From 529c5562d665badf6c8bf941274b9e7bf2018e61 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 17 Nov 2023 05:34:10 +0100 Subject: [PATCH 01/34] GH Actions: update a few links in inline comments ... as the old URLs are no longer valid. --- .github/workflows/cs.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 184d2d5..c2dcbed 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -24,7 +24,7 @@ jobs: tools: cs2pr # Install dependencies and handle caching in one go. - # @link https://github.com/marketplace/actions/install-composer-dependencies + # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies uses: "ramsey/composer-install@v2" with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fc8e702..bcecd6b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -45,7 +45,7 @@ jobs: coverage: ${{ matrix.coverage == true && 'xdebug' || 'none' }} # Install dependencies and handle caching in one go. - # @link https://github.com/marketplace/actions/install-composer-dependencies + # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - normal if: matrix.php != '8.3' uses: "ramsey/composer-install@v2" From 71336da79a136358216292d58b03129cdd68e698 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 20 Nov 2023 04:13:08 +0100 Subject: [PATCH 02/34] GH Actions/test: PHP 8.3 has been released * Builds against PHP 8.3 are no longer allowed to fail. * Update PHP version on which code coverage is run (high should now be 8.3). * Add _allowed to fail_ build against PHP 8.4. --- .github/workflows/test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fc8e702..da8049a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,17 +19,17 @@ jobs: strategy: matrix: - php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.3'] + php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.4'] coverage: [false] # Run code coverage only on high/low PHP. include: - php: 5.6 coverage: true - - php: 8.2 + - php: 8.3 coverage: true - continue-on-error: ${{ matrix.php == '8.3' }} + continue-on-error: ${{ matrix.php == '8.4' }} name: "Tests: PHP ${{ matrix.php }}" @@ -47,14 +47,14 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - normal - if: matrix.php != '8.3' + if: matrix.php != '8.4' uses: "ramsey/composer-install@v2" with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") - name: Install Composer dependencies - ignore PHP restrictions - if: matrix.php == '8.3' + if: matrix.php == '8.4' uses: "ramsey/composer-install@v2" with: composer-options: --ignore-platform-req=php+ From a801ad33b6a8f4582b597da9b8411a2d59bec068 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 21 Sep 2023 09:15:14 +0200 Subject: [PATCH 03/34] Composer.json: add link to security policy This is a new feature available since Composer 2.6.0, which was released a few weeks ago. When this key is added, it will also show a link to the security policy on Packagist. Refs: * https://github.com/composer/composer/releases/tag/2.6.0 * https://github.com/composer/composer/pull/11271 * https://github.com/composer/packagist/pull/1353 --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index b15ffa3..61b7462 100644 --- a/composer.json +++ b/composer.json @@ -24,7 +24,8 @@ "homepage": "https://github.com/Yoast/wp-test-utils/", "support": { "issues": "https://github.com/Yoast/wp-test-utils/issues", - "source": "https://github.com/Yoast/wp-test-utils" + "source": "https://github.com/Yoast/wp-test-utils", + "security": "https://github.com/Yoast/wp-test-utils/security/policy" }, "require": { "php": ">=5.6", From 73fdd2a484f1d65aaa65c1b9076f28779c33b92c Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sat, 16 Sep 2023 03:59:06 +0200 Subject: [PATCH 04/34] GH Actions: switch to Coveralls action runner to upload reports Simplify the code coverage workflow by removing the dependency on the `php-coveralls/php-coveralls` package and switching to the `coverallsapp/github-action` action runner, which, as of the release of the [0.6.5 version of the Coverage Reporter](https://github.com/coverallsapp/coverage-reporter/releases/tag/v0.6.5) now natively supports the Clover format. The `COVERALLS_TOKEN` can now be removed from Settings -> Secrets. --- .github/workflows/test.yml | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bcd3881..c420829 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -72,26 +72,14 @@ jobs: if: ${{ matrix.coverage == true }} run: composer coverage - # PHP Coveralls doesn't fully support PHP 8.x yet, so switch the PHP version. - - name: Switch to PHP 7.4 - if: ${{ success() && matrix.coverage == true && startsWith( matrix.php, '8' ) }} - uses: shivammathur/setup-php@v2 - with: - php-version: 7.4 - coverage: none - - # Global install is used to prevent a conflict with the local composer.lock in PHP 8.0+. - - name: Install Coveralls - if: ${{ success() && matrix.coverage == true }} - run: composer global require php-coveralls/php-coveralls:"^2.5.3" --no-interaction - - name: Upload coverage results to Coveralls if: ${{ success() && matrix.coverage == true }} - env: - COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_TOKEN }} - COVERALLS_PARALLEL: true - COVERALLS_FLAG_NAME: php-${{ matrix.php }} - run: php-coveralls -v -x build/logs/clover.xml + uses: coverallsapp/github-action@v2 + with: + format: clover + file: build/logs/clover.xml + flag-name: php-${{ matrix.php }} + parallel: true coveralls-finish: needs: test @@ -101,5 +89,4 @@ jobs: - name: Coveralls Finished uses: coverallsapp/github-action@v2 with: - github-token: ${{ secrets.COVERALLS_TOKEN }} parallel-finished: true From f31de128ac934ccd74628876431981c3b99c7a42 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sat, 16 Sep 2023 19:29:10 +0200 Subject: [PATCH 05/34] CS: minor tweaks to comply with WordPressCS 3.0 --- src/BrainMonkey/TestCase.php | 4 ++-- src/BrainMonkey/YoastTestCase.php | 10 +++++----- src/WPIntegration/TestCaseNoPolyfills.php | 1 - src/WPIntegration/bootstrap-functions.php | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/BrainMonkey/TestCase.php b/src/BrainMonkey/TestCase.php index e1d67cf..b1a2f9e 100644 --- a/src/BrainMonkey/TestCase.php +++ b/src/BrainMonkey/TestCase.php @@ -81,10 +81,10 @@ public function stubTranslationFunctions() { [ '__' => null, '_x' => null, - '_n' => static function( $single, $plural, $number ) { + '_n' => static function ( $single, $plural, $number ) { return ( $number === 1 ) ? $single : $plural; }, - '_nx' => static function( $single, $plural, $number ) { + '_nx' => static function ( $single, $plural, $number ) { return ( $number === 1 ) ? $single : $plural; }, 'translate' => null, diff --git a/src/BrainMonkey/YoastTestCase.php b/src/BrainMonkey/YoastTestCase.php index 113a332..167b0f7 100644 --- a/src/BrainMonkey/YoastTestCase.php +++ b/src/BrainMonkey/YoastTestCase.php @@ -24,7 +24,7 @@ protected function set_up() { Monkey\Functions\stubs( [ // Passing "null" makes the function return it's first argument. - 'get_bloginfo' => static function( $show ) { + 'get_bloginfo' => static function ( $show ) { switch ( $show ) { case 'charset': return 'UTF-8'; @@ -34,14 +34,14 @@ protected function set_up() { return $show; }, - 'is_multisite' => static function() { + 'is_multisite' => static function () { if ( \defined( 'WP_TESTS_MULTISITE' ) ) { return (bool) \WP_TESTS_MULTISITE; } return false; }, - 'mysql2date' => static function( $format, $date ) { + 'mysql2date' => static function ( $format, $date ) { return $date; }, 'number_format_i18n' => null, @@ -51,7 +51,7 @@ protected function set_up() { 'wp_parse_args' => static function ( $args, $defaults ) { return \array_merge( $defaults, $args ); }, - 'wp_strip_all_tags' => static function( $text, $remove_breaks = false ) { + 'wp_strip_all_tags' => static function ( $text, $remove_breaks = false ) { $text = \preg_replace( '@<(script|style)[^>]*?>.*?@si', '', $text ); $text = \strip_tags( $text ); @@ -62,7 +62,7 @@ protected function set_up() { return \trim( $text ); }, 'wp_slash' => null, - 'wp_unslash' => static function( $value ) { + 'wp_unslash' => static function ( $value ) { return \is_string( $value ) ? \stripslashes( $value ) : $value; }, ] diff --git a/src/WPIntegration/TestCaseNoPolyfills.php b/src/WPIntegration/TestCaseNoPolyfills.php index 5a2499f..b17be10 100644 --- a/src/WPIntegration/TestCaseNoPolyfills.php +++ b/src/WPIntegration/TestCaseNoPolyfills.php @@ -26,5 +26,4 @@ abstract class TestCase extends WP_UnitTestCase { use ExpectOutputHelper; - } diff --git a/src/WPIntegration/bootstrap-functions.php b/src/WPIntegration/bootstrap-functions.php index f934a6a..282dd32 100644 --- a/src/WPIntegration/bootstrap-functions.php +++ b/src/WPIntegration/bootstrap-functions.php @@ -42,7 +42,7 @@ function get_path_to_wp_test_dir() { * * @return string The file path with normalized slashes. */ - $normalize_path = static function( $path ) { + $normalize_path = static function ( $path ) { return \str_replace( '\\', '/', $path ); }; From 2c9e0564363ecc8424b97dea1d160289d9614a54 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 14 Dec 2023 23:39:44 +0100 Subject: [PATCH 06/34] Composer/PHPCS: update to YoastCS 3.0.0 YoastCS 3.0.0 has been released and is based on WordPressCS 3.0.0. This commit makes the necessary updates for that: * Composer: update the requirements. * PHPCS ruleset: - Exclude new (and more) WP specific rules which don't apply to this package. - Exclude code modernization sniffs which can't be applied to this package yet. - Enforce strict PSR-4 for both src and tests. - Update a few property names for new names in WordPressCS 3.0. - Remove a few exclusions which are no longer needed. - Add a few selective exclusions for specific situations. * GHA CS workflow: run the CS check on the latest PHP version. No need to run on PHP 7.4 any more as the deprecations previously encountered were all fixed. While YoastCS 3.0.0 contains lots of goodies, it also has a downside: a minimum PHP requirement of PHP 7.2, which conflicts with the minimum supported PHP version of this package. This causes two issues: 1. A plain `composer install` will no longer work on PHP < 7.2. This means the YoastCS package will need to be removed for the CI test workfows. 2. As the (Parallel) linting packages are "inherited" from YoastCS, removing YoastCS would break the linting command in CI, so we need to `require-dev` the Parallel Lint packages in PHPUnit Polyfills itself to allow the workflow to continue to work. With those two work-arounds in place, everything should work again. Refs: * https://github.com/Yoast/yoastcs/releases/tag/3.0.0 * https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0 --- .github/workflows/cs.yml | 2 +- .github/workflows/test.yml | 4 ++ .phpcs.xml.dist | 91 +++++++++++++++++++++++--------------- composer.json | 4 +- 4 files changed, 63 insertions(+), 38 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index c2dcbed..0d5cc48 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -19,7 +19,7 @@ jobs: - name: Install PHP uses: shivammathur/setup-php@v2 with: - php-version: '7.4' + php-version: 'latest' coverage: none tools: cs2pr diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c420829..1550827 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,6 +44,10 @@ jobs: ini-values: error_reporting=E_ALL, display_errors=On coverage: ${{ matrix.coverage == true && 'xdebug' || 'none' }} + # YoastCS 3.0 has a PHP 7.2 minimum which conflicts with the requirements of this package. + - name: 'Composer: remove YoastCS' + run: composer remove --dev yoast/yoastcs --no-update --no-interaction + # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - normal diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index ff1e0a9..018a9a8 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -1,27 +1,27 @@ - Check the code of WP Test Utils. + Check the code of WP Test Utils. - + - . + . - - + + - - + + - - + + - - + + @@ -41,16 +41,25 @@ - - - - - - + + + + + + + + + + + - + + + *\.php + - + - - + + - - + + + /tests/*\.php + + + + + + + @@ -78,7 +95,7 @@ - + @@ -92,11 +109,6 @@ ############################################################################# --> - - - /src/*/bootstrap*\.php$ - - /src/BrainMonkey/bootstrap\.php$ @@ -116,9 +128,16 @@ /src/Helpers/*\.php$ - + + + + + /tests/*/Fixtures/*\.php$ + + + - /tests/*\.php$ + /tests/*/Fixtures/*\.php$ diff --git a/composer.json b/composer.json index 61b7462..bb2c1ca 100644 --- a/composer.json +++ b/composer.json @@ -33,7 +33,9 @@ "yoast/phpunit-polyfills": "^1.1.0" }, "require-dev": { - "yoast/yoastcs": "^2.3.1" + "php-parallel-lint/php-console-highlighter": "^1.0.0", + "php-parallel-lint/php-parallel-lint": "^1.3.2", + "yoast/yoastcs": "^3.0" }, "minimum-stability": "dev", "prefer-stable": true, From c90206647a5185008f331fe5e822acb7a4e3b168 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 09:29:47 +0000 Subject: [PATCH 07/34] GH Actions: Bump ramsey/composer-install from 2 to 3 Bumps [ramsey/composer-install](https://github.com/ramsey/composer-install) from 2 to 3. - [Release notes](https://github.com/ramsey/composer-install/releases) - [Commits](https://github.com/ramsey/composer-install/compare/v2...v3) --- updated-dependencies: - dependency-name: ramsey/composer-install dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/test.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 0d5cc48..68e04cf 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -26,7 +26,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v2" + uses: "ramsey/composer-install@v3" with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1550827..26978e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -52,14 +52,14 @@ jobs: # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - normal if: matrix.php != '8.4' - uses: "ramsey/composer-install@v2" + uses: "ramsey/composer-install@v3" with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") - name: Install Composer dependencies - ignore PHP restrictions if: matrix.php == '8.4' - uses: "ramsey/composer-install@v2" + uses: "ramsey/composer-install@v3" with: composer-options: --ignore-platform-req=php+ # Bust the cache at least once a month - output format: YYYY-MM. From 7f8b706e3c4423443f67a234b1e9f99eae33510f Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 5 Apr 2024 19:42:25 +0200 Subject: [PATCH 08/34] Composer: update dev dependencies Nearly all dev dependencies have had new releases. This commit updates the plugin to use the new versions. For linting, the upgrade will get us preliminary PHP 8.4 support. For CS, the upgrades will get us improved syntax support for PHP 8.3, improved information related to the WP 6.5 release, more documentation and a range of bug fixes. --- composer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index bb2c1ca..626ab3d 100644 --- a/composer.json +++ b/composer.json @@ -34,8 +34,8 @@ }, "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0.0", - "php-parallel-lint/php-parallel-lint": "^1.3.2", - "yoast/yoastcs": "^3.0" + "php-parallel-lint/php-parallel-lint": "^1.4.0", + "yoast/yoastcs": "^3.1.0" }, "minimum-stability": "dev", "prefer-stable": true, From c0cff01530b1a9bf478264dad7fe4f9815aa8ab5 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 5 Apr 2024 19:43:32 +0200 Subject: [PATCH 09/34] Composer: update PHPUnit Polyfills This upgrade will get us continued support for running the tests via a PHAR file after the latest PHPUnit releases, as well as preliminary PHP 8.4 support. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 626ab3d..90fae2e 100644 --- a/composer.json +++ b/composer.json @@ -30,7 +30,7 @@ "require": { "php": ">=5.6", "brain/monkey": "^2.6.1", - "yoast/phpunit-polyfills": "^1.1.0" + "yoast/phpunit-polyfills": "^1.1.1" }, "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0.0", From b5e3879244a25a63b150dd384ca5f16234562336 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 7 Nov 2024 13:24:46 +0100 Subject: [PATCH 10/34] Composer: update BrainMonkey to `^2.6.2` Set the minimum supported BrainMonkey version to the release which adds compatibility with PHP 8.4. Refs: * https://github.com/Brain-WP/BrainMonkey/releases/tag/2.6.2 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 90fae2e..ba9bf04 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ }, "require": { "php": ">=5.6", - "brain/monkey": "^2.6.1", + "brain/monkey": "^2.6.2", "yoast/phpunit-polyfills": "^1.1.1" }, "require-dev": { From aa2f7759c22fc414c6a907f58afabfbdf585a033 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 7 Nov 2024 13:41:11 +0100 Subject: [PATCH 11/34] GH Actions/test: anticipate PHP 8.4 release * Builds against PHP 8.4 are no longer allowed to fail. * Update PHP version on which code coverage is run (high should now be 8.4). * Add _allowed to fail_ build against PHP 8.5. --- .github/workflows/test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 26978e8..c4a98e9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,17 +19,17 @@ jobs: strategy: matrix: - php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.4'] + php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.5'] coverage: [false] # Run code coverage only on high/low PHP. include: - php: 5.6 coverage: true - - php: 8.3 + - php: 8.4 coverage: true - continue-on-error: ${{ matrix.php == '8.4' }} + continue-on-error: ${{ matrix.php == '8.5' }} name: "Tests: PHP ${{ matrix.php }}" @@ -51,14 +51,14 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - normal - if: matrix.php != '8.4' + if: matrix.php != '8.5' uses: "ramsey/composer-install@v3" with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") - name: Install Composer dependencies - ignore PHP restrictions - if: matrix.php == '8.4' + if: matrix.php == '8.5' uses: "ramsey/composer-install@v3" with: composer-options: --ignore-platform-req=php+ From ed1d8a10d99da2c073bca732ba63d179cf2716aa Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 7 Nov 2024 15:22:43 +0100 Subject: [PATCH 12/34] Composer: prevent a lock file from being created Composer 1.10.0 introduced a `lock` config option, which, when set to `false` will prevent a `composer.lock` file from being created and will ignore it when one exists. This is a useful option for libraries such as this where the `lock` file has no meaning. It also makes life easier for contributors as they don't have to remember that for this repo they should use `composer update` instead of `composer install`. Both will now work the same. Refs: https://getcomposer.org/doc/06-config.md#lock --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ba9bf04..bbbaabf 100644 --- a/composer.json +++ b/composer.json @@ -56,7 +56,8 @@ "config": { "allow-plugins": { "dealerdirect/phpcodesniffer-composer-installer": true - } + }, + "lock": false }, "extra": { "branch-alias": { From acf7b81262fecb069111dcab4e0b8258853ffa29 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 7 Nov 2024 20:11:38 +0100 Subject: [PATCH 13/34] CS: minor tweaks --- src/BrainMonkey/TestCase.php | 2 +- src/BrainMonkey/bootstrap.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/BrainMonkey/TestCase.php b/src/BrainMonkey/TestCase.php index b1a2f9e..983e851 100644 --- a/src/BrainMonkey/TestCase.php +++ b/src/BrainMonkey/TestCase.php @@ -198,7 +198,7 @@ public static function makeDoubleForUnavailableClass( $class_name ) { * * @see TestCase::makeDoubleForUnavailableClass() * - * @param string[] $class_names List of class names to be "faked". + * @param array $class_names List of class names to be "faked". * * @return void */ diff --git a/src/BrainMonkey/bootstrap.php b/src/BrainMonkey/bootstrap.php index 96c41f2..56d3063 100644 --- a/src/BrainMonkey/bootstrap.php +++ b/src/BrainMonkey/bootstrap.php @@ -39,7 +39,7 @@ * * @see TestCase::makeDoubleForUnavailableClass() * - * @param string[] $class_names List of class names to be "faked". + * @param array $class_names List of class names to be "faked". * * @return void */ From e395ab464bf046a0758ac854d4b5275802e51f57 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sat, 21 Dec 2024 15:56:40 +0100 Subject: [PATCH 14/34] GH Actions: add actionlint job This job checks the GH Actions workflows against syntax errors and other problems. --- .github/workflows/cs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 68e04cf..0fb8325 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -8,6 +8,10 @@ on: workflow_dispatch: jobs: + actionlint: + name: 'Lint GH Action workflows' + uses: Yoast/.github/.github/workflows/reusable-actionlint.yml@main + checkcs: name: 'Basic CS and QA checks' runs-on: ubuntu-latest From 4ae111e11d44b2db590479c3b3467a5b31250fce Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 23 Dec 2024 17:35:29 +0100 Subject: [PATCH 15/34] GH Actions: add merge-conflict check This commit adds a new workflow which runs on pushes (merges) to any of the long-running branches and whenever the contents of a pull requests changes. It will check whether any open PRs are in a "conflict state" (after the push) and if so, will add a "merge conflict" label and leave a comment on the PR asking the OP to solve the conflict. The workflow will automatically remove the label again when the conflict is resolved. This workflow uses a reusable action stored in the `.github` repository which takes care of the default settings, though a number of settings can still be overruled for an individual repo. For now, it has not been deemed necessary to overrule these though. --- .github/workflows/merge-conflict-check.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/merge-conflict-check.yml diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml new file mode 100644 index 0000000..8ed4213 --- /dev/null +++ b/.github/workflows/merge-conflict-check.yml @@ -0,0 +1,21 @@ +name: Check PRs for merge conflicts + +on: + # Check for new conflicts due to merges. + push: + branches: + - main + - develop + # Check conflicts in new PRs and for resolved conflicts due to an open PR being updated. + pull_request_target: + types: + - opened + - synchronize + - reopened + +jobs: + check-prs: + if: github.repository_owner == 'Yoast' + + name: Check PRs for merge conflicts + uses: Yoast/.github/.github/workflows/reusable-merge-conflict-check.yml@main From 34ba59b957bb2f9b641892f71555240be6730097 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sun, 5 Jan 2025 21:30:28 +0100 Subject: [PATCH 16/34] PHPCS: fix bug in ruleset Hmm... this is an awkward one and may need fixing in PHPCS 4.0, but in the mean time, let's fix it here. The base `Yoast` ruleset includes select sniffs from the `WordPressVIPMinimum` ruleset. These sniff do not apply to the WP TestUtils package. Now, when an `` rule references a ruleset name to _exclude_ those sniffs, that whole standard is read and included, after which the individual sniffs from the ruleset are excluded again. This also means that if such a ruleset _also_ includes sniffs from other standards and/or customizations (changes in severity/excludes/messaging/properties etc) to sniffs from other standards, those sniffs from other standards will still be included and the customizations still be applied. This will often silently lead to unexpected side-effects, like in the case of the exclusion of the `WordPressVIPMinimum` ruleset, which meant that certain rules we _do_ want applied, like "no superfluous whitespace at the end of a line", got unintentionally excluded. Fixed now by excluding the individual sniffs from the `WordPressVIPMinimum` standard which were included by the `Yoast` ruleset, instead of excluding the whole `WordPressVIPMinimum` standard. --- .phpcs.xml.dist | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index 018a9a8..0e76922 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -47,7 +47,10 @@ - + + + + From 65b2ed4187979371d3b1dde1ebad649a9ee24c89 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 20 Mar 2025 08:13:17 +0100 Subject: [PATCH 17/34] Composer: update to YoastCS 3.2.0 Refs: * https://github.com/Yoast/yoastcs/releases/tag/3.2.0 * https://github.com/PHPCSStandards/PHP_CodeSniffer/releases * https://github.com/PHPCSStandards/phpcsutils/releases * https://github.com/PHPCompatibility/PHPCompatibilityWP/releases * https://github.com/automattic/VIP-Coding-Standards/releases * https://github.com/sirbrillig/phpcs-variable-analysis/releases --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index bbbaabf..36efbe6 100644 --- a/composer.json +++ b/composer.json @@ -35,7 +35,7 @@ "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0.0", "php-parallel-lint/php-parallel-lint": "^1.4.0", - "yoast/yoastcs": "^3.1.0" + "yoast/yoastcs": "^3.2.0" }, "minimum-stability": "dev", "prefer-stable": true, From eb4a9f4dac50cf9cad1b371a9d7aa3376e1f6a59 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 19 May 2025 22:01:48 +0200 Subject: [PATCH 18/34] Dependabot: remove reviewers Support for the `reviewers` key in `dependabot.yml` files is being removed by GitHub on May 20th 2025. The recommendation is to have a `CODEOWNERS` file to set reviewers instead. For now, this commit removes the `reviewers` key from the `dependabot.yml` file without replacing it. That should prevent comments being left in PRs by the dependabot bot account about the field no longer being supported. Ref: * https://github.blog/changelog/2025-04-29-dependabot-reviewers-configuration-option-being-replaced-by-code-owners/ * https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-file-location --- .github/dependabot.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e53bc08..8713517 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,8 +15,6 @@ updates: prefix: "GH Actions:" labels: - "yoastcs/qa" - reviewers: - - "jrfnl" # Maintain dependencies for Composer. - package-ecosystem: "composer" @@ -29,5 +27,3 @@ updates: prefix: "Composer:" labels: - "yoastcs/qa" - reviewers: - - "jrfnl" From 4e3a52e53b7f9ef634446655708bd78ecb945107 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 14:17:46 +0000 Subject: [PATCH 19/34] GH Actions: Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 0fb8325..08beef9 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install PHP uses: shivammathur/setup-php@v2 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c4a98e9..e8d3ffd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install PHP uses: shivammathur/setup-php@v2 From 997935f114f55544a2176ed2f0b885e1eee036c6 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Wed, 19 Nov 2025 01:48:50 +0100 Subject: [PATCH 20/34] GH Actions: update for the release of PHP 8.5 ... which is expected to be released this Thursday. * Builds against PHP 8.5 are no longer allowed to fail. * Update PHP version on which code coverage is run (high should now be 8.5). * Add _allowed to fail_ build against PHP 8.6. Includes minor simplification by merging two steps. --- .github/workflows/test.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e8d3ffd..1044a0a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,17 +19,17 @@ jobs: strategy: matrix: - php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.5'] + php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.6'] coverage: [false] # Run code coverage only on high/low PHP. include: - php: 5.6 coverage: true - - php: 8.4 + - php: 8.5 coverage: true - continue-on-error: ${{ matrix.php == '8.5' }} + continue-on-error: ${{ matrix.php == '8.6' }} name: "Tests: PHP ${{ matrix.php }}" @@ -50,18 +50,11 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - - name: Install Composer dependencies - normal - if: matrix.php != '8.5' + - name: Install Composer dependencies uses: "ramsey/composer-install@v3" with: - # Bust the cache at least once a month - output format: YYYY-MM. - custom-cache-suffix: $(date -u "+%Y-%m") - - - name: Install Composer dependencies - ignore PHP restrictions - if: matrix.php == '8.5' - uses: "ramsey/composer-install@v3" - with: - composer-options: --ignore-platform-req=php+ + # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. + composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") From cd69d12e466c21b1bed9021a0cde6bbb5370dba2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 09:04:35 +0000 Subject: [PATCH 21/34] GH Actions: Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 08beef9..ba6fd5f 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install PHP uses: shivammathur/setup-php@v2 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1044a0a..2a42d2b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install PHP uses: shivammathur/setup-php@v2 From 41caf4c5d850f4bd7cc855eec6c7bea6779c2c04 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sun, 28 Dec 2025 01:27:32 +0100 Subject: [PATCH 22/34] README: fix a few badges The `poser.pugx.org` site isn't working half the time and broken badges do not look good. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0bf1acc..318b826 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ WP Test Utils ===================================================== -[![Version](https://poser.pugx.org/yoast/wp-test-utils/version)](https://packagist.org/packages/yoast/wp-test-utils) +[![Version](https://img.shields.io/packagist/v/yoast/wp-test-utils)](https://packagist.org/packages/yoast/wp-test-utils) [![CS Build Status](https://github.com/Yoast/wp-test-utils/actions/workflows/cs.yml/badge.svg)](https://github.com/Yoast/wp-test-utils/actions/workflows/cs.yml) [![Test Build Status](https://github.com/Yoast/wp-test-utils/actions/workflows/test.yml/badge.svg)](https://github.com/Yoast/wp-test-utils/actions/workflows/test.yml) [![Coverage Status](https://coveralls.io/repos/github/Yoast/wp-test-utils/badge.svg?branch=develop)](https://coveralls.io/github/Yoast/wp-test-utils?branch=develop) [![Minimum PHP Version](https://img.shields.io/packagist/php-v/yoast/wp-test-utils.svg?maxAge=3600)](https://packagist.org/packages/yoast/wp-test-utils) -[![License: BSD3](https://poser.pugx.org/yoast/wp-test-utils/license)](https://github.com/Yoast/wp-test-utils/blob/main/LICENSE) +[![License: BSD3](https://img.shields.io/packagist/l/yoast/wp-test-utils)](https://github.com/Yoast/wp-test-utils/blob/main/LICENSE) This library contains a set of utilities for running automated tests for WordPress plugins and themes. From 1418b0744b671bc9ffcd0ea5d99d27adfbfb1486 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 21:39:21 +0100 Subject: [PATCH 23/34] GH Actions/test: ensure all jobs have a name --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2a42d2b..7780e22 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -82,6 +82,8 @@ jobs: needs: test runs-on: ubuntu-latest + name: Coveralls Finish + steps: - name: Coveralls Finished uses: coverallsapp/github-action@v2 From 20c3598d658e80ee1a871770d11b71f89a8d7472 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 22:31:57 +0100 Subject: [PATCH 24/34] GH Actions: "pin" all action runners Recently there has been more and more focus on securing GH Actions workflows - in part due to some incidents. The problem with "unpinned" action runners is as follows: * Tags are mutable, which means that a tag could point to a safe commit today, but to a malicious commit tomorrow. Note that GitHub is currently beta-testing a new "immutable releases" feature (= tags and release artifacts can not be changed anymore once the release is published), but whether that has much effect depends on the ecosystem of the packages using the feature. Aside from that, it will likely take years before all projects adopt _immutable releases_. * Action runners often don't even point to a tag, but to a branch, making the used action runner a moving target. _Note: this type of "floating major" for action runners used to be promoted as good practice when the ecosystem was "young". Insights have since changed._ While it is convenient to use "floating majors" of action runners, as this means you only need to update the workflows on a new major release of the action runner, the price is higher risk of malicious code being executed in workflows. Dependabot, by now, can automatically submit PRs to update pinned action runners too, as long as the commit-hash pinned runner is followed by a comment listing the released version the commit is pointing to. So, what with Dependabot being capable of updating workflows with pinned action runners, I believe it is time to update the workflows to the _current_ best practice of using commit-hash pinned action runners. The downside of this change is that there will be more frequent Dependabot PRs. If this would become a burden/irritating, the following mitigations can be implemented: 1. Updating the Dependabot config to group updates instead of sending individual PRs per action runner. 2. A workflow to automatically merge Dependabot PRs as long as CI passes. Ref: https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions --- .github/workflows/cs.yml | 8 ++++---- .github/workflows/merge-conflict-check.yml | 2 +- .github/workflows/test.yml | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index ba6fd5f..d6eca33 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -10,7 +10,7 @@ on: jobs: actionlint: name: 'Lint GH Action workflows' - uses: Yoast/.github/.github/workflows/reusable-actionlint.yml@main + uses: Yoast/.github/.github/workflows/reusable-actionlint.yml@c14f66005ab514663a48d00712db67617c98728c # v1.0.0 checkcs: name: 'Basic CS and QA checks' @@ -18,10 +18,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 with: php-version: 'latest' coverage: none @@ -30,7 +30,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml index 8ed4213..1870754 100644 --- a/.github/workflows/merge-conflict-check.yml +++ b/.github/workflows/merge-conflict-check.yml @@ -18,4 +18,4 @@ jobs: if: github.repository_owner == 'Yoast' name: Check PRs for merge conflicts - uses: Yoast/.github/.github/workflows/reusable-merge-conflict-check.yml@main + uses: Yoast/.github/.github/workflows/reusable-merge-conflict-check.yml@c14f66005ab514663a48d00712db67617c98728c # v1.0.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7780e22..33e70ed 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,10 +35,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 with: php-version: ${{ matrix.php }} ini-values: error_reporting=E_ALL, display_errors=On @@ -51,7 +51,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} @@ -71,7 +71,7 @@ jobs: - name: Upload coverage results to Coveralls if: ${{ success() && matrix.coverage == true }} - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7 with: format: clover file: build/logs/clover.xml @@ -86,6 +86,6 @@ jobs: steps: - name: Coveralls Finished - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7 with: parallel-finished: true From 9abf2e733a1291037105488527641ab105129967 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 21:39:10 +0100 Subject: [PATCH 25/34] Dependabot: update config :point_right: Important: this is for **version** updates only, not for security updates, which are handled separately and don't depend on this configuration. --- This commit makes the following changes to the Dependabot config to reduce the number of Dependabot PRs, while still keeping the workflows up to date with a reasonable frequency: * It introduces a "group". By default Dependabot raises individual PRs for each update. Now, it will group updates to new minor or patch release for all action runners into a single PR. Updates to new major releases of action runners will still be raised as individual PRs. * It changes the schedule from `weekly` (on Monday, at whatever time this repo reaches the front of the HUGE queue which it will always have on Monday) to twice a month at a specific time which is not midnight. Aside from making the PRs less frequent, it should also make the arrival time more predictable as the queue created at 22:10 (in whatever timezone Dependabot runs in) will be next to nothing as it would need more repos to use this exact configuration. Refs: * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates * https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference --- .github/dependabot.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8713517..7b09fe1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,18 +9,26 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "cron" + cronjob: "15 22 5,20 * *" # At 22:15, every 5th and 20th day of the month. open-pull-requests-limit: 5 commit-message: prefix: "GH Actions:" labels: - "yoastcs/qa" + groups: + action-runners: + applies-to: version-updates + update-types: + - "minor" + - "patch" # Maintain dependencies for Composer. - package-ecosystem: "composer" directory: "/" schedule: - interval: "weekly" + interval: "cron" + cronjob: "15 22 5,20 * *" # At 22:15, every 5th and 20th day of the month. open-pull-requests-limit: 5 # Set to 0 to (temporarily) disable. versioning-strategy: "increase-if-necessary" commit-message: From 9201f4a7c0e08db052dc29feb379e9d845ac9671 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 22:34:55 +0100 Subject: [PATCH 26/34] GH Actions: do not persist credentials > By default, using `actions/checkout` causes a credential to be persisted in the checked-out repo's `.git/config`, so that subsequent `git` operations can be authenticated. > > Subsequent steps may accidentally publicly persist `.git/config`, e.g. by including it in a publicly accessible artifact via `actions/upload-artifact`. > > However, even without this, persisting the credential in the `.git/config` is non-ideal unless actually needed. > > **Remediation** > > Unless needed for `git` operations, `actions/checkout` should be used with `persist-credentials: false`. > > If the persisted credential is needed, it should be made explicit with `persist-credentials: true`. This has now been addressed in all workflows. Refs: * https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ * https://docs.zizmor.sh/audits/#artipacked --- .github/workflows/cs.yml | 2 ++ .github/workflows/test.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index d6eca33..faa0966 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -19,6 +19,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - name: Install PHP uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 33e70ed..413970c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,6 +36,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - name: Install PHP uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 From 6ac0c03b66a1c3a15ce7e11ebe3fa954935d80b0 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 21:39:41 +0100 Subject: [PATCH 27/34] GH Actions: update PHP ini configuration Add `display_startup_errors=On` and `assert.exception=1` as per the current recommendation from PHPUnit. Ref: * https://github.com/sebastianbergmann/phpunit-documentation-english/commit/b3b159cbe9bd7eb5656dd381fc6f028549601dce * https://docs.phpunit.de/en/12.5/installation.html#configuring-php-for-development --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 413970c..9ef7bcd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -43,7 +43,7 @@ jobs: uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 with: php-version: ${{ matrix.php }} - ini-values: error_reporting=E_ALL, display_errors=On + ini-values: zend.assertions=1, assert.exception=1, error_reporting=-1, display_errors=On, display_startup_errors=On coverage: ${{ matrix.coverage == true && 'xdebug' || 'none' }} # YoastCS 3.0 has a PHP 7.2 minimum which conflicts with the requirements of this package. From ff5ca4a1bd272fd86ac83829733e349426370746 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 21:43:10 +0100 Subject: [PATCH 28/34] GH Actions: fail "setup-php" if requested tooling could not be installed Setup-PHP will normally "gracefully" show a warning and not the build when an extension or tool failed to install. This is not particularly useful as that means that either there will be a failure later on in the build due to the extension or tool missing, or the build will not be representative of what is supposed to be tested. This commit changes this behaviour to fail the build at the `setup-php` step, which also makes debugging these type of build failures much more straight-forward. Ref: https://github.com/shivammathur/setup-php?tab=readme-ov-file#fail-fast-optional --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 413970c..022bd36 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -45,6 +45,8 @@ jobs: php-version: ${{ matrix.php }} ini-values: error_reporting=E_ALL, display_errors=On coverage: ${{ matrix.coverage == true && 'xdebug' || 'none' }} + env: + fail-fast: true # YoastCS 3.0 has a PHP 7.2 minimum which conflicts with the requirements of this package. - name: 'Composer: remove YoastCS' From 33cd49c16a1f31df3d023a5b19935e6a17f89b75 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 29 Dec 2025 23:29:41 +0100 Subject: [PATCH 29/34] GH Actions: fail "setup-php" if requested tooling could not be installed [2] Follow up on 98, which missed one instance of `setup-php`. --- Setup-PHP will normally "gracefully" show a warning and not the build when an extension or tool failed to install. This is not particularly useful as that means that either there will be a failure later on in the build due to the extension or tool missing, or the build will not be representative of what is supposed to be tested. This commit changes this behaviour to fail the build at the `setup-php` step, which also makes debugging these type of build failures much more straight-forward. Ref: https://github.com/shivammathur/setup-php?tab=readme-ov-file#fail-fast-optional --- .github/workflows/cs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index faa0966..d5740a5 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -28,6 +28,8 @@ jobs: php-version: 'latest' coverage: none tools: cs2pr + env: + fail-fast: true # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer From 44007b29b569677bb4d801a13a867b4a6091c1ec Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 5 Feb 2026 00:07:52 +0100 Subject: [PATCH 30/34] Composer: update to YoastCS 3.3.0 Includes excluding some newly added sniffs as they can't be applied yet due to this package adhering to a different minimum PHP version than most other Yoast packages. Refs: * https://github.com/Yoast/yoastcs/releases/tag/3.3.0 * https://github.com/PHPCSStandards/PHP_CodeSniffer/releases * https://github.com/PHPCSStandards/phpcsutils/releases * https://github.com/PHPCompatibility/PHPCompatibilityWP/releases * https://github.com/automattic/VIP-Coding-Standards/releases * https://github.com/sirbrillig/phpcs-variable-analysis/releases --- .phpcs.xml.dist | 5 +++++ composer.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index 0e76922..112b5d0 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -54,8 +54,13 @@ + + + + + diff --git a/composer.json b/composer.json index 36efbe6..3901c0a 100644 --- a/composer.json +++ b/composer.json @@ -35,7 +35,7 @@ "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0.0", "php-parallel-lint/php-parallel-lint": "^1.4.0", - "yoast/yoastcs": "^3.2.0" + "yoast/yoastcs": "^3.3.0" }, "minimum-stability": "dev", "prefer-stable": true, From 68c34f7508554ff8f4d9ff301e32caac497ba55c Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 5 Feb 2026 00:12:16 +0100 Subject: [PATCH 31/34] Composer: update PHPUnit Polyfills This upgrade will get us improved compatibility with PHP 8.5. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 3901c0a..c5ba655 100644 --- a/composer.json +++ b/composer.json @@ -30,7 +30,7 @@ "require": { "php": ">=5.6", "brain/monkey": "^2.6.2", - "yoast/phpunit-polyfills": "^1.1.1" + "yoast/phpunit-polyfills": "^1.1.5" }, "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0.0", From 83031404e51c4e6173340c0d866bea714a4106ce Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 5 Feb 2026 12:52:29 +0100 Subject: [PATCH 32/34] Composer: update the version constraint for BrainMonkey to `^2.7.0` BrainMonkey 2.7.0 has just been released and adds improved compatibility with WP 6.9 for select functions, as well as confirms compatibility with PHP 8.4 and 8.5. Ref: https://github.com/Brain-WP/BrainMonkey/releases/tag/2.7.0 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index c5ba655..5f73896 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ }, "require": { "php": ">=5.6", - "brain/monkey": "^2.6.2", + "brain/monkey": "^2.7.0", "yoast/phpunit-polyfills": "^1.1.5" }, "require-dev": { From f741c18521c1902c0b75f0d442a496d9197f8789 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 5 Feb 2026 13:09:58 +0100 Subject: [PATCH 33/34] Add release checklist ... as a straight-forward reminder of the steps to release. --- .github/release-checklist.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/release-checklist.md diff --git a/.github/release-checklist.md b/.github/release-checklist.md new file mode 100644 index 0000000..2eeb051 --- /dev/null +++ b/.github/release-checklist.md @@ -0,0 +1,30 @@ +Release checklist +=========================================================== + +## Pre-release + +- [ ] Composer: check if any dependencies/version constraints need updating - PR #xxx +- [ ] Add changelog for the release - PR #xxx + :pencil2: Verify that a release link at the bottom of the `CHANGELOG.md` file has been added. + +## Release + +- [ ] Create PR to merge the `develop` branch into `main`. +- [ ] Merge that PR +- [ ] Make sure all CI builds are green. +- [ ] Create a release from the tag (careful, GH defaults to `develop`!) & copy & paste the changelog to it. + Make sure to copy the links to the issues and the links to the GH usernames from the bottom of the changelog! +- [ ] Close the milestone. +- [ ] Open a new milestone for the next release. +- [ ] If any open PRs/issues which were milestoned for the release did not make it into the release, update their milestone. + +## Announce + +- [ ] Tweet about the release. + + +--- + +Additional actions to take, not part of the release checklist: +- [ ] Post a link to the release in the Yoast Slack. +- [ ] Update the test dependencies in Yoast packages. From 0a17fc5710e0704296b72a8572a2040a9b81d531 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Thu, 7 Nov 2024 13:35:04 +0100 Subject: [PATCH 34/34] Changelog for release 1.2.1 --- CHANGELOG.md | 17 +++++++++++++++-- README.md | 4 ++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8d9b0b..335ace3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,11 +9,24 @@ This projects adheres to [Keep a CHANGELOG](http://keepachangelog.com/) and uses _Nothing yet._ +## [1.2.1] - 2026-02-05 + +### Changed +* The [PHPUnit Polyfills] dependency has been updated to require [version `^1.1.5`](https://github.com/Yoast/PHPUnit-Polyfills/releases/tag/1.1.5) (was `^1.1.0`). PRs [#75], [#101] +* The [BrainMonkey] dependency has been updated to require [version `^2.7.0`](https://github.com/Brain-WP/BrainMonkey/releases/tag/2.7.0) (was `^2.6.1`). PRs [#79], [#102] +* Verified PHP 8.4 and 8.5 compatibility. +* General housekeeping. + +[#75]: https://github.com/Yoast/wp-test-utils/pull/75 +[#79]: https://github.com/Yoast/wp-test-utils/pull/79 +[#101]: https://github.com/Yoast/wp-test-utils/pull/101 +[#102]: https://github.com/Yoast/wp-test-utils/pull/102 + + ## [1.2.0] - 2023-09-27 ### Added - -* Support for the new PHPUnit `assertObjectHasProperty()` and `assertObjectNotHasProperty()` assertions, as polyfilled via the PHPUnit Polyfills in all test cases. PR [#64] +* Support for the new PHPUnit `assertObjectHasProperty()` and `assertObjectNotHasProperty()` assertions, as polyfilled via the [PHPUnit Polyfills] in all test cases. PR [#64] This means that the `assertObjectHasProperty()` and `assertObjectNotHasProperty()` assertions can now safely be used in all tests in classes which extend one of the WP Test Utils TestCases. ### Changed diff --git a/README.md b/README.md index 318b826..bdae241 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,9 @@ Requirements * PHP 5.6 or higher. The following packages will be automatically required via Composer: -* [PHPUnit Polyfills] 1.1.0 or higher. +* [PHPUnit Polyfills] 1.1.5 or higher. * [PHPUnit] 5.7 - 9.x. -* [BrainMonkey] 2.6.1 or higher. +* [BrainMonkey] 2.7.0 or higher. Installation