From a14dcace2d3f4e4bbe8a88519aef4033424f242d Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 07:39:25 +0700 Subject: [PATCH 1/8] Add PHPCS GitHub Actions workflow --- .github/workflows/phpcs.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/phpcs.yml diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml new file mode 100644 index 0000000..00815f6 --- /dev/null +++ b/.github/workflows/phpcs.yml @@ -0,0 +1,21 @@ +name: PHP Coding Standards + +on: pull_request + +jobs: + phpcs: + name: PHP Coding Standards Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.2' + + - name: Install dependencies + run: composer install --no-progress --prefer-dist + + - name: Run PHP_CodeSniffer + run: vendor/bin/phpcs --standard=phpcs.xml --warning-severity=0 From 67e1a4aea254b8e15e77183c5b52c96eacfeb790 Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 07:39:29 +0700 Subject: [PATCH 2/8] Bump to v1.4.1 --- CHANGELOG.md | 5 +++++ readme.txt | 10 +++++++++- warder-cookie-consent.php | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8341c7..099bd06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to Warder Cookie Consent are documented here. +## [1.4.1] - 2026-05-27 + +### Added +- GitHub Actions workflow for PHP Coding Standards (WPCS) to catch i18n and escaping issues on pull requests, using existing `phpcs.xml` configuration with WordPress.WP.I18n rules for the `warder-cookie-consent` text domain + ## [1.4.0] - 2026-05-27 ### Added diff --git a/readme.txt b/readme.txt index dc53aba..557f1c4 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: https://imagewize.com Tags: cookie, consent, gdpr, privacy, compliance Requires at least: 5.0 Tested up to: 7.0 -Stable tag: 1.4.0 +Stable tag: 1.4.1 Requires PHP: 8.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html @@ -72,6 +72,11 @@ Yes. Settings are versioned via a timestamp that is appended to the script URL, == Changelog == += 1.4.1 = +*2026-05-27* + +* Added: GitHub Actions workflow for PHP Coding Standards (WPCS) to catch i18n and escaping issues on pull requests + = 1.4.0 = *2026-05-27* @@ -142,6 +147,9 @@ Yes. Settings are versioned via a timestamp that is appended to the script URL, == Upgrade Notice == += 1.4.1 = +Adds PHP Coding Standards GitHub Actions workflow to enforce i18n and escaping checks on pull requests. + = 1.4.0 = Restores the category/cookie management buttons (add/remove category and cookie) that were not working, with nonce-protected handlers. Adds minimum WordPress/PHP version headers. diff --git a/warder-cookie-consent.php b/warder-cookie-consent.php index 73208eb..58fbc74 100644 --- a/warder-cookie-consent.php +++ b/warder-cookie-consent.php @@ -2,7 +2,7 @@ /** * Plugin Name: Warder Cookie Consent * Description: GDPR-compliant cookie consent banner with category management and floating preferences toggle. - * Version: 1.4.0 + * Version: 1.4.1 * Author: Jasper Frumau * Author URI: https://imagewize.com * Requires at least: 5.0 From 5f1f893f82beadfe62e5996a86d8b79a046e03c5 Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 07:43:35 +0700 Subject: [PATCH 3/8] ci: remove redundant wpcs.yml workflow phpcs.yml already covers WordPress coding standards with proper text domain configuration, making wpcs.yml duplicate work. --- .github/workflows/wpcs.yml | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 .github/workflows/wpcs.yml diff --git a/.github/workflows/wpcs.yml b/.github/workflows/wpcs.yml deleted file mode 100644 index 5b0a472..0000000 --- a/.github/workflows/wpcs.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: WPCS check - -on: pull_request - -jobs: - phpcs: - name: WPCS - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: WPCS check - uses: 10up/wpcs-action@stable - with: - standard: 'WordPress' From 76ecec209e3cb90b43f79ed7f4f272aa8d6c128d Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 08:02:03 +0700 Subject: [PATCH 4/8] ci: rename workflow to wpcs.yml and correct changelog entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename phpcs.yml back to wpcs.yml for clarity — the workflow enforces WordPress Coding Standards, not generic PHPCS. Update CHANGELOG.md and readme.txt to say "Changed/Replaced" instead of "Added", naming the replaced 10up/wpcs-action and the specific sniffs now enforced. Co-Authored-By: Jasper Frumau --- .github/workflows/{phpcs.yml => wpcs.yml} | 4 ++-- CHANGELOG.md | 4 ++-- readme.txt | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) rename .github/workflows/{phpcs.yml => wpcs.yml} (86%) diff --git a/.github/workflows/phpcs.yml b/.github/workflows/wpcs.yml similarity index 86% rename from .github/workflows/phpcs.yml rename to .github/workflows/wpcs.yml index 00815f6..0a89c0f 100644 --- a/.github/workflows/phpcs.yml +++ b/.github/workflows/wpcs.yml @@ -1,10 +1,10 @@ -name: PHP Coding Standards +name: WPCS Check on: pull_request jobs: phpcs: - name: PHP Coding Standards Check + name: WPCS Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/CHANGELOG.md b/CHANGELOG.md index 099bd06..cb49fea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,8 @@ All notable changes to Warder Cookie Consent are documented here. ## [1.4.1] - 2026-05-27 -### Added -- GitHub Actions workflow for PHP Coding Standards (WPCS) to catch i18n and escaping issues on pull requests, using existing `phpcs.xml` configuration with WordPress.WP.I18n rules for the `warder-cookie-consent` text domain +### Changed +- Replaced the `10up/wpcs-action`-based WPCS workflow with a local PHPCS workflow that runs against `phpcs.xml` — enforces `WordPress.WP.I18n` with the `warder-cookie-consent` text domain and `WordPress.Security.EscapeOutput`, catching i18n and escaping issues the old workflow missed ## [1.4.0] - 2026-05-27 diff --git a/readme.txt b/readme.txt index 557f1c4..3d5b7f1 100644 --- a/readme.txt +++ b/readme.txt @@ -75,7 +75,7 @@ Yes. Settings are versioned via a timestamp that is appended to the script URL, = 1.4.1 = *2026-05-27* -* Added: GitHub Actions workflow for PHP Coding Standards (WPCS) to catch i18n and escaping issues on pull requests +* Changed: Replaced the 10up/wpcs-action workflow with a local PHPCS workflow using phpcs.xml, adding enforcement of WordPress.WP.I18n (text domain: warder-cookie-consent) and WordPress.Security.EscapeOutput on pull requests = 1.4.0 = *2026-05-27* @@ -148,7 +148,7 @@ Yes. Settings are versioned via a timestamp that is appended to the script URL, == Upgrade Notice == = 1.4.1 = -Adds PHP Coding Standards GitHub Actions workflow to enforce i18n and escaping checks on pull requests. +Replaces the 10up/wpcs-action CI workflow with local PHPCS, adding strict i18n (text domain) and output escaping checks on pull requests. = 1.4.0 = Restores the category/cookie management buttons (add/remove category and cookie) that were not working, with nonce-protected handlers. Adds minimum WordPress/PHP version headers. From 0caa677e1e5d12fc7703eba47aea3b12ea55a7be Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 08:15:50 +0700 Subject: [PATCH 5/8] ci: rewrite plugin-check workflow with explicit wp-env steps Replace plugin-check-action@v1 with manual wp-env setup to fix silent wp-env start failures and incorrect artifact upload path. --- .github/workflows/plugin-check.yml | 44 +++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/.github/workflows/plugin-check.yml b/.github/workflows/plugin-check.yml index 432bfc9..0c8461c 100644 --- a/.github/workflows/plugin-check.yml +++ b/.github/workflows/plugin-check.yml @@ -9,21 +9,39 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Build clean plugin directory + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Build plugin directory + run: | + mkdir -p plugin-build/warder-cookie-consent + rsync -a --exclude='.git' --exclude-from='.distignore' . plugin-build/warder-cookie-consent/ + + - name: Install wp-env + run: npm install -g @wordpress/env + + - name: Create wp-env config run: | - mkdir -p ${{ github.workspace }}/plugin-build/warder-cookie-consent - rsync -a --exclude='.git' --exclude-from='.distignore' . ${{ github.workspace }}/plugin-build/warder-cookie-consent/ + echo '{ + "core": null, + "plugins": [ + "https://downloads.wordpress.org/plugin/plugin-check.zip", + "./plugin-build/warder-cookie-consent" + ] + }' > .wp-env.json + + - name: Start wp-env + run: wp-env start + timeout-minutes: 5 - name: Run Plugin Check - uses: WordPress/plugin-check-action@v1 - with: - build-dir: '${{ github.workspace }}/plugin-build/warder-cookie-consent' - checks: '' - exclude-checks: 'EnqueuedScriptsScope' + run: | + wp-env run cli wp plugin check warder-cookie-consent \ + --exclude-checks=EnqueuedScriptsScope \ + --format=table - - name: Upload Plugin Check Results - uses: actions/upload-artifact@v4 + - name: Stop wp-env if: always() - with: - name: plugin-check-results - path: ${{ github.workspace }}/plugin-build/warder-cookie-consent/plugin-check-results.txt + run: wp-env stop From 93997461bca52f8e1349829623926c88ca1e44f2 Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 08:39:23 +0700 Subject: [PATCH 6/8] ci: upload plugin-check results as a downloadable artifact Add tee to capture wp plugin check output and upload it via actions/upload-artifact@v4 so results are available from the workflow summary after each run. --- .github/workflows/plugin-check.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/plugin-check.yml b/.github/workflows/plugin-check.yml index 0c8461c..0fc71de 100644 --- a/.github/workflows/plugin-check.yml +++ b/.github/workflows/plugin-check.yml @@ -40,7 +40,15 @@ jobs: run: | wp-env run cli wp plugin check warder-cookie-consent \ --exclude-checks=EnqueuedScriptsScope \ - --format=table + --format=table \ + | tee plugin-check-results.txt + + - name: Upload Plugin Check results + if: always() + uses: actions/upload-artifact@v4 + with: + name: plugin-check-results + path: plugin-check-results.txt - name: Stop wp-env if: always() From 4f5cdf0603bd2a9e6f4669a9000b492b5336af7f Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 08:47:34 +0700 Subject: [PATCH 7/8] ci: add list-checks step to plugin-check workflow Show all available Plugin Check checks in the log before running so it is clear what was evaluated on each run. --- .github/workflows/plugin-check.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/plugin-check.yml b/.github/workflows/plugin-check.yml index 0fc71de..6ac6b98 100644 --- a/.github/workflows/plugin-check.yml +++ b/.github/workflows/plugin-check.yml @@ -36,6 +36,9 @@ jobs: run: wp-env start timeout-minutes: 5 + - name: List available checks + run: wp-env run cli wp plugin check --list-checks + - name: Run Plugin Check run: | wp-env run cli wp plugin check warder-cookie-consent \ From 3c39a9b05593e3c062c99d5a98c9cb1e3fe877f0 Mon Sep 17 00:00:00 2001 From: Jasper Frumau Date: Wed, 27 May 2026 08:50:27 +0700 Subject: [PATCH 8/8] ci: remove invalid --list-checks step from plugin-check workflow wp plugin check does not support a --list-checks flag; remove the step that was causing the workflow to fail with exit code 1. --- .github/workflows/plugin-check.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/plugin-check.yml b/.github/workflows/plugin-check.yml index 6ac6b98..0fc71de 100644 --- a/.github/workflows/plugin-check.yml +++ b/.github/workflows/plugin-check.yml @@ -36,9 +36,6 @@ jobs: run: wp-env start timeout-minutes: 5 - - name: List available checks - run: wp-env run cli wp plugin check --list-checks - - name: Run Plugin Check run: | wp-env run cli wp plugin check warder-cookie-consent \