CI/CD Pipelines

Automated Workflows

Our development lifecycle is supported by GitHub Actions to maintain the integrity of our WordPress contributions. These pipelines automate code quality checks, security auditing, and deployment to target environments, ensuring that every contribution meets the required standards before merging.

Pipeline Stages

The CI/CD suite consists of the following primary jobs:

1. PHP Linting & Coding Standards: Validates that all code adheres to the official WordPress Coding Standards (WPCS). It uses PHP_CodeSniffer to ensure consistency across the codebase.
2. Unit & Integration Testing: Executes the test suite using PHPUnit. This stage sets up a temporary WordPress environment to verify that new contributions do not break core functionality or existing features.
3. Security Analysis: Scans the codebase for common vulnerabilities and the use of deprecated WordPress functions using specialized static analysis tools.
4. Deployment: Automates the distribution of updates to staging servers or, where applicable, handles the SVN assets for the WordPress.org Plugin Repository.

Triggers

The pipelines are configured to run automatically under the following conditions:

• Pull Requests: Triggered on all PRs targeting the main or develop branches to provide immediate feedback to contributors.
• Push to Main: Runs the full suite, including automated deployment to the staging environment.
• Version Tagging: Pushing a version tag (e.g., v1.2.0) triggers the production release workflow, which packages the contribution for end-users.

Environment Configuration

To utilize the deployment and notification features of the pipeline in a forked environment, the following GitHub Secrets must be configured:

| Secret Name | Purpose | | :--- | :--- | | WP_ORG_USERNAME | Your WordPress.org SVN username for plugin directory updates. | | WP_ORG_PASSWORD | Your WordPress.org SVN password. | | STAGING_FTP_SERVER | The host address for the staging environment deployment. | | STAGING_FTP_USER | Deployment user credentials for the staging server. |

Running Validations Locally

Before pushing your code, it is recommended to run the primary validation scripts locally to ensure they will pass the CI pipeline.

# Verify coding standards (Linting)
composer run lint

# Fix automatic linting errors
composer run format

# Execute the local test suite
composer run test

Monitoring Status

You can monitor the status of the pipelines directly within GitHub:

• Status Badges: Found at the top of the README, showing the current health of the main branch.
• Actions Tab: Navigate to the "Actions" tab in the repository to view detailed logs for every workflow run, which is useful for debugging failed builds or failed test assertions.