 |
VOOZH | about |
|
VOOZH | about |
This document describes the continuous integration and continuous deployment (CI/CD) infrastructure for the BuddyPress VIP Go plugin. The pipeline enforces code quality standards, runs automated tests across multiple PHP and WordPress versions, and manages dependency updates through GitHub Actions workflows and Dependabot.
For information about running tests locally during development, see Testing Infrastructure. For code quality standards enforced by the pipeline, see Code Quality and Standards.
The pipeline consists of three main automation systems:
| System | Purpose | Trigger |
|---|---|---|
| Integration Testing | Validates functionality across WordPress/PHP matrix | PR, push to develop/trunk, manual |
| Code Standards & Linting | Enforces PHPCS rules and syntax validation | PR, push to develop/trunk, manual |
| Dependency Management | Auto-updates GitHub Actions and Composer packages | Weekly schedule (Monday/Tuesday) |
All workflows use concurrency control to cancel outdated runs when new commits are pushed to the same branch.
Sources: .github/workflows/integration.yml1-83 .github/workflows/cs-lint.yml1-98 .github/dependabot.yml1-42
Sources: .github/workflows/integration.yml3-19 .github/workflows/cs-lint.yml3-21 .github/workflows/integration.yml24-27 .github/workflows/cs-lint.yml26-29 .github/dependabot.yml5-19 .github/dependabot.yml21-42
The integration.yml workflow validates plugin functionality across different WordPress and PHP version combinations using PHPUnit integration tests.
The matrix uses fail-fast: false .github/workflows/integration.yml46 to ensure both configurations run even if one fails, providing complete test coverage feedback.
Sources: .github/workflows/integration.yml37-46
Sources: .github/workflows/integration.yml48-82
| Step | Purpose | Configuration |
|---|---|---|
| Checkout | Clone repository | persist-credentials: false for security .github/workflows/integration.yml52 |
| PHP Setup | Install PHP | shivammathur/setup-php@2.36.0 with matrix version .github/workflows/integration.yml58-60 |
| Composer Install | Install dependencies | --ignore-platform-req=php+ allows flexible PHP versions .github/workflows/integration.yml65 |
| wp-env Setup | Configure WordPress | WP_ENV_CORE: WordPress/WordPress#${{ matrix.wordpress }} .github/workflows/integration.yml76 |
| Problem Matchers | Annotate failures | Inline annotations in PR diffs .github/workflows/integration.yml67-71 |
The workflow sets WP_VERSION as an environment variable .github/workflows/integration.yml34-35 for test configuration, though the tests themselves use wp-env's version control.
Sources: .github/workflows/integration.yml48-82
The cs-lint.yml workflow enforces WordPress VIP coding standards and validates PHP/XML syntax across multiple PHP versions.
The PHP 8.5 job uses continue-on-error: true .github/workflows/cs-lint.yml44 to test against unreleased PHP versions without blocking merges.
Sources: .github/workflows/cs-lint.yml39-44
Sources: .github/workflows/cs-lint.yml46-97
The workflow registers three problem matcher types to annotate failures directly in pull request diffs:
| Matcher | Action | Purpose |
|---|---|---|
phplint-problem-matcher | korelstar/phplint-problem-matcher@v1.2.0 | Inline PHP syntax errors .github/workflows/cs-lint.yml56-57 |
xmllint-problem-matcher | korelstar/xmllint-problem-matcher@v1.2.0 | Inline XML validation errors .github/workflows/cs-lint.yml61-62 |
cs2pr | Tool installed via Composer | Convert PHPCS checkstyle XML to PR annotations .github/workflows/cs-lint.yml52 .github/workflows/cs-lint.yml97 |
The XMLLINT_INDENT environment variable is set to a tab character .github/workflows/cs-lint.yml37 to match project coding standards.
Sources: .github/workflows/cs-lint.yml36-97
The PHPCS step uses continue-on-error: true .github/workflows/cs-lint.yml93 to prevent immediate workflow failure, allowing the cs2pr step to process and display all violations. The workflow generates a checkstyle XML report .github/workflows/cs-lint.yml94 which cs2pr parses and converts to GitHub annotations .github/workflows/cs-lint.yml97
Sources: .github/workflows/cs-lint.yml92-97
Dependabot automatically creates pull requests to update GitHub Actions and Composer dependencies on a weekly schedule.
All GitHub Actions updates are grouped into a single PR per week .github/dependabot.yml11-13 with the commit prefix "Actions" .github/dependabot.yml16-18
Sources: .github/dependabot.yml6-19
Composer updates use versioning-strategy: increase-if-necessary .github/dependabot.yml42 to avoid unnecessary constraint bumps. All development dependencies matching the defined patterns are grouped into a single weekly PR .github/dependabot.yml26-35
Sources: .github/dependabot.yml21-42
| Setting | GitHub Actions | Composer | Purpose |
|---|---|---|---|
| Schedule | Monday | Tuesday | Stagger updates to avoid conflicts |
| Grouping | All actions (*) .github/dependabot.yml12-13 | Dev dependencies only .github/dependabot.yml27-35 | Reduce PR noise |
| PR Limit | 5 .github/dependabot.yml19 | 5 .github/dependabot.yml41 | Prevent overwhelming maintainers |
| Commit Prefix | Actions .github/dependabot.yml17 | Composer .github/dependabot.yml39 | Clear changelog attribution |
| Labels | dependencies .github/dependabot.yml14-15 | dependencies .github/dependabot.yml37-38 | Automated filtering |
Sources: .github/dependabot.yml1-42
The CODEOWNERS file configures automatic reviewer assignment for pull requests.
The wildcard pattern * .github/CODEOWNERS3 matches all files in the repository, ensuring the @Automattic/vip-plugins team is automatically requested as reviewers on every pull request.
Sources: .github/CODEOWNERS1-4
Both workflows implement concurrency control to optimize CI resource usage and provide faster feedback.
Concurrency groups use ${{ github.workflow }}-${{ github.ref }} .github/workflows/integration.yml26 to create unique groups per workflow and branch. The cancel-in-progress: true .github/workflows/integration.yml27 setting immediately cancels outdated runs when new commits are pushed.
Sources: .github/workflows/integration.yml24-27 .github/workflows/cs-lint.yml26-29
Both workflows only run when relevant files are modified:
| File Pattern | Triggers |
|---|---|
.github/workflows/*.yml | Workflow file changes .github/workflows/integration.yml6 .github/workflows/cs-lint.yml6 |
**.php | PHP code changes .github/workflows/integration.yml7 .github/workflows/cs-lint.yml7 |
phpunit.xml.dist | PHPUnit configuration .github/workflows/integration.yml8 .github/workflows/cs-lint.yml9 |
composer.json | Dependency changes .github/workflows/integration.yml9 .github/workflows/cs-lint.yml10 |
.phpcs.xml.dist | PHPCS configuration (cs-lint only) .github/workflows/cs-lint.yml8 |
This filtering prevents unnecessary workflow runs for documentation-only changes or other non-code modifications.
Sources: .github/workflows/integration.yml3-18 .github/workflows/cs-lint.yml3-20
Both workflows use minimal permissions following the principle of least privilege:
The permissions: contents: read .github/workflows/integration.yml21-22 .github/workflows/cs-lint.yml23-24 restricts workflows to read-only access. The persist-credentials: false .github/workflows/integration.yml52 .github/workflows/cs-lint.yml67 setting in checkout actions prevents accidental credential exposure.
Sources: .github/workflows/integration.yml21-22 .github/workflows/integration.yml50-52 .github/workflows/cs-lint.yml23-24 .github/workflows/cs-lint.yml64-67
All third-party GitHub Actions are pinned to specific commit SHAs for security and reproducibility:
| Action | Repository | Pinned SHA | Version |
|---|---|---|---|
actions/checkout | GitHub official | de0fac2e4500dabe0009e67214ff5f5447ce83dd | v6.0.2 .github/workflows/integration.yml50 |
shivammathur/setup-php | Community | 44454db4f0199b8b9685a5d763dc37cbf79108e1 | 2.36.0 .github/workflows/integration.yml58 |
ramsey/composer-install | Community | 3cf229dc2919194e9e36783941438d17239e8520 | 3.1.1 .github/workflows/integration.yml63 |
korelstar/phplint-problem-matcher | Community | cb2b753750ec7bf13a7cde0a476df8c5605bdfb1 | v1.2.0 .github/workflows/cs-lint.yml57 |
korelstar/xmllint-problem-matcher | Community | 1bd292d642ddf3d369d02aaa8b262834d61198c0 | v1.2.0 .github/workflows/cs-lint.yml62 |
ChristophWurst/xmllint-action | Community | 7c54ff113fc0f6d4588a15cb4dfe31b6ecca5212 | v1.2.1 .github/workflows/cs-lint.yml86 |
SHA pinning prevents malicious updates to third-party actions from automatically compromising the CI pipeline.
Sources: .github/workflows/integration.yml50 .github/workflows/integration.yml58 .github/workflows/integration.yml63 .github/workflows/cs-lint.yml57 .github/workflows/cs-lint.yml62 .github/workflows/cs-lint.yml86
The following table summarizes all automated jobs and their execution contexts:
| Workflow | Job Name | PHP Versions | WordPress Versions | Trigger | Purpose |
|---|---|---|---|---|---|
integration.yml | test | 8.2, latest | 6.6, master | PR, push, manual | Integration tests (single + multisite) |
cs-lint.yml | checkcs | 8.2, latest, 8.5 | N/A | PR, push, manual | PHPCS, PHP lint, XML lint |
| (Dependabot) | N/A | N/A | N/A | Weekly (Mon/Tue) | Dependency updates |
The fail-fast: false setting on both workflows .github/workflows/integration.yml46 .github/workflows/cs-lint.yml42 ensures all matrix combinations complete even if one fails, providing comprehensive test coverage feedback.
Sources: .github/workflows/integration.yml30-82 .github/workflows/cs-lint.yml32-97 .github/dependabot.yml1-42
Refresh this wiki