Merge pull request #428 from wpengine/chore/ci-cd-audit-and-simplification

chore(ci): audit and simplify CI/CD workflows

Author: josephfusco

.github/actions/setup-wordpress/action.yml

@@ -2,6 +2,10 @@ name: Set up WordPress
 description: Sets up WordPress. Assumes mariadb is available as a service.
 
 inputs:
+  php-version:
+    description: 'PHP version to use'
+    required: false
+    default: '8.2'
   wp-version:
     description: 'WordPress version to install'
     required: false
@@ -13,15 +17,27 @@ runs:
     - name: Setup PHP w/ Composer & WP-CLI
       uses: shivammathur/setup-php@v2
       with:
-        php-version: 8.0
+        php-version: ${{ inputs.php-version }}
         extensions: mbstring, intl, bcmath, exif, gd, mysqli, opcache, zip, pdo_mysql
         coverage: none
         tools: composer:v2, wp-cli
 
     - name: Setup Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: 18.x
+        node-version-file: '.nvmrc'
+
+    - name: Get Composer cache directory
+      id: composer-cache
+      shell: bash
+      run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+    - name: Cache Composer dependencies
+      uses: actions/cache@v4
+      with:
+        path: ${{ steps.composer-cache.outputs.dir }}
+        key: ${{ runner.os }}-composer-no-dev-${{ hashFiles('**/composer.lock') }}
+        restore-keys: ${{ runner.os }}-composer-no-dev-
 
     - name: Install dependencies
       shell: bash

.github/workflows/phpstan.yml

@@ -5,6 +5,10 @@ on:
     paths-ignore:
       - '**/*.md'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   phpstan:
     runs-on: ubuntu-22.04
@@ -17,6 +21,17 @@ jobs:
         with:
           php-version: '8.2'
 
+      - name: Get Composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache Composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
       - name: Install Dependencies
         run: composer install
 

.github/workflows/release.yml

@@ -28,10 +28,11 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v4
 
-      - name: Setup Node.js 18.x
+      - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version-file: '.nvmrc'
+          cache: 'npm'
 
       - name: Install Dependencies
         run: npm ci

.github/workflows/schema-linter.yml

@@ -10,11 +10,15 @@ on:
       - develop
       - main
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   run:
     runs-on: ubuntu-22.04
     name: Lint WPGraphQL Schema
-    if: contains(github.event.pull_request.labels.*.name, 'safe to test ✔') || github.repository == github.event.repository.full_name || github.event_name == 'push'
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
 
     services:
       mariadb:
@@ -27,10 +31,6 @@ jobs:
         options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
 
     steps:
-      - name: Cancel previous runs of this workflow (pull requests only)
-        if: ${{ github.event_name == 'pull_request_target' }}
-        uses: styfle/cancel-workflow-action@0.11.0
-
       - name: Checkout
         uses: actions/checkout@v4
         with:

.github/workflows/sonar.yml

@@ -1,66 +1,38 @@
 on:
-  # Trigger analysis when pushing to main or pull requests, and when creating a pull request.
   push:
     branches:
       - main
   pull_request:
     types: [opened, synchronize, reopened]
 
 name: SonarQube Analysis
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   sonarqube:
+    # Only run for pushes or same-repo PRs (fork PRs can't access secrets)
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-22.04
     steps:
-      - name: Check if PR author is an org member
-        id: check-member
-        uses: actions/github-script@v6.3.0  # Updated version to support Node 20
-        with:
-          script: |
-            const org = 'wpengine'; 
-            const username = context.payload.pull_request.user.login;
-
-            try {
-              const { data: membership } = await github.rest.orgs.getMembershipForUser({
-                org,
-                username,
-              });
-              console.log({ username, membership });
-              return { isMember: membership.state === 'active' };
-            } catch (error) {
-              console.log(`Error checking membership: ${error}`);
-              return { isMember: false }; // Treat as not a member if any error occurs
-            }
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      # Set an output for the job based on the result of the membership check
-      - name: Set output for isMember
-        run: echo "isMember=${{ steps.check-member.outputs.isMember }}" >> $GITHUB_ENV
-
-      - name: Skip if not an org member
-        if: env.isMember == 'false'
-        run: echo "Skipping workflow because PR author is not an org member" && exit 0
-
       - uses: actions/checkout@v4
         with:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
 
       - name: SonarQube Scan
-        uses: sonarsource/sonarqube-scan-action@master
+        uses: sonarsource/sonarqube-scan-action@v4
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
 
       - name: SonarQube Quality Gate check
-        uses: sonarsource/sonarqube-quality-gate-action@master
-        # Force to fail step after specific time
+        uses: sonarsource/sonarqube-quality-gate-action@v1
         timeout-minutes: 5
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
         with:
           scanMetadataReportFile: .scannerwork/report-task.txt
-
-      - name: "Display Quality gate result"
-        run: echo "Front Quality Gate status ${{ toJSON(steps.sonarqube-result-front) }}"

.github/workflows/test-plugin-nightly.yml

@@ -6,15 +6,24 @@ on:
     paths-ignore:
       - '**/*.md'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   test_plugin:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
         php: [ '8.3', '8.1' ]
         wordpress: [ '6.9', '6.8', '6.7', '6.6' ]
+        wp-nightly: [ false ]
+        include:
+          - php: '8.2'
+            wordpress: '6.9'
+            wp-nightly: true
       fail-fast: false
-    name: WordPress ${{ matrix.wordpress }}, PHP ${{ matrix.php }}
+    name: WordPress ${{ matrix.wp-nightly && 'Nightly' || matrix.wordpress }}, PHP ${{ matrix.php }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -23,6 +32,8 @@ jobs:
         env:
           PHP_VERSION: ${{ matrix.php }}
           WP_VERSION: ${{ matrix.wordpress }}
+          DOCKER_BUILDKIT: 1
+          COMPOSE_DOCKER_CLI_BUILD: 1
         working-directory: ./
         run: |
           docker compose build \
@@ -40,6 +51,12 @@ jobs:
         working-directory: ./
         run: docker exec -e COVERAGE=1 $(docker compose ps -q wordpress) init-testing-environment.sh
 
+      - name: Upgrade to WordPress nightly
+        if: matrix.wp-nightly
+        run: |
+          docker exec --workdir=/var/www/html/wp-content/plugins/wp-graphql-content-blocks \
+            $(docker compose ps -q wordpress) wp core upgrade --version=nightly --force --allow-root
+
       - name: Install and activate WP GraphQL
         working-directory: ./
         run: docker exec --workdir=/var/www/html/wp-content/plugins/wp-graphql-content-blocks $(docker compose ps -q wordpress) wp plugin install wp-graphql --activate --allow-root

.github/workflows/test-plugin.yml

@@ -3,6 +3,10 @@ name: WordPress Coding Standards
 on:
   pull_request:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   wpcs:
     runs-on: ubuntu-22.04
@@ -15,6 +19,17 @@ jobs:
         with:
           php-version: '8.1'
 
+      - name: Get Composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache Composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
       - name: Install Dependencies
         run: composer install
 

.github/workflows/wpcs.yml

@@ -0,0 +1 @@
+18

.nvmrc

@@ -39,7 +39,7 @@ case "$subcommand" in
             esac
         done
         docker build $BUILD_NO_CACHE \
-                    -t faustwp:${TAG}-wp-${WP_VERSION} \
+                    -t wp-graphql-content-blocks:${TAG}-wp-${WP_VERSION} \
                     --build-arg WP_VERSION=${WP_VERSION} \
                     ./.docker;
         ;;