Skip to content

feat(playground): add main-build Playground demo alongside release demo#66

Merged
dknauss merged 7 commits into
mainfrom
feat/playground-main-build-badge
Jul 3, 2026
Merged

feat(playground): add main-build Playground demo alongside release demo#66
dknauss merged 7 commits into
mainfrom
feat/playground-main-build-badge

Conversation

@dknauss

@dknauss dknauss commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

Adds a second WordPress Playground demo that boots the current main branch, alongside the existing released-version demo — plus a scheduled monitor that keeps the demo links honest.

Main-build demo (commit a5cf17d)

  • playground/blueprint-main.json (new) — installs the rolling main-preview pre-release ZIP via the Playground CORS proxy. Live browser Playground can't use git:directory (git:directory installs fail in browser Playground with "createHash is not a function" (isomorphic-git Node variant reaching browser bundle after #3841) WordPress/wordpress-playground#3875), and Borges is a webpack-built block plugin whose build/ is gitignored — so a source archive won't work either. A CI-built release asset is how main HEAD boots. Mirrors the release blueprint's kitchen-sink + features.intl + networking requirements for the CSL formatter.
  • .github/workflows/ci.yml — the package-release job now refreshes a rolling main-preview pre-release on every push to main (gated to refs/heads/main; PRs unaffected). Adds minimal contents: write permission.
  • README.md — adds a "Main build" Playground badge; relabels the existing badge "Release".
  • src/blueprint.test.js — asserts the exact CORS-proxied main-preview URL contract.

Demo Link Monitor (commit d2fb51c)

  • scripts/check-demo-links.sh + .github/workflows/demo-links.yml — weekly (+ manual) check that every blueprint's install URL stays reachable, and a hard fail if any blueprint reintroduces the browser-broken git:directory resource. Schedule/dispatch only (not on PRs; structural contract already covered by src/blueprint.test.js). Also exposed as npm run test:demo-links.

Docs

  • CHANGELOG.md, CLAUDE.md — document both blueprints and the new monitor workflow.

Testing

  • npm test — 670 passed (2 skipped), 41 suites
  • npm run lint:js — clean
  • npm run build — successful
  • Blueprint JSON validated; action-gh-release@v3 inputs verified
  • npm run test:demo-links — release link reachable; main-preview link correctly reported dead until this merges and CI publishes the rolling asset

Note

The main-build demo badge goes live once this merges and the first post-merge CI run publishes the main-preview asset.

🤖 Generated with Claude Code

Add a second WordPress Playground badge/link that boots the current main
branch. CI's package-release job now publishes the freshly built plugin
ZIP to a rolling `main-preview` pre-release on every push to main, giving
live Playground a stable, CORS-reachable URL for main HEAD (git:directory
is unavailable in the live runtime). The existing badge is relabeled
"Release" and continues to install the latest tagged release ZIP.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.80%. Comparing base (a1141c1) to head (9f3cbbd).

Additional details and impacted files
@@           Coverage Diff           @@
##             main      #66   +/-   ##
=======================================
  Coverage   80.80%   80.80%           
=======================================
  Files          44       44           
  Lines        3084     3084           
  Branches      523      523           
=======================================
  Hits         2492     2492           
  Misses        185      185           
  Partials      407      407           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a5cf17ded9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/ci.yml Outdated
dknauss and others added 3 commits July 2, 2026 18:15
… URLs

Add scripts/check-demo-links.sh and demo-links.yml (weekly + manual) that
verify each Playground demo blueprint's install URL stays reachable and
hard-fail if a blueprint reintroduces the hosted-browser-broken
`git:directory` resource (WordPress/wordpress-playground#3875). Not run on
PRs — the structural blueprint contract is already covered by
src/blueprint.test.js. Also exposed as `npm run test:demo-links`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Address three P2 findings on PR #66's main-preview publish step:

- Move publishing out of `package-release` into an isolated
  `publish-main-preview` job so the `contents: write` token is never
  present during checkout/build/package and never on pull_request or
  codex/** runs (package-release is now read-only).
- Gate publishing behind the full required CI suite
  (needs: quality, phpunit, playwright-playground, psalm, package-release)
  so the Main-build badge can't install a build from a run that later fails.
- Add a `concurrency` guard (cancel-in-progress) so a slower older run
  can't overwrite `main-preview` with a stale ZIP; the newest run wins.

The publish job reuses the artifact package-release already validated
instead of rebuilding, and the resulting main-preview asset URL is
unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dknauss

dknauss commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

Thanks @codex — all three P2 findings are addressed in 17b5f18 by isolating publishing into its own job:

  1. Write token over-scopedpackage-release is now read-only (inherits top-level contents: read). The contents: write token lives only on the new publish-main-preview job, which never runs on pull_request / codex/** and does no build/package before the guarded publish.
  2. Publish before all gates passpublish-main-preview now needs: [quality, phpunit, playwright-playground, psalm, package-release] — the full required suite — so main-preview only updates after every gate is green.
  3. Stale-overwrite race — added job-level concurrency: { group: main-preview-publish, cancel-in-progress: true }, so a slower older run can't clobber a newer one; the newest push wins. The job also reuses the exact artifact the gates validated instead of rebuilding.

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 17b5f1839b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/ci.yml Outdated
Comment thread scripts/check-demo-links.sh Outdated
Comment thread README.md Outdated
- Replace job-level concurrency with a branch-tip check: the publish step
  runs only if this commit is still `main`'s tip, so a superseded older run
  skips instead of overwriting `main-preview` with a stale ZIP. Correct
  regardless of job-scheduling order (job concurrency could cancel the
  newer run).
- Demo Link Monitor now probes the full CORS-proxy install URL the Blueprint
  uses, not just the underlying GitHub asset, so a proxy outage that breaks
  the live demo is caught.
- Repoint the README Blueprint-maintenance note at `publish-main-preview`
  (the job that now refreshes the pre-release), not `package-release`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dknauss

dknauss commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

Round 2 addressed in 343a63d.

Fixed in code:

  • Stale-overwrite / concurrency (ci.yml :249/:266) — good catch that job-level concurrency is ordered by job start and can even cancel the newer run. Removed it and added a branch-tip check: the publish step runs only if ${{ github.sha }} still equals main's HEAD at execution time, so any superseded run skips instead of overwriting main-preview. Correct regardless of job-scheduling order.
  • Probe the real URL (check-demo-links.sh :44) — now probes the full CORS-proxy install URL the Blueprint actually uses, not the stripped GitHub asset, so a proxy outage that breaks the live demo is caught.
  • Maintenance docs (README.md :278) — repointed to publish-main-preview (the job that refreshes the pre-release); clarified package-release only builds/uploads.

Already addressed in 17b5f18 (these two threads re-surfaced from round 1):

  • Write token (ci.yml :200)package-release is already read-only (inherits top-level contents: read). The contents: write token lives only on the separate publish-main-preview job, which does no checkout/build/package (just download-artifact + action-gh-release). So no write-capable credentials on pull_request / codex/** runs.
  • Publish after all gates (ci.yml :259)publish-main-preview already needs: [quality, phpunit, playwright-playground, psalm, package-release] — the full required suite.

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 343a63d09e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread CLAUDE.md Outdated
Comment thread scripts/check-demo-links.sh Outdated
Comment thread .github/workflows/ci.yml Outdated
…docs)

- Collapse the main-preview publish into a single tip-checked `gh release`
  step so the branch-tip re-check happens immediately before writing the
  shared asset (minimal TOCTOU window); drop the softprops action.
- Demo Link Monitor: add a `jq` preflight and fail on unparseable
  blueprints instead of silently treating them as "no URLs to check".
- Repoint the CLAUDE.md Playground note at `publish-main-preview`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dknauss

dknauss commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

Round 3 addressed in e03fc92.

  • TOCTOU (ci.yml) — collapsed the tip re-check and the asset write into a single step: it re-checks ${{ github.sha }} against main's HEAD immediately before gh release create / gh release upload --clobber, and exit 0s if superseded. Minimal check-to-write window, and it drops the third-party softprops/action-gh-release dependency.
  • jq robustness (check-demo-links.sh) — added a command -v jq preflight, and the per-blueprint read now fails (fail=1) on unparseable JSON instead of || true swallowing it.
  • Stale docs (CLAUDE.md) — repointed the second package-release refresh claim to publish-main-preview.

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e03fc92586

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/ci.yml
Comment thread README.md
- The publish-main-preview job has no checkout, so `gh release` commands
  had no repository to infer; set GH_REPO so `gh release`/`gh api` resolve
  the repo without a workspace git remote (would have failed at runtime).
- Update SPEC.md (the authoritative Blueprint spec per AGENTS.md) to the
  three-Blueprint contract, adding playground/blueprint-main.json.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dknauss

dknauss commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

Round 3 findings addressed in 9f3cbbd — and thanks, the P1 was a genuine runtime bug:

  • gh repo context (ci.yml P1) — the publish-main-preview job has no checkout, so gh release couldn't infer the repo. Set GH_REPO: ${{ github.repository }} on the step, so gh release view/create/upload (and gh api) resolve the repository without a workspace git remote. Would have failed the publish at runtime — good catch.
  • Authoritative spec (SPEC.md P2) — updated the Playground section to the three-Blueprint contract (added playground/blueprint-main.json / main-preview / publish-main-preview, plus the git:directory-unavailable rationale), so SPEC.md matches the README/CLAUDE.md.

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Swish!

Reviewed commit: 9f3cbbdccd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@dknauss dknauss merged commit 49f623b into main Jul 3, 2026
16 checks passed
@dknauss dknauss deleted the feat/playground-main-build-badge branch July 3, 2026 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant