|
| 1 | +name: WordPress Plugin Check |
| 2 | + |
| 3 | +on: |
| 4 | + pull_request: |
| 5 | + types: [opened, synchronize, reopened] |
| 6 | + |
| 7 | +concurrency: |
| 8 | + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} |
| 9 | + cancel-in-progress: true |
| 10 | + |
| 11 | +jobs: |
| 12 | + plugin-check: |
| 13 | + name: WordPress.org Guidelines Check |
| 14 | + runs-on: ubuntu-latest |
| 15 | + steps: |
| 16 | + - uses: actions/checkout@v4 |
| 17 | + |
| 18 | + - name: Install Composer dependencies |
| 19 | + run: composer install --no-dev --optimize-autoloader |
| 20 | + |
| 21 | + - uses: wordpress/plugin-check-action@v1 |
| 22 | + id: plugin-check |
| 23 | + with: |
| 24 | + categories: plugin_repo,security,performance,general |
| 25 | + exclude-directories: | |
| 26 | + tests |
| 27 | + bin |
| 28 | + .github |
| 29 | + ignore-codes: | |
| 30 | + WordPress.WP.I18n.TextDomainMismatch |
| 31 | + textdomain_mismatch |
| 32 | + hidden_files |
| 33 | + WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound |
| 34 | + WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound |
| 35 | + WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound |
| 36 | + WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound |
| 37 | + WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound |
| 38 | + WordPress.PHP.DevelopmentFunctions.error_log_trigger_error |
| 39 | + WordPress.WP.EnqueuedResourceParameters.MissingVersion |
| 40 | + include-experimental: true |
| 41 | + repo-token: '' |
| 42 | + |
| 43 | + - name: Plugin Check Summary |
| 44 | + if: always() |
| 45 | + env: |
| 46 | + RESULTS_FILE: ${{ runner.temp }}/plugin-check-results.txt |
| 47 | + run: | |
| 48 | + echo "## WordPress Plugin Check Results" >> $GITHUB_STEP_SUMMARY |
| 49 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 50 | +
|
| 51 | + if [ ! -s "$RESULTS_FILE" ]; then |
| 52 | + echo "No results file found or file is empty." >> $GITHUB_STEP_SUMMARY |
| 53 | + echo "Check the action logs for details." >> $GITHUB_STEP_SUMMARY |
| 54 | + exit 0 |
| 55 | + fi |
| 56 | +
|
| 57 | + PARSED=$(RESULTS_FILE="$RESULTS_FILE" python3 << 'PYEOF' |
| 58 | + import json, os, re |
| 59 | +
|
| 60 | + results_path = os.environ["RESULTS_FILE"] |
| 61 | +
|
| 62 | + high_risk_codes = [ |
| 63 | + "plugin_updater", "code_obfuscation", "no_unfiltered_uploads", |
| 64 | + "trademarked_term", "trademarks" |
| 65 | + ] |
| 66 | + high_risk_messages = [ |
| 67 | + r"Plugin Updater detected", r"Missing.*License.*Plugin Header", |
| 68 | + r"restricted term", r"Unescaped parameter.*\$wpdb", |
| 69 | + r"Use placeholders and.*\$wpdb->prepare" |
| 70 | + ] |
| 71 | + medium_risk_codes = [ |
| 72 | + "missing_direct_file_access_protection", "trunk_stable_tag", |
| 73 | + "mismatched_plugin_name", "application_detected" |
| 74 | + ] |
| 75 | + medium_risk_messages = [ |
| 76 | + r"Missing.*\$domain.*parameter", r"has been deprecated", |
| 77 | + r"wp_get_sites", r"cURL functions is highly discouraged" |
| 78 | + ] |
| 79 | +
|
| 80 | + high, medium, other = [], [], [] |
| 81 | +
|
| 82 | + try: |
| 83 | + with open(results_path, "r") as f: |
| 84 | + content = f.read().strip() |
| 85 | +
|
| 86 | + all_issues = [] |
| 87 | + try: |
| 88 | + data = json.loads(content) |
| 89 | + if isinstance(data, list): |
| 90 | + all_issues = data |
| 91 | + elif isinstance(data, dict): |
| 92 | + for fp, issues in data.items(): |
| 93 | + if isinstance(issues, list): |
| 94 | + for issue in issues: |
| 95 | + issue['_file'] = fp |
| 96 | + all_issues.append(issue) |
| 97 | + except json.JSONDecodeError: |
| 98 | + for line in content.split('\n'): |
| 99 | + line = line.strip() |
| 100 | + if not line: |
| 101 | + continue |
| 102 | + try: |
| 103 | + parsed = json.loads(line) |
| 104 | + if isinstance(parsed, list): |
| 105 | + all_issues.extend(parsed) |
| 106 | + elif isinstance(parsed, dict): |
| 107 | + all_issues.append(parsed) |
| 108 | + except json.JSONDecodeError: |
| 109 | + continue |
| 110 | +
|
| 111 | + for issue in all_issues: |
| 112 | + code = issue.get('code', '') |
| 113 | + msg = issue.get('message', '') |
| 114 | + itype = issue.get('type', 'ERROR') |
| 115 | + line_num = issue.get('line', 0) |
| 116 | + file_path = issue.get('_file', '') |
| 117 | +
|
| 118 | + prefix = "❌" if itype == "ERROR" else "⚠️" |
| 119 | + location = "" |
| 120 | + if file_path: |
| 121 | + location = f" ({file_path}" |
| 122 | + if line_num and line_num > 0: |
| 123 | + location += f", line {line_num}" |
| 124 | + location += ")" |
| 125 | + elif line_num and line_num > 0: |
| 126 | + location = f" (line {line_num})" |
| 127 | +
|
| 128 | + readable = f"{prefix} {msg}{location}" |
| 129 | +
|
| 130 | + is_high = code in high_risk_codes |
| 131 | + if not is_high: |
| 132 | + for p in high_risk_messages: |
| 133 | + if re.search(p, msg, re.IGNORECASE): |
| 134 | + is_high = True |
| 135 | + break |
| 136 | +
|
| 137 | + is_medium = code in medium_risk_codes |
| 138 | + if not is_medium and not is_high: |
| 139 | + for p in medium_risk_messages: |
| 140 | + if re.search(p, msg, re.IGNORECASE): |
| 141 | + is_medium = True |
| 142 | + break |
| 143 | +
|
| 144 | + if is_high: |
| 145 | + high.append(readable) |
| 146 | + elif is_medium: |
| 147 | + medium.append(readable) |
| 148 | + else: |
| 149 | + other.append(readable) |
| 150 | +
|
| 151 | + def dedup(lst): |
| 152 | + seen = set() |
| 153 | + result = [] |
| 154 | + for item in lst: |
| 155 | + if item not in seen: |
| 156 | + seen.add(item) |
| 157 | + result.append(item) |
| 158 | + return result |
| 159 | +
|
| 160 | + high, medium, other = dedup(high), dedup(medium), dedup(other) |
| 161 | +
|
| 162 | + print("---HIGH---") |
| 163 | + for i in high: print(i) |
| 164 | + print("---MEDIUM---") |
| 165 | + for i in medium: print(i) |
| 166 | + print("---OTHER---") |
| 167 | + for i in other: print(i) |
| 168 | + print("---COUNTS---") |
| 169 | + print(f"{len(high)}|{len(medium)}|{len(other)}") |
| 170 | +
|
| 171 | + except Exception as e: |
| 172 | + print(f"Parse error: {e}", file=__import__('sys').stderr) |
| 173 | + print("---HIGH---\n---MEDIUM---\n---OTHER---\n---COUNTS---\n0|0|0") |
| 174 | + PYEOF |
| 175 | + ) |
| 176 | +
|
| 177 | + HIGH_SECTION=$(echo "$PARSED" | sed -n '/^---HIGH---$/,/^---MEDIUM---$/p' | sed '1d;$d') |
| 178 | + MEDIUM_SECTION=$(echo "$PARSED" | sed -n '/^---MEDIUM---$/,/^---OTHER---$/p' | sed '1d;$d') |
| 179 | + OTHER_SECTION=$(echo "$PARSED" | sed -n '/^---OTHER---$/,/^---COUNTS---$/p' | sed '1d;$d') |
| 180 | + COUNTS=$(echo "$PARSED" | tail -1) |
| 181 | + OTHER_COUNT=$(echo "$COUNTS" | cut -d'|' -f3) |
| 182 | +
|
| 183 | + echo "### 🚨 HIGH RISK — Can cause plugin closure or suspension" >> $GITHUB_STEP_SUMMARY |
| 184 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 185 | + if [ -n "$HIGH_SECTION" ]; then |
| 186 | + echo "$HIGH_SECTION" >> $GITHUB_STEP_SUMMARY |
| 187 | + else |
| 188 | + echo "✅ No high-risk issues found." >> $GITHUB_STEP_SUMMARY |
| 189 | + fi |
| 190 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 191 | +
|
| 192 | + echo "### ⚠️ MEDIUM RISK — Commonly flagged in wordpress.org reviews" >> $GITHUB_STEP_SUMMARY |
| 193 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 194 | + if [ -n "$MEDIUM_SECTION" ]; then |
| 195 | + echo "$MEDIUM_SECTION" >> $GITHUB_STEP_SUMMARY |
| 196 | + else |
| 197 | + echo "✅ No medium-risk issues found." >> $GITHUB_STEP_SUMMARY |
| 198 | + fi |
| 199 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 200 | +
|
| 201 | + echo "<details>" >> $GITHUB_STEP_SUMMARY |
| 202 | + echo "<summary>📋 Other issues ($OTHER_COUNT) — click to expand</summary>" >> $GITHUB_STEP_SUMMARY |
| 203 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 204 | + if [ -n "$OTHER_SECTION" ]; then |
| 205 | + echo "$OTHER_SECTION" >> $GITHUB_STEP_SUMMARY |
| 206 | + else |
| 207 | + echo "No other issues." >> $GITHUB_STEP_SUMMARY |
| 208 | + fi |
| 209 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 210 | + echo "</details>" >> $GITHUB_STEP_SUMMARY |
0 commit comments