From e38976a655969ac9a8971f8e4d94df01d50fe217 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Thu, 27 Jun 2024 10:57:59 -0400 Subject: [PATCH] Make workflows reusable. --- .github/workflows/coding-standards.yml | 102 ++-------- .github/workflows/javascript-tests.yml | 61 ++---- .github/workflows/test-build-processes.yml | 135 ++++++++++++ .github/workflows/test-npm.yml | 192 ------------------ .../workflows/welcome-new-contributors.yml | 59 ------ 5 files changed, 170 insertions(+), 379 deletions(-) create mode 100644 .github/workflows/test-build-processes.yml delete mode 100644 .github/workflows/test-npm.yml delete mode 100644 .github/workflows/welcome-new-contributors.yml diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index 35c145407ffc6..edc5cb132351e 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -40,105 +40,35 @@ concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} cancel-in-progress: true +# Disable permissions for all available scopes by default. +# Any needed permissions should be configured at the job level. +permissions: {} + jobs: # Runs PHP coding standards checks. - # - # Violations are reported inline with annotations. - # - # Performs the following steps: - # - Checks out the repository. - # - Sets up PHP. - # - Logs debug information. - # - Installs Composer dependencies (use cache if possible). - # - Make Composer packages available globally. - # - Logs PHP_CodeSniffer debug information. - # - Runs PHPCS on the full codebase with warnings suppressed. - # - Runs PHPCS on the `tests` directory without warnings suppressed. phpcs: name: PHP coding standards - runs-on: ubuntu-latest + uses: WordPress/wordpress-develop/.github/workflows/reusable-coding-standards-php.yml@trunk + permissions: + contents: read if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} - - steps: - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: Set up PHP - uses: shivammathur/setup-php@d30ad8b1843ace22e6698ab99bbafaa747b6bd0d # v2.24.0 - with: - php-version: '7.2' - coverage: none - tools: composer, cs2pr - - - name: Log debug information - run: | - php --version - composer --version - - - name: Install Composer dependencies - uses: ramsey/composer-install@83af392bf5f031813d25e6fe4cd626cdba9a2df6 # v2.2.0 - with: - composer-options: "--no-progress --no-ansi" - - - name: Make Composer packages available globally - run: echo "${PWD}/vendor/bin" >> $GITHUB_PATH - - - name: Log PHPCS debug information - run: phpcs -i - - - name: Run PHPCBF on all Core files - run: phpcbf + with: + php-version: '7.2' # Runs the JavaScript coding standards checks. - # - # JSHint violations are not currently reported inline with annotations. - # - # Performs the following steps: - # - Checks out the repository. - # - Logs debug information about the GitHub Action runner. - # - Installs NodeJS. - # - Logs updated debug information. - # _ Installs npm dependencies. - # - Run the WordPress JSHint checks. jshint: name: JavaScript coding standards - runs-on: ubuntu-latest - timeout-minutes: 20 + uses: WordPress/wordpress-develop/.github/workflows/reusable-coding-standards-javascript.yml@trunk + permissions: + contents: read if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} - env: - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: ${{ true }} - - steps: - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: Log debug information - run: | - npm --version - node --version - git --version - svn --version - - - name: Set up Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version-file: '.nvmrc' - cache: npm - - - name: Log debug information - run: | - npm --version - node --version - - - name: Install Dependencies - run: npm ci - - - name: Run JSHint - run: npm run grunt jshint slack-notifications: name: Slack Notifications uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk + permissions: + actions: read + contents: read needs: [ phpcs, jshint ] if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }} with: @@ -152,6 +82,8 @@ jobs: failed-workflow: name: Failed workflow tasks runs-on: ubuntu-latest + permissions: + actions: write needs: [ phpcs, jshint, slack-notifications ] if: | always() && diff --git a/.github/workflows/javascript-tests.yml b/.github/workflows/javascript-tests.yml index 266ab52a07d3b..6eec2ac604fb4 100644 --- a/.github/workflows/javascript-tests.yml +++ b/.github/workflows/javascript-tests.yml @@ -38,57 +38,29 @@ concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} cancel-in-progress: true +# Disable permissions for all available scopes by default. +# Any needed permissions should be configured at the job level. +permissions: {} + jobs: - # Runs the QUnit tests for WordPress. - # - # Performs the following steps: - # - Checks out the repository. - # - Logs debug information about the GitHub Action runner. - # - Installs NodeJS. - # - Logs updated debug information. - # _ Installs npm dependencies. - # - Run the WordPress QUnit tests. + # Runs the WordPress Core JavaScript tests. test-js: name: QUnit Tests - runs-on: ubuntu-latest - timeout-minutes: 20 + uses: WordPress/wordpress-develop/.github/workflows/reusable-javascript-tests.yml@trunk + permissions: + contents: read if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} - steps: - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: Log debug information - run: | - npm --version - node --version - git --version - svn --version - - - name: Set up Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version-file: '.nvmrc' - cache: npm - - - name: Log debug information - run: | - npm --version - node --version - - - name: Install Dependencies - run: npm ci - - - name: Run QUnit tests - run: npm run grunt qunit:compiled - slack-notifications: name: Slack Notifications uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk + permissions: + actions: read + contents: read needs: [ test-js ] if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }} with: - calling_status: ${{ needs.test-js.result == 'success' && 'success' || needs.test-js.result == 'cancelled' && 'cancelled' || 'failure' }} + calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }} secrets: SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }} SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }} @@ -98,19 +70,22 @@ jobs: failed-workflow: name: Failed workflow tasks runs-on: ubuntu-latest - needs: [ test-js, slack-notifications ] + permissions: + actions: write + needs: [ slack-notifications ] if: | always() && github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && github.run_attempt < 2 && ( - needs.test-js.result == 'cancelled' || needs.test-js.result == 'failure' + contains( needs.*.result, 'cancelled' ) || + contains( needs.*.result, 'failure' ) ) steps: - name: Dispatch workflow run - uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: retries: 2 retry-exempt-status-codes: 418 diff --git a/.github/workflows/test-build-processes.yml b/.github/workflows/test-build-processes.yml new file mode 100644 index 0000000000000..8e8077a2c862d --- /dev/null +++ b/.github/workflows/test-build-processes.yml @@ -0,0 +1,135 @@ +name: Test Build Processes + +on: + push: + branches: + - trunk + - '3.[7-9]' + - '[4-9].[0-9]' + tags: + - '[0-9]+.[0-9]' + - '[0-9]+.[0-9].[0-9]+' + pull_request: + branches: + - trunk + - '3.[7-9]' + - '[4-9].[0-9]' + paths: + # These files configure npm. Changes could affect the outcome. + - 'package*.json' + # JavaScript files are built using npm. + - '**.js' + # CSS and SCSS files are built using npm. + - '**.scss' + - '**.css' + # Changes to workflow files should always verify all workflows are successful. + - '.github/workflows/**.yml' + workflow_dispatch: + +# Cancels all previous workflow runs for pull requests that have not completed. +concurrency: + # The concurrency group contains the workflow name and the branch name for pull requests + # or the commit hash for any other events. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +# Disable permissions for all available scopes by default. +# Any needed permissions should be configured at the job level. +permissions: {} + +jobs: + # Tests the WordPress Core build process on multiple operating systems. + test-core-build-process: + name: Core running from ${{ matrix.directory }} + uses: WordPress/wordpress-develop/.github/workflows/reusable-test-core-build-process.yml@trunk + permissions: + contents: read + if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest, windows-latest ] + directory: [ 'build' ] + include: + # Only prepare artifacts once. + - os: ubuntu-latest + directory: 'build' + prepare-playground: true + with: + os: ${{ matrix.os }} + directory: ${{ matrix.directory }} + prepare-playground: ${{ matrix.prepare-playground && matrix.prepare-playground || false }} + test-emoji: false + + # Tests the WordPress Core build process on MacOS. + # + # This is separate from the job above in order to use stricter conditions when determining when to run. + # This avoids unintentionally consuming excessive minutes, as MacOS jobs consume minutes at a 10x rate. + # + # The `matrix` and `runner` contexts are not available for use within `if` expressions. So there is + # currently no way to determine the OS being used on a given job. + # See https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability. + test-core-build-process-macos: + name: Core running from ${{ matrix.directory }} + uses: WordPress/wordpress-develop/.github/workflows/reusable-test-core-build-process.yml@trunk + permissions: + contents: read + if: ${{ github.repository == 'WordPress/wordpress-develop' }} + strategy: + fail-fast: false + matrix: + os: [ macos-13 ] + directory: [ 'build' ] + with: + os: ${{ matrix.os }} + directory: ${{ matrix.directory }} + test-emoji: false + + slack-notifications: + name: Slack Notifications + uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk + permissions: + actions: read + contents: read + needs: [ test-core-build-process, test-core-build-process-macos ] + if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }} + with: + calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }} + secrets: + SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }} + SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }} + SLACK_GHA_FIXED_WEBHOOK: ${{ secrets.SLACK_GHA_FIXED_WEBHOOK }} + SLACK_GHA_FAILURE_WEBHOOK: ${{ secrets.SLACK_GHA_FAILURE_WEBHOOK }} + + failed-workflow: + name: Failed workflow tasks + runs-on: ubuntu-latest + permissions: + actions: write + needs: [ slack-notifications ] + if: | + always() && + github.repository == 'WordPress/wordpress-develop' && + github.event_name != 'pull_request' && + github.run_attempt < 2 && + ( + contains( needs.*.result, 'cancelled' ) || + contains( needs.*.result, 'failure' ) + ) + + steps: + - name: Dispatch workflow run + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + retries: 2 + retry-exempt-status-codes: 418 + script: | + github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'failed-workflow.yml', + ref: 'trunk', + inputs: { + run_id: '${{ github.run_id }}' + } + }); diff --git a/.github/workflows/test-npm.yml b/.github/workflows/test-npm.yml deleted file mode 100644 index 7b59b7be9192e..0000000000000 --- a/.github/workflows/test-npm.yml +++ /dev/null @@ -1,192 +0,0 @@ -name: Test npm - -on: - push: - branches: - - trunk - - '3.[7-9]' - - '[4-9].[0-9]' - tags: - - '[0-9]+.[0-9]' - - '[0-9]+.[0-9].[0-9]+' - pull_request: - branches: - - trunk - - '3.[7-9]' - - '[4-9].[0-9]' - paths: - # These files configure npm. Changes could affect the outcome. - - 'package*.json' - # JavaScript files are built using npm. - - '**.js' - # CSS and SCSS files are built using npm. - - '**.scss' - - '**.css' - # Changes to workflow files should always verify all workflows are successful. - - '.github/workflows/**.yml' - workflow_dispatch: - -# Cancels all previous workflow runs for pull requests that have not completed. -concurrency: - # The concurrency group contains the workflow name and the branch name for pull requests - # or the commit hash for any other events. - group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} - cancel-in-progress: true - -env: - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: ${{ true }} - -jobs: - # Verifies that installing npm dependencies and building WordPress works as expected. - # - # Performs the following steps: - # - Checks out the repository. - # - Logs debug information about the GitHub Action runner. - # - Installs NodeJS. - # _ Installs npm dependencies. - # - Builds WordPress to run from the `build` directory. - # - Cleans up after building WordPress to the `build` directory. - # - Builds WordPress to run from the `src` directory. - # - Cleans up after building WordPress to the `src` directory. - test-npm: - name: Test npm on ${{ matrix.os }} - runs-on: ${{ matrix.os }} - timeout-minutes: 20 - if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }} - strategy: - fail-fast: false - matrix: - os: [ ubuntu-latest, windows-latest ] - - steps: - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: Log debug information - run: | - npm --version - node --version - curl --version - git --version - svn --version - - - name: Set up Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version-file: '.nvmrc' - cache: npm - - - name: Install Dependencies - run: npm ci - - - name: Build WordPress - run: npm run build - - - name: Clean after building - run: npm run grunt clean - - - name: Build WordPress in /src - run: npm run build:dev - - - name: Clean after building in /src - run: npm run grunt clean -- --dev - - # Verifies that installing npm dependencies and building WordPress works as expected on MacOS. - # - # This is separate from the job above in order to use stricter conditions about when to run. - # This avoids unintentionally consuming excessive minutes, as MacOS jobs consume minutes at a 10x rate. - # - # The `matrix` and `runner` contexts are not available for use within `if` expressions. So there is - # currently no way to determine the OS being used on a given job. - # See https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability. - # - # Performs the following steps: - # - Checks out the repository. - # - Logs debug information about the GitHub Action runner. - # - Installs NodeJS. - # _ Installs npm dependencies. - # - Builds WordPress to run from the `build` directory. - # - Cleans up after building WordPress to the `build` directory. - # - Builds WordPress to run from the `src` directory. - # - Cleans up after building WordPress to the `src` directory. - test-npm-macos: - name: Test npm on MacOS - runs-on: macos-latest - timeout-minutes: 30 - if: ${{ github.repository == 'WordPress/wordpress-develop' }} - steps: - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - - name: Log debug information - run: | - npm --version - node --version - curl --version - git --version - svn --version - - - name: Set up Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version-file: '.nvmrc' - cache: npm - - - name: Install Dependencies - run: npm ci - - - name: Build WordPress - run: npm run build - - - name: Clean after building - run: npm run grunt clean - - - name: Build WordPress in /src - run: npm run build:dev - - - name: Clean after building in /src - run: npm run grunt clean -- --dev - - slack-notifications: - name: Slack Notifications - uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk - needs: [ test-npm, test-npm-macos ] - if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }} - with: - calling_status: ${{ needs.test-npm.result == 'success' && needs.test-npm-macos.result == 'success' && 'success' || ( needs.test-npm.result == 'cancelled' || needs.test-npm-macos.result == 'cancelled' ) && 'cancelled' || 'failure' }} - secrets: - SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }} - SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }} - SLACK_GHA_FIXED_WEBHOOK: ${{ secrets.SLACK_GHA_FIXED_WEBHOOK }} - SLACK_GHA_FAILURE_WEBHOOK: ${{ secrets.SLACK_GHA_FAILURE_WEBHOOK }} - - failed-workflow: - name: Failed workflow tasks - runs-on: ubuntu-latest - needs: [ test-npm, test-npm-macos, slack-notifications ] - if: | - always() && - github.repository == 'WordPress/wordpress-develop' && - github.event_name != 'pull_request' && - github.run_attempt < 2 && - ( - needs.test-npm.result == 'cancelled' || needs.test-npm.result == 'failure' || - needs.test-npm-macos.result == 'cancelled' || needs.test-npm-macos.result == 'failure' - ) - - steps: - - name: Dispatch workflow run - uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0 - with: - retries: 2 - retry-exempt-status-codes: 418 - script: | - github.rest.actions.createWorkflowDispatch({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'failed-workflow.yml', - ref: 'trunk', - inputs: { - run_id: '${{ github.run_id }}' - } - }); diff --git a/.github/workflows/welcome-new-contributors.yml b/.github/workflows/welcome-new-contributors.yml deleted file mode 100644 index 15457f65bd088..0000000000000 --- a/.github/workflows/welcome-new-contributors.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Welcome New Contributors - -on: - pull_request_target: - types: [ opened ] - -jobs: - # Comments on a pull request when the author is a new contributor. - post-welcome-message: - runs-on: ubuntu-latest - timeout-minutes: 5 - if: ${{ github.repository == 'WordPress/wordpress-develop' }} - - steps: - - uses: wow-actions/welcome@72817eb31cda1de60f51893d80e2e82ce57f7e76 # v1.3.0 - with: - FIRST_PR_COMMENT: > - Hi @{{ author }}! 👋 - - - Thank you for your contribution to WordPress! 💖 - - - It looks like this is your first pull request to `wordpress-develop`. Here are a few things to be aware of that may help you out! - - - **No one monitors this repository for new pull requests.** Pull requests **must** be attached to a Trac ticket to be considered for inclusion in WordPress Core. To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description. - - - **Pull requests are never merged on GitHub.** The WordPress codebase continues to be managed through the SVN repository that this GitHub repository mirrors. Please feel free to open pull requests to work on any contribution you are making. - - - More information about how GitHub pull requests can be used to contribute to WordPress can be found in [this blog post](https://make.wordpress.org/core/2020/02/21/working-on-trac-tickets-using-github-pull-requests/). - - - **Please include automated tests.** Including tests in your pull request is one way to help your patch be considered faster. To learn about WordPress' test suites, visit the [Automated Testing](https://make.wordpress.org/core/handbook/testing/automated-testing/) page in the handbook. - - - If you have not had a chance, please review the [Contribute with Code page](https://make.wordpress.org/core/handbook/contribute/) in the [WordPress Core Handbook](https://make.wordpress.org/core/handbook/). - - - The [Developer Hub](https://developer.wordpress.org/) also documents the various [coding standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/) that are followed: - - - [PHP Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/) - - - [CSS Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/css/) - - - [HTML Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/html/) - - - [JavaScript Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/javascript/) - - - [Accessibility Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/accessibility/) - - - [Inline Documentation Standards](https://developer.wordpress.org/coding-standards/inline-documentation-standards/) - - - Thank you, - - The WordPress Project