Goal
Establish a maintained tooling baseline for Perform so local development, CI, release packaging, and regression checks are stable and reproducible.
This is broader than #53. Issue #53 should continue to own the immediate lint/static-analysis failures on the current release branch; this issue owns the durable tooling upgrade track.
Current gaps
composer test is configured, but phpunit/phpunit is not declared in require-dev, so the test command cannot run.composer lint calls ./vendor/php-parallel-lint/php-parallel-lint/parallel-lint, but php-parallel-lint/php-parallel-lint is not declared directly in require-dev.- PHPStan exists, but
phpstan.neon.dist scans the repo root, enters dependency/build folders, and lacks a WordPress/plugin bootstrap for constants and runtime functions.
- JavaScript tooling has no committed Node runtime policy (
engines, .nvmrc, .node-version, or equivalent), while workflows still include older setup-node/release action patterns.
- There is no Playwright or equivalent browser smoke suite for the admin app, Asset Manager, settings save flow, page-cache headers, or release-package sanity checks.
Node version policy
Use the latest stable Active LTS line for project tooling, not an odd or Current line unless there is a specific compatibility reason.
As of May 15, 2026, the official Node.js release schedule lists:
- Node.js 24.x
Krypton as Active LTS, EOL April 30, 2028.
- Node.js 26.x as
Current, with LTS scheduled later.
- Node.js 20.x as EOL on April 30, 2026.
Source: https://github.com/nodejs/Release#release-schedule
Proposed scope
- Add an explicit Node runtime policy:
- Add
engines.node and one local version file (.nvmrc or .node-version).
- Move GitHub Actions to the selected Active LTS line, currently Node 24.x.
- Replace legacy release workflow action versions and remove
sudo npm run build.
- Make PHPUnit real:
- Add compatible PHPUnit dev dependencies.
- Keep
composer test working locally and in CI.
- Add/adjust bootstrap coverage for lightweight unit tests and WordPress test-suite compatibility where needed.
- Consider
yoast/phpunit-polyfills if the PHP/PHPUnit matrix spans multiple major versions.
- Stabilize PHPStan:
- Fix
phpstan.neon.dist paths/excludes so analysis targets plugin code only.
- Add a bootstrap/stub layer for plugin constants, WordPress functions, and optional WooCommerce symbols.
- Decide whether a baseline is temporary, committed, and tracked down over time.
- Add browser/E2E smoke coverage with Playwright:
- Install
@playwright/test and wire scripts such as test:e2e / test:e2e:ci.
- Define the WordPress test environment strategy, likely
@wordpress/env or an equivalent CI service setup.
- Cover plugin activation, settings page load/save, sensitive-field masking, Asset Manager entry point, and page-cache header behavior.
- Tighten JavaScript and build validation:
- Scope ESLint/stylelint to source paths instead of relying on repo-root scans.
- Add
npm ci, npm run lint:js, npm run lint:css, npm run build, and package/zip validation to CI.
- Add dependency and workflow hygiene:
- Keep
composer.lock and package-lock.json aligned with supported tool versions.
- Add or update Dependabot/Renovate config for Composer, npm, and GitHub Actions.
- Document the canonical local validation commands in
README.md, CONTRIBUTING.md, or AGENTS.md.
Acceptance criteria
- A clean checkout can run the documented local validation commands without missing-tool failures.
- CI runs Composer validation, PHP lint, PHPCS/WPCS, PHPStan, PHPUnit, JS/CSS linting, production build, and Playwright smoke tests.
- GitHub Actions use maintained action versions and the selected Active LTS Node line.
- The selected PHP/Node/npm/Composer matrix is documented and does not rely on EOL runtimes.
- Tooling upgrades do not rename or migrate Perform runtime option/meta contracts.
Goal
Establish a maintained tooling baseline for Perform so local development, CI, release packaging, and regression checks are stable and reproducible.
This is broader than #53. Issue #53 should continue to own the immediate lint/static-analysis failures on the current release branch; this issue owns the durable tooling upgrade track.
Current gaps
composer testis configured, butphpunit/phpunitis not declared inrequire-dev, so the test command cannot run.composer lintcalls./vendor/php-parallel-lint/php-parallel-lint/parallel-lint, butphp-parallel-lint/php-parallel-lintis not declared directly inrequire-dev.phpstan.neon.distscans the repo root, enters dependency/build folders, and lacks a WordPress/plugin bootstrap for constants and runtime functions.engines,.nvmrc,.node-version, or equivalent), while workflows still include older setup-node/release action patterns.Node version policy
Use the latest stable Active LTS line for project tooling, not an odd or
Currentline unless there is a specific compatibility reason.As of May 15, 2026, the official Node.js release schedule lists:
KryptonasActive LTS, EOL April 30, 2028.Current, with LTS scheduled later.Source: https://github.com/nodejs/Release#release-schedule
Proposed scope
engines.nodeand one local version file (.nvmrcor.node-version).sudo npm run build.composer testworking locally and in CI.yoast/phpunit-polyfillsif the PHP/PHPUnit matrix spans multiple major versions.phpstan.neon.distpaths/excludes so analysis targets plugin code only.@playwright/testand wire scripts such astest:e2e/test:e2e:ci.@wordpress/envor an equivalent CI service setup.npm ci,npm run lint:js,npm run lint:css,npm run build, and package/zip validation to CI.composer.lockandpackage-lock.jsonaligned with supported tool versions.README.md,CONTRIBUTING.md, orAGENTS.md.Acceptance criteria