Skip to content

Use plugin-check GitHub workflow in favor of brittle plugin-check PHPCS checks #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
felixarntz wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

Use plugin-check GitHub workflow in favor of brittle plugin-check PHPCS checks #139

felixarntz wants to merge 9 commits into from
+145 −317

Conversation

@felixarntz
Copy link
Member

@felixarntz felixarntz commented Dec 6, 2025
edited by github-actions bot
Loading

Fixes #138.

Relevant technical choices

  • The problem in Composer dependency setup is broken #138 is caused due to some issues with the brittle plugin-check plugin inclusion just to use its PHPCS rules. That approach leads to problems because of including a plugin that itself depends on other PHPCS foundational pieces, without being able to declare that (since it's a plugin served from wpackagist, so it can't express its own dependencies properly).
  • The PR replaces the setup with a proper plugin-check.yml GitHub workflow that uses wordpress/plugin-check-action to run the full Plugin Check scanner. In addition to fixing the issue, it is more comprehensive.

Test using WordPress Playground

The changes in this pull request can be previewed and tested using this WordPress Playground instance:

Click here to test this pull request.

@felixarntz felixarntz marked this pull request as ready for review December 6, 2025 01:43
@github-actions
Copy link

github-actions bot commented Dec 6, 2025
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: felixarntz <flixos90@git.wordpress.org>
Co-authored-by: JasonTheAdams <jason_the_adams@git.wordpress.org>
Co-authored-by: justlevine <justlevine@git.wordpress.org>
Co-authored-by: dkotter <dkotter@git.wordpress.org>
Co-authored-by: westonruter <westonruter@git.wordpress.org>
Co-authored-by: jeffpaul <jeffpaul@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@felixarntz felixarntz added the [Type] Bug Something isn't working label Dec 6, 2025
@felixarntz felixarntz mentioned this pull request Dec 8, 2025
Open
6 tasks
JasonTheAdams
JasonTheAdams reviewed Dec 8, 2025
View reviewed changes
@justlevine
Copy link
Contributor

justlevine commented Dec 11, 2025

@felixarntz I originally took this pattern from wordpress/performance (where it looks like @westonruter is currently battling the same issue in WordPress/performance#2257 ).

What (if any) are the practical implications of this change to detection? Should this be the defacto pattern for the Performance plugin too, all canonical plugins, or at least our other core-ai repos?

justlevine
justlevine reviewed Dec 11, 2025
View reviewed changes
composer.json
"require-dev": {
"automattic/vipwpcs": "^3.0",
"dealerdirect/phpcodesniffer-composer-installer": "^1.0.0",
"phpcompatibility/php-compatibility": "10.x-dev as 9.99.99",
Copy link
Contributor

@justlevine justlevine Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd assume we'd just be changing this to "^10.0.0-alpha," why remove it entirely?

Copy link
Collaborator

@dkotter dkotter Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note there's some discussion about this on #138 but I agree. I wouldn't remove this entirely. I had recommended aliasing on #138 but I think we can also change this to phpcompatibility/php-compatibility:10.0.0-alpha2 as 9.99.99 to fix the problem

Copy link
Contributor

@justlevine justlevine Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAIK we don't even need the aliasing anymore:

This works just fine for me:

		"phpcompatibility/php-compatibility": "^10.0.0-alpha",
		"phpcompatibility/phpcompatibility-wp": "^3.0.0-alpha",

Copy link
Member Author

@felixarntz felixarntz Dec 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, I don't think we should do the aliasing, that feels quite hacky. We need to ensure our dependencies are compatible.

Copy link
Collaborator

@dkotter dkotter Dec 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This approach is fine by me as well, though noting it's not much different than the aliasing approach we have now (still ends up pulling in dev releases). I think the important piece here that we don't have now is the "phpcompatibility/phpcompatibility-wp": "^3.0.0-alpha", as without that I think the automattic/vipwpcs package will complain

Copy link
Member Author

@felixarntz felixarntz Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I addressed this in 0e3d827: We should only need to include "phpcompatibility/phpcompatibility-wp" because we don't use "phpcompatibility/php-compatibility" anywhere explicitly, in other words, it's an indirect dependency - no need to specify it.

By requiring "phpcompatibility/phpcompatibility-wp": "^3.0.0-alpha", "phpcompatibility/php-compatibility": "^10.0.0-alpha" will be installed anyway.

justlevine
justlevine reviewed Dec 11, 2025
View reviewed changes
justlevine
justlevine reviewed Dec 11, 2025
View reviewed changes
dkotter
dkotter reviewed Dec 11, 2025
View reviewed changes
@westonruter westonruter mentioned this pull request Dec 11, 2025
Open
@westonruter
Copy link
Member

westonruter commented Dec 11, 2025

I originally took this pattern from wordpress/performance (where it looks like @westonruter is currently battling the same issue in WordPress/performance#2257 ).

Indeed! I was also thinking of switching to using the PCP action. Nevertheless, I've also opened WordPress/plugin-check#966 so that hopefully the sniffs from PCP can be more elegantly added to existing PHPCS rulesets without the redundancy of running PCP.

@felixarntz
Copy link
Member Author

felixarntz commented Dec 11, 2025

@justlevine

What (if any) are the practical implications of this change to detection? Should this be the defacto pattern for the Performance plugin too, all canonical plugins, or at least our other core-ai repos?

I'm not sure I understand your question, can you elaborate? "change to detection" of what?

There are two reasons I opened this PR:

  • Replace brittle usage of Plugin Check PHPCS rules with actually running Plugin Check end to end.
  • By doing that, address the current problem where a fresh composer install won't work.

@justlevine
Copy link
Contributor

justlevine commented Dec 11, 2025

@justlevine

What (if any) are the practical implications of this change to detection?

I'm not sure I understand your question, can you elaborate? "change to detection" of what?

Sorry, yeah that was horrible phrasing.
I'm asking if the workflow detects the same/same+more/more+different/fewer smells as the internal rulesets we're removing.

(Depending on the answer, we might want to e.g. pin ~1.6.0 temporarily and fix the brittleness directly so we can still get the existing sniff coverage and be able to run it locally, and/or add PCP to our wp-env with the matching package.json WPCLI command, and/or prioritize backporting GH workflow to other repos, etc)

@felixarntz
Copy link
Member Author

felixarntz commented Dec 11, 2025

@justlevine

Sorry, yeah that was horrible phrasing. I'm asking if the workflow detects the same/same+more/more+different/fewer smells as the internal rulesets we're removing.

I answered something like that in #138 (comment): The PHPCS sniffs from Plugin Check are only a subset of what Plugin Check checks.

(Depending on the answer, we might want to e.g. pin ~1.6.0 temporarily and fix the brittleness directly so we can still get the existing sniff coverage and be able to run it locally, and/or add PCP to our wp-env with the matching package.json WPCLI command, and/or prioritize backporting GH workflow to other repos, etc)

I think including sniffs from Plugin Check is always going to be problematic because it's a plugin, not a proper package with composer.json etc, particularly not when you include it via wpackagist. Setting up PCP in wp-env may be a worthwhile effort, but I think that could be explored separately. It's most important to check this in CI, so unless any of us has previous experience in setting up PCP alongside the main plugin in wp-env for easy local usage, I'd suggest we make this a separate issue/PR to not block this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JasonTheAdams JasonTheAdams Awaiting requested review from JasonTheAdams

@justlevine justlevine Awaiting requested review from justlevine

@dkotter dkotter Awaiting requested review from dkotter

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

[Type] Bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Composer dependency setup is broken

6 participants

@felixarntz @justlevine @westonruter @dkotter @JasonTheAdams