wpallstars/wp-plugin-starter-template-for-ai-coding
Template
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
274 Commits 6 Branches 8 Tags
29622dd54c1d052adfc496c038dca5db327d7f1f
Commit Graph

9 Commits

Author SHA1 Message Date
Marcus Quinn
9fdfa7a8a9 fix: pin all GitHub Actions to full commit SHAs (resolves SonarCloud S7637) (#90) 
Pin all floating version tags (@v1, @v2, @v3, @v4, @master) to full commit
SHAs across all workflow files to eliminate supply chain security risk.

Actions pinned:
- actions/checkout@v3 -> f43a0e5 (v3.6.0) in release.yml, sync-wiki.yml
- actions/checkout@v4 -> 34e1148 (v4) in tests.yml
- shivammathur/setup-php@v2 -> accd612 (v2) in all workflows
- actions/setup-node@v4 -> 49933ea (v4) in playground-tests*.yml, wordpress-tests.yml
- actions/upload-artifact@v4 -> ea165f8 (v4) in playground-tests*.yml, wordpress-tests.yml
- softprops/action-gh-release@v1 -> de2c0eb (v1) in release.yml
- codacy/codacy-analysis-cli-action@v4 -> 562ee3e (v4) in code-quality.yml
- github/codeql-action/upload-sarif@v3 -> 603b797 (v3) in code-quality.yml
- swissspidy/wp-performance-action@v2.0.3 -> b7e3ffc (v2.0.3) in playground-tests.yml
- SonarSource/sonarqube-scan-action@master -> 9598b8a in sonarcloud.yml

Closes #89
 2026-03-18 04:58:57 +00:00
marcusquinn
a509d15acc Disable CI-based SonarCloud, use Automatic Analysis instead 
Custom Quality Gates require paid plan - not suitable for FOSS.
Automatic Analysis provides code quality feedback without coverage requirements.
Keep manual workflow_dispatch trigger for testing if needed.
 2025-11-24 22:05:43 +00:00
marcusquinn
cd38e0317a Re-enable SonarCloud with correct secret name SONARCLOUD_GITHUB 
- Changed from SONAR_TOKEN to SONARCLOUD_GITHUB
- Re-enabled automatic triggers on push/PR
- Removed continue-on-error since token is now configured
 2025-11-24 21:34:28 +00:00
marcusquinn
e660915402 Disable flaky CI workflows (Playground tests, SonarCloud) 
- Disable WordPress Playground tests from automatic PR/push triggers
  (WordPress Playground CLI doesn't start reliably in GitHub Actions)
- Disable SonarCloud workflow (SONAR_TOKEN returns HTTP 403)
- Comment out SonarCloud job in code-quality.yml
- Keep workflows available for manual debugging via workflow_dispatch
- PHPUnit tests and code quality checks remain active
 2025-11-24 20:03:35 +00:00
marcusquinn
5ca320c580 Mark flaky/optional tests with continue-on-error 
- WordPress Playground tests: CLI can be unreliable in CI environments
- Performance tests: Can be flaky due to varying CI resource availability
- SonarCloud: Requires SONAR_TOKEN which may not be configured

This allows the PR to pass when core tests (PHPUnit, Code Quality) succeed,
while still running optional tests for informational purposes.
 2025-11-24 19:47:31 +00:00
marcusquinn
1590be3ba6 Fix GitHub Actions workflow failures 
- Add WP_PHPUNIT__DIR and WP_TESTS_DIR environment variables to PHPUnit workflow to fix 'WP_UnitTestCase not found' error
- Increase WordPress Playground server timeout from 60s to 180s with better progress logging to fix timeout failures
- Add conditional checks for SONAR_TOKEN and CODACY_PROJECT_TOKEN to gracefully skip analysis when tokens are not set
- Properly handle server process lifecycle in Playground tests (capture PID, kill on completion)
 2025-11-24 19:35:03 +00:00
marcusquinn
ca5a9cf38b Fix PHPUnit tests and SonarCloud analysis 2025-04-23 12:42:13 +01:00
marcusquinn
db8c84a80a Fix PHPUnit tests and SonarCloud analysis 2025-04-23 04:33:55 +01:00
marcusquinn
b1966067ea Fix failing tests: Update install-wp-tests.sh, Cypress commands, and GitHub Actions workflows 2025-04-23 04:26:06 +01:00