -nc '$files - ($files - $phpexcludes[0] - $jsexcludes[0])') | |
| echo "excluded_files=$EXCLUDED_FILES" >> "$GITHUB_OUTPUT" | |
| echo "Excluded files:" | |
| jq --argjson files "$EXCLUDED_FILES" -nr '" - " + $files[]' | |
| ### Runs `php -l` over all PHP files, in all relevant PHP versions | |
| # Local equivalent: `composer php:lint` | |
| # We can't use a job-level `if` because GH Actions doesn't expand matrix names for skipped jobs, | |
| # which breaks required status checks. Instead, we gate at the step level so the matrix entries | |
| # always report a status. See also: | |
| # - https://github.com/Automattic/jetpack/pull/17940 | |
| # - https://github.com/Automattic/jetpack/pull/18979 | |
| php_lint: | |
| name: PHP lint (${{ matrix.php-versions }}) | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| continue-on-error: ${{ matrix.experimental }} | |
| timeout-minutes: 3 # 2025-11-06: Successful runs seem to take ~1 minute | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php-versions: [ '7.2', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5' ] | |
| experimental: [ false ] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| if: &php_lint_cond github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_php == 'true' | |
| - name: Setup tools | |
| if: *php_lint_cond | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: ${{ matrix.php-versions }} | |
| node: false | |
| - name: Install dependencies | |
| if: *php_lint_cond | |
| run: | | |
| # Install stuff ignoring platform reqs. | |
| composer install --ignore-platform-reqs | |
| # Remove stuff we don't need here that fails some platform reqs. | |
| # This will complain if we missed any. | |
| composer remove --dev sirbrillig/phpcs-changed automattic/jetpack-codesniffer automattic/jetpack-phan-plugins phan/phan | |
| - name: Run linter | |
| if: *php_lint_cond | |
| run: | | |
| echo "::add-matcher::.github/matchers/php-lint-problem-matcher.json" | |
| composer php:lint -- --checkstyle | |
| echo "::remove-matcher owner=php-lint" | |
| ### Runs phpcs on all PHP files not listed in phpcs-excludelist.json. | |
| # Local equivalent: `composer phpcs:lint:required` | |
| # On trunk: runs on all non-excluded PHP files | |
| # On PRs: runs only if PHP files or relevant config changed | |
| phpcs: | |
| name: PHP Code Sniffer (non-excluded files only) | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_php == 'true' | |
| timeout-minutes: 5 # 2025-11-06: Successful runs seem to take ~2 minutes. Leaving some extra for future expansion. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| node: false | |
| - name: Install dependencies | |
| run: composer install | |
| - name: Run phpcs | |
| run: | | |
| echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" | |
| composer phpcs:lint:required -- --report=emacs --standard=.github/files/php-linting-phpcs.xml | |
| echo "::remove-matcher owner=phpcs" | |
| ### Runs PHPCompatibility over all PHP files. | |
| # Local equivalent: `composer phpcs:compatibility` | |
| # On trunk: runs on all PHP files | |
| # On PRs: runs only if PHP files or relevant config changed | |
| phpcompatibility: | |
| name: PHP Compatibility | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_php == 'true' | |
| timeout-minutes: 5 # 2025-11-06: Successful runs seem to take ~1 minute. Leaving some extra for future expansion. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| node: false | |
| - name: Install dependencies | |
| run: composer install | |
| - name: Run phpcs for PHPCompatibility | |
| run: | | |
| echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" | |
| composer phpcs:compatibility -- --report=emacs . | |
| echo "::remove-matcher owner=phpcs" | |
| ### Runs phpcs-changed on PHP files listed in phpcs-excludelist.json. | |
| # Local equivalent: `composer phpcs:changed -- --git-base=<base> <files...>` | |
| # `<base>` is the branch this PR is to be merged into, probably `origin/trunk`. | |
| # | |
| # Pre-commit, you might also `git add` the relevant files and run `composer phpcs:changed` | |
| phpcs_changed: | |
| name: PHP Code Sniffer (changes to excluded files only) | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'pull_request' && needs.changed_files.outputs.php_excluded_files != '[]' | |
| continue-on-error: true | |
| timeout-minutes: 5 # 2025-11-06: Successful runs seem to take 30 seconds. Leaving some extra for future expansion. | |
| steps: | |
| # We don't need full git history, but phpcs-changed does need everything up to the merge-base. | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 10 | |
| - uses: ./.github/actions/deepen-to-merge-base | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| node: false | |
| - name: Install dependencies | |
| run: composer install | |
| - name: Run phpcs-changed | |
| shell: bash | |
| env: | |
| SHA: ${{ github.event.pull_request.base.sha }} | |
| FILES: ${{ needs.changed_files.outputs.php_excluded_files }} | |
| run: | | |
| echo "::add-matcher::.github/matchers/phpcs-problem-matcher.json" | |
| composer phpcs:changed -- --report=json --standard=.github/files/php-linting-phpcs.xml --git-base=$SHA $(jq -rn --argjson files "$FILES" '$files[]') | | |
| jq -r '.files | to_entries | .[] | .key as $key | .value.messages[] | [ $key, ":", .line, ":", .column, ": ", .type, " - ", .message, " (", .source, ")" ] | map(tostring) | join("")' | |
| echo "::remove-matcher owner=phpcs" | |
| ### Runs eslint on JS files not listed in eslint-excludelist.json | |
| # Local equivalent: `pnpm run lint-required` | |
| # On trunk: runs on all non-excluded JS files | |
| # On PRs: runs only if JS files or relevant config changed | |
| eslint: | |
| name: ESLint (non-excluded files only) | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.js == 'true' || needs.changed_files.outputs.misc_js == 'true' | |
| timeout-minutes: 10 # 2025-11-06: Runs now take ~5 minutes due to now installing all JS deps to ensure valid linting. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: false | |
| - name: Monorepo pnpm install | |
| run: pnpm install | |
| - run: pnpm run lint-required | |
| ### Runs eslint-changed on JS files listed in eslint-excludelist.json. | |
| # Local equivalent: `pnpm run lint-changed --git-base=<base>` | |
| # `<base>` is the branch this PR is to be merged into, probably `origin/trunk`. | |
| # | |
| # Pre-commit, you might also `git add` the relevant files and run `pnpm run lint-changed` | |
| eslint_changed: | |
| name: ESLint (changes to excluded files only) | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'pull_request' && needs.changed_files.outputs.js_excluded_files != '[]' | |
| continue-on-error: true | |
| timeout-minutes: 10 # 2025-11-06: Takes about a minute, but rarely runs. | |
| steps: | |
| # We don't need full git history, but eslint-changed does need everything up to the merge-base. | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 10 | |
| - uses: ./.github/actions/deepen-to-merge-base | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: false | |
| - name: Monorepo pnpm install | |
| run: pnpm install | |
| - name: Run eslint-changed | |
| env: | |
| SHA: ${{ github.event.pull_request.base.sha }} | |
| FILES: ${{ needs.changed_files.outputs.js_excluded_files }} | |
| run: pnpm run lint-changed --git-base=$SHA $(jq -rn --argjson files "$FILES" '$files[]') | |
| ### Runs lint-style on all CSS/SCSS files in the monorepo except those ignored in .stylelintignore. | |
| # Local equivalent: `pnpm run lint-style .` | |
| # On trunk: runs on all CSS/SCSS files | |
| # On PRs: runs only if CSS/SCSS files or relevant config changed | |
| lint_style: | |
| name: Stylelint | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.css == 'true' || needs.changed_files.outputs.misc_css == 'true' | |
| timeout-minutes: 5 # 2025-11-06: Takes a bit more than a minute, so give a little wiggle room. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: false | |
| - name: Monorepo pnpm install | |
| run: pnpm install | |
| - name: Run lint-style | |
| run: pnpm lint-style --formatter=compact . && echo 'Everything checks out!' | |
| ### Lints GitHub Actions yaml files. | |
| # Local equivalent: `./tools/js-tools/lint-gh-actions.mjs <files>` | |
| # On trunk: runs on all GitHub Actions yaml files | |
| # On PRs: runs only if GitHub Actions files or relevant config changed | |
| lint_gh_actions: | |
| name: Lint GitHub Actions yaml files | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.ghactionsfiles == 'true' || needs.changed_files.outputs.misc == 'true' | |
| timeout-minutes: 5 # 2025-11-06: Takes less than a minute. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: false | |
| - run: pnpm install | |
| - name: Run lint | |
| run: ./tools/js-tools/lint-gh-actions.mjs -v '.github/workflows/*.{yml,yaml}' '.github/actions/*/action.{yml,yaml}' 'projects/github-actions/*/action.{yml,yaml}' | |
| ### Checks that copied files (e.g. readme, license) are in sync | |
| # Local equivalent: `./tools/check-copied-files.sh` | |
| copied_files: | |
| name: Copied files are in sync | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 1 # 2025-11-06: Successful runs seem to take a few seconds. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - run: ./tools/check-copied-files.sh | |
| ### Runs tools/cleanup-excludelists.sh and checks for any changes | |
| # Local equivalent: `tools/cleanup-excludelists.sh` | |
| # On trunk: always runs | |
| # On PRs: runs only if excludelist-related files changed | |
| check_excludelists: | |
| name: Check linter exclude lists | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.excludelist == 'true' | |
| timeout-minutes: 10 # 2025-11-06: The check itself takes 2 minutes. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| - run: composer install | |
| - name: Monorepo pnpm install | |
| run: pnpm install | |
| - name: Cleanup excludelists | |
| run: tools/cleanup-excludelists.sh | |
| - name: Check for changes to exclude lists | |
| run: tools/js-tools/check-excludelist-diff.js | |
| ### Checks that changelogger change files are being created. | |
| # Local equivalent: Probably `tools/check-changelogger-use.php origin/trunk HEAD` | |
| changelogger_used: | |
| name: Changelogger use | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 # 2025-11-06: Takes a few seconds. | |
| steps: | |
| # We don't need full git history, but tools/check-changelogger-use.php does need everything up to the merge-base. | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 10 | |
| - uses: ./.github/actions/deepen-to-merge-base | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| node: false | |
| - name: Check change files are touched for touched projects | |
| env: | |
| BASE: ${{ github.event.pull_request.base.sha }} | |
| HEAD: ${{ github.event.pull_request.head.sha }} | |
| run: tools/check-changelogger-use.php --debug "$BASE" "$HEAD" | |
| ### Checks that changelogger change files are valid. | |
| # Local equivalent: `./tools/changelogger-validate-all.sh` | |
| changelogger_valid: | |
| name: Changelogger validity | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 # 2025-11-06: Takes less than a minute. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| node: false | |
| - name: Check change file validity | |
| run: tools/changelogger-validate-all.sh -vv | |
| ### Checks that lock files are up to date. | |
| # Local equivalent: .github/files/check-lock-files.sh | |
| # Note that may modify lock files in your working tree! | |
| # On trunk: always runs | |
| # On PRs: runs only if lock files or relevant config changed | |
| lock_files: | |
| name: "Lock files are up to date" | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.lockfiles == 'true' || needs.changed_files.outputs.misc == 'true' | |
| timeout-minutes: 7 # 2025-11-06: Successful runs seem to take about 2 minutes. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| - run: .github/files/check-lock-files.sh | |
| ### Check that monorepo packages are correctly referenced. | |
| # Local equivalent: tools/check-intra-monorepo-deps.sh -v && .github/files/check-monorepo-package-repos.sh | |
| # On trunk: always runs | |
| # On PRs: runs only if lock files or relevant config changed | |
| monorepo_package_refs: | |
| name: Monorepo package version refs | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.lockfiles == 'true' || needs.changed_files.outputs.misc == 'true' | |
| timeout-minutes: 7 # 2025-11-06: Takes a minute or two. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| - run: pnpm install | |
| - run: tools/check-intra-monorepo-deps.sh -v | |
| - run: .github/files/check-monorepo-package-repos.sh | |
| ### Checks against project structure, e.g. that composer.json exists. | |
| # Local equivalent: `./.github/files/lint-project-structure.sh` | |
| project_structure: | |
| name: Project structure | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 # 2025-11-06: Takes a minute or two. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| - run: pnpm install | |
| - run: .github/files/lint-project-structure.sh | |
| ### Warn on manual updates to Phan auto-generated stubs | |
| phan_stubs: | |
| name: Phan stubs | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'pull_request' && needs.changed_files.outputs.phanstubs == 'true' && github.event.pull_request.user.login != 'matticbot' | |
| timeout-minutes: 5 # 2025-11-06: Probably takes about a minute. | |
| permissions: | |
| # actions/checkout | |
| contents: read | |
| # step "Warn about stubs" | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/deepen-to-merge-base | |
| id: deepen | |
| - name: Warn about stubs | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| BASE: ${{ steps.deepen.outputs.merge-base }} | |
| HEAD: ${{ github.event.pull_request.head.sha }} | |
| run: | | |
| COMMENTS='[]' | |
| while IFS= read -r FILE; do | |
| # TODO: If they add a way to do file-level comments in this API, switch to that. | |
| COMMENTS=$( jq --arg file "$FILE" '. += [ { path: $file, body: "This file is automatically generated and should not be edited directly. See the comment at the top of the file for details.\n\nIf you have any questions, ping `@Automattic/jetpack-monorepo`.", position: 1 } ]' <<<"$COMMENTS" ) | |
| done < <( git -c core.quotepath=off diff --name-only "$BASE"...HEAD -- .phan/stubs/ ':!.phan/stubs/photon-opencv-stubs.php' ':!.phan/stubs/wordpress-constants.php' ':!.phan/stubs/wordpress-globals.jsonc' ) | |
| if [[ "$COMMENTS" != "[]" ]]; then | |
| REQ=$( jq -n --arg commit_id "$HEAD" --argjson comments "$COMMENTS" '{ commit_id: $commit_id, body: "", event: "COMMENT", comments: $comments }' ) | |
| echo "POST /repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" | |
| echo "REQUEST=$REQ" | |
| gh api "/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" -X POST --input - <<<"$REQ" | |
| exit 1 | |
| fi | |
| typecheck: | |
| name: Type checking | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.js == 'true' || needs.changed_files.outputs.misc_js == 'true' | |
| timeout-minutes: 10 # 2025-11-20: Takes around 3 minutes. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| with: | |
| php: false | |
| - name: Pnpm install | |
| run: pnpm install | |
| - name: Run type checking | |
| # Can't just `pnpm typecheck` here, GitHub won't match the output files correctly | |
| # and unfortunately https://github.com/microsoft/TypeScript/issues/36221 is still open. | |
| run: | | |
| EXIT=0 | |
| set -o pipefail | |
| for DIR in $( jq -r 'if .scripts.typecheck then input_filename | sub( "/package.json"; "" ) else empty end' projects/*/*/package.json projects/*/*/tests/e2e/package.json tools/*/package.json 2>/dev/null ); do | |
| if ! ( cd "$DIR" && pnpm run typecheck ) | sed -uE 's#^.+\([0-9,]+\): error #'"$DIR"'/&#'; then | |
| EXIT=1 | |
| fi | |
| done | |
| exit $EXIT | |
| phan: | |
| name: Static analysis | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'push' || needs.changed_files.outputs.php == 'true' || needs.changed_files.outputs.misc_phan == 'true' | |
| timeout-minutes: 25 # 2025-11-20: Up to about 10 minutes now that we're running against the old WP and Woo stubs too. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup tools | |
| uses: ./.github/actions/tool-setup | |
| - name: Pnpm install | |
| run: pnpm install | |
| - name: Add back removed packages in case of a release branch. | |
| run: | | |
| echo "Checking for non-mirrored require-dev packages, in case this is testing a release branch" | |
| for FILE in projects/*/*/composer.json; do | |
| PKGS=() | |
| readarray -t PKGS < <( jq -r '.extra["non-mirrored-require-dev"] // empty | .[] | . += "=@dev"' "$FILE" ) | |
| if [[ ${#PKGS[@]} -gt 0 ]]; then | |
| echo "::group::Adding packages for $FILE: ${PKGS[*]}" | |
| # Make sure monorepo repositories entry is present. | |
| JSON=$( jq --tab '.repositories //= [] | if any( .repositories[]; .type == "path" and ( .url | startswith( "../" ) ) and .options?.monorepo? ) then . else .repositories += [ { type: "path", url: "../../packages/*", options: { monorepo: true } } ] end' "$FILE" ) | |
| echo "$JSON" > "$FILE" | |
| composer require --working-dir="${FILE%/composer.json}" --dev "${PKGS[@]}" | |
| echo "::endgroup::" | |
| fi | |
| done | |
| - name: Run phan | |
| run: pnpm jetpack phan --all -v --update-baseline --format github | |
| - name: Run phan for previous WP version and old Woo | |
| env: | |
| # Don't bother complaining about unused suppressions that may be used with the newer stubs. See .phan/config.base.php for how this gets applied. | |
| NO_PHAN_UNUSED_SUPPRESSION: 1 | |
| run: | | |
| composer update --prefer-lowest php-stubs/wordpress-stubs php-stubs/wordpress-tests-stubs php-stubs/woocommerce-stubs | |
| # Don't re-update baselines here, only check. | |
| pnpm jetpack phan --all -v --format github | |
| - name: Check baselines | |
| run: | | |
| # Anything changed? (with a side of printing the diff) | |
| if git diff --exit-code --ignore-matching-lines='^ // ' -- .phan/baseline.php '*/.phan/baseline.php'; then | |
| exit 0 | |
| fi | |
| # Collect which projects changed to suggest the right command. | |
| PROJECTS=() | |
| for f in $( git -c core.quotepath=off diff --name-only -- .phan/baseline.php '*/.phan/baseline.php' ); do | |
| # --name-only and --ignore-matching-lines don't combine, so we have to do the check separately. | |
| if git diff --quiet --exit-code --ignore-matching-lines='^ // ' -- "$f"; then | |
| continue | |
| fi | |
| if [[ "$f" == ".phan/baseline.php" ]]; then | |
| SLUG=monorepo | |
| elif [[ "$f" == projects/*/*/.phan/baseline.php ]]; then | |
| SLUG=${f%/.phan/baseline.php} | |
| SLUG=${SLUG#projects/} | |
| elif SLUG=$( grep -v '^[ \t]*\/\/' .phan/monorepo-pseudo-projects.jsonc | jq -re --arg f "${f%.phan/baseline.php}" 'to_entries[] | select( .value == $f ) | .key' ); then | |
| : # Ok | |
| else | |
| SLUG= | |
| fi | |
| if grep -q 'This baseline has no suppressions' "$f"; then | |
| if [[ -n "$SLUG" ]]; then | |
| echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it, or if you want to keep it (e.g. if you expect new unfixed issues to be added in the future) you can run \`jetpack phan --update-baseline $SLUG\` to update it." | |
| else | |
| echo "::error file=$f::This Phan baseline is now empty (good job!). You may remove it." | |
| fi | |
| elif [[ -n "$SLUG" ]]; then | |
| PROJECTS+=( "$SLUG" ) | |
| else | |
| echo "::error file=$f::This Phan baseline has changed and should be updated. This Action was unable to determine the command needed to update it; please report this to the Monorepo team." | |
| fi | |
| done | |
| if [[ ${#PROJECTS[@]} -gt 0 ]]; then | |
| echo "::error::Phan baselines have changed (good job!). Run \`jetpack phan --update-baseline ${PROJECTS[*]}\` to update them." | |
| fi | |
| exit 1 | |
| mirror_repos: | |
| name: Mirror repo check | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| if: github.event_name == 'pull_request' && needs.changed_files.outputs.projectcomposerjsons == 'true' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name | |
| timeout-minutes: 5 # 2026-04-16: Should just be a minute or two. | |
| steps: | |
| # We don't need full git history, but we do need everything up to the merge-base. | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 10 | |
| - uses: ./.github/actions/deepen-to-merge-base | |
| - name: Check mirrors | |
| env: | |
| BASE: ${{ github.event.pull_request.base.sha }} | |
| HEAD: ${{ github.event.pull_request.head.sha }} | |
| GH_TOKEN: ${{ secrets.API_TOKEN_GITHUB }} | |
| run: | | |
| MBASE=$( git merge-base "$BASE" "$HEAD" ) | |
| EXIT=0 | |
| for f in $( git -c core.quotepath=off diff --name-only "$BASE...$HEAD" -- 'projects/*/*/composer.json' ); do | |
| if [[ ! -f "$f" ]]; then | |
| echo "$f: File was deleted, so it has no mirror" | |
| continue | |
| fi | |
| OLDMIRROR=$( { git show "$MBASE:$f" 2>/dev/null || true; } | jq -r '.extra["mirror-repo"] // empty' ) | |
| NEWMIRROR=$( jq -r '.extra["mirror-repo"] // empty' "$f" ) | |
| echo "$f: old version has mirror $OLDMIRROR, new has mirror $NEWMIRROR" | |
| if [[ -z "$NEWMIRROR" ]]; then | |
| echo "$f: No mirror repo in current version" | |
| elif [[ "$NEWMIRROR" = "$OLDMIRROR" ]]; then | |
| echo "$f: Mirror repo $NEWMIRROR is unchanged" | |
| else | |
| echo "$f: Mirror changed from ${OLDMIRROR:-none} → $NEWMIRROR" | |
| LINE=$(jq --stream 'if length == 1 then .[0][:-1] else .[0] end | if . == ["extra","mirror-repo"] then input_line_number else empty end' "$f" | head -n 1) | |
| if ! CIERRORLINE=" file=$f,line=$LINE" tools/audit-mirror-repos.sh "$NEWMIRROR"; then | |
| EXIT=1 | |
| fi | |
| fi | |
| done | |
| exit "$EXIT" |