WordPress
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 2 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.env‎
Lines changed: 5 additions & 4 deletions b/‎.env‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/callable-test-core-build-process.yml‎
Lines changed: 87 additions & 0 deletions b/‎.github/workflows/callable-test-core-build-process.yml‎
Lines changed: 87 additions & 0 deletions
diff --git a/‎.github/workflows/callable-test-gutenberg-build-process.yml‎
Lines changed: 93 additions & 0 deletions b/‎.github/workflows/callable-test-gutenberg-build-process.yml‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎.github/workflows/coding-standards.yml‎
Lines changed: 28 additions & 12 deletions b/‎.github/workflows/coding-standards.yml‎
Lines changed: 28 additions & 12 deletions
@@ -3,15 +3,15 @@
     "name": "WordPress Core Development",
     "dockerComposeFile": "docker-compose.yml",
     "service": "app",
-	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+    "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
     // Features to add to the dev container. More info: https://containers.dev/features.
     "features": {
         "ghcr.io/devcontainers/features/common-utils:2": {
             "username": "wordpress"
         },
         "ghcr.io/devcontainers/features/node:1": {
-            "version": "14"
+            "version": "20"
         },
         "ghcr.io/devcontainers/features/docker-in-docker:2": {},
         "ghcr.io/devcontainers/features/git:1": {}
 
@@ -46,19 +46,20 @@ LOCAL_DB_TYPE=mysql
 ##
 # The database version to use.
 #
-# Defaults to 5.7 with the assumption that LOCAL_DB_TYPE is set to `mysql` above.
+# Defaults to 8.0 with the assumption that LOCAL_DB_TYPE is set to `mysql` above.
 #
-# When using `mysql`, see https://hub.docker.com/r/amd64/mysql for valid versions.
-# When using `mariadb`, see https://hub.docker.com/r/amd64/mariadb for valid versions.
+# When using `mysql`, see https://hub.docker.com/_/mysql for valid versions.
+# When using `mariadb`, see https://hub.docker.com/_/mariadb for valid versions.
 ##
-LOCAL_DB_VERSION=5.7
+LOCAL_DB_VERSION=8.0
 
 # The debug settings to add to `wp-config.php`.
 LOCAL_WP_DEBUG=true
 LOCAL_WP_DEBUG_LOG=true
 LOCAL_WP_DEBUG_DISPLAY=true
 LOCAL_SCRIPT_DEBUG=true
 LOCAL_WP_ENVIRONMENT_TYPE=local
+LOCAL_WP_DEVELOPMENT_MODE=core
 
 # The URL to use when running e2e tests.
 WP_BASE_URL=http://localhost:${LOCAL_PORT}
@@ -8,3 +8,7 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"
@@ -0,0 +1,87 @@
+##
+# A callable workflow that tests the WordPress Core build process.
+##
+name: Test the WordPress Build Process
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        description: 'Operating system to run tests on'
+        required: false
+        type: 'string'
+        default: 'ubuntu-latest'
+      directory:
+        description: 'Directory to run WordPress from. Valid values are `src` or `build`'
+        required: false
+        type: 'string'
+        default: 'src'
+
+env:
+  PUPPETEER_SKIP_DOWNLOAD: ${{ true }}
+
+jobs:
+  # Verifies that installing npm dependencies and building WordPress works as expected.
+  #
+  # Performs the following steps:
+  # - Checks out the repository.
+  # - Sets up Node.js.
+  # - Logs debug information about the GitHub Action runner.
+  # - Installs npm dependencies.
+  # - Builds WordPress to run from the desired location (src or build).
+  # - Ensures version-controlled files are not modified or deleted.
+  # - Creates a ZIP of the built WordPress files (when building to the build directory).
+  # - Cleans up after building WordPress.
+  # - Ensures version-controlled files are not modified or deleted.
+  # - Uploads the ZIP as a GitHub Actions artifact (when building to the build directory).
+  build-process-tests:
+    name: Core running from ${{ inputs.directory }} / ${{ inputs.os == 'macos-latest' && 'MacOS' || inputs.os == 'windows-latest' && 'Windows' || 'Linux' }}
+    runs-on: ${{ inputs.os }}
+    timeout-minutes: 20
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version-file: '.nvmrc'
+          check-latest: true
+          cache: npm
+
+      - name: Log debug information
+        run: |
+          npm --version
+          node --version
+          curl --version
+          git --version
+
+      - name: Install npm Dependencies
+        run: npm ci
+
+      - name: Build WordPress to run from ${{ inputs.directory }}
+        run: npm run build${{ inputs.directory == 'src' && ':dev' || '' }}
+
+      - name: Ensure version-controlled files are not modified or deleted during building
+        run: git diff --exit-code
+
+      - name: Create ZIP of built files
+        if: ${{ inputs.directory == 'build' && 'ubuntu-latest' == inputs.os }}
+        run: zip -r wordpress.zip build/.
+
+      - name: Clean after building to run from ${{ inputs.directory }}
+        run: npm run grunt clean${{ inputs.directory == 'src' && ' -- --dev' || '' }}
+
+      - name: Ensure version-controlled files are not modified or deleted during cleaning
+        run: git diff --exit-code
+
+      - name: Upload ZIP as a GitHub Actions artifact
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        if: ${{ inputs.directory == 'build' && 'ubuntu-latest' == inputs.os }}
+        with:
+          name: wordpress-build-${{ github.event_name == 'pull_request' && github.event.number || github.sha }}
+          path: wordpress.zip
+          if-no-files-found: error
@@ -0,0 +1,93 @@
+##
+# A callable workflow that tests the Gutenberg plugin build process when run within a wordpress-develop checkout.
+##
+name: Test the Gutenberg plugin Build Process
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        description: 'Operating system to run tests on'
+        required: false
+        type: 'string'
+        default: 'ubuntu-latest'
+      directory:
+        description: 'Directory to run WordPress from. Valid values are `src` or `build`'
+        required: false
+        type: 'string'
+        default: 'src'
+
+env:
+  GUTENBERG_DIRECTORY: ${{ inputs.directory == 'build' && 'build' || 'src' }}/wp-content/plugins/gutenberg
+  PUPPETEER_SKIP_DOWNLOAD: ${{ true }}
+  NODE_OPTIONS: '--max-old-space-size=8192'
+
+jobs:
+  # Verifies that installing npm dependencies and building the Gutenberg plugin works as expected.
+  #
+  # Performs the following steps:
+  # - Checks out the repository.
+  # - Checks out the Gutenberg plugin into the plugins directory.
+  # - Sets up Node.js.
+  # - Logs debug information about the GitHub Action runner.
+  # - Installs Core npm dependencies.
+  # - Installs Gutenberg npm dependencies.
+  # - Runs the Gutenberg build process.
+  # - Builds WordPress to run from the relevant location (src or build).
+  # - Builds Gutenberg.
+  # - Ensures version-controlled files are not modified or deleted.
+  build-process-tests:
+    name: Gutenberg running from ${{ inputs.directory }} / ${{ inputs.os == 'macos-latest' && 'MacOS' || inputs.os == 'windows-latest' && 'Windows' || 'Linux' }}
+    runs-on: ${{ inputs.os }}
+    timeout-minutes: 30
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
+
+      - name: Checkout Gutenberg plugin
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          repository: 'WordPress/gutenberg'
+          path: ${{ env.GUTENBERG_DIRECTORY }}
+          show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version-file: '.nvmrc'
+          check-latest: true
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            ${{ env.GUTENBERG_DIRECTORY }}/package-lock.json
+
+      - name: Log debug information
+        run: |
+          npm --version
+          node --version
+          curl --version
+          git --version
+
+      - name: Install Core Dependencies
+        run: npm ci
+
+      - name: Install Gutenberg Dependencies
+        run: npm ci
+        working-directory: ${{ env.GUTENBERG_DIRECTORY }}
+
+      - name: Build Gutenberg
+        run: npm run build
+        working-directory: ${{ env.GUTENBERG_DIRECTORY }}
+
+      - name: Build WordPress to run from ${{ inputs.directory }}
+        run: npm run build${{ inputs.directory == 'src' && ':dev' || '' }}
+
+      - name: Run Gutenberg build script after building Core to run from ${{ inputs.directory }}
+        run: npm run build
+        working-directory: ${{ env.GUTENBERG_DIRECTORY }}
+
+      - name: Ensure version-controlled files are not modified or deleted during building
+        run: git diff --exit-code
@@ -40,6 +40,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
   cancel-in-progress: true
 
+# Disable permissions for all available scopes by default.
+# Any needed permissions should be configured at the job level.
+permissions: {}
+
 jobs:
   # Runs PHP coding standards checks.
   #
@@ -59,17 +63,21 @@ jobs:
   phpcs:
     name: PHP coding standards
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     timeout-minutes: 20
     if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }}
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@8e2ac35f639d3e794c1da1f28999385ab6fdf0fc # v2.23.0
+        uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2.29.0
         with:
-          php-version: '7.4'
+          php-version: 'latest'
           coverage: none
           tools: cs2pr
 
@@ -80,7 +88,7 @@ jobs:
         run: echo "date=$(/bin/date -u --date='last Mon' "+%F")" >> $GITHUB_OUTPUT
 
       - name: Cache PHPCS scan cache
-        uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
         with:
           path: |
             .cache/phpcs-src.json
@@ -130,17 +138,21 @@ jobs:
   jshint:
     name: JavaScript coding standards
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     timeout-minutes: 20
     if: ${{ github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' }}
     env:
-      PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: ${{ true }}
+      PUPPETEER_SKIP_DOWNLOAD: ${{ true }}
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
 
       - name: Set up Node.js
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -150,7 +162,6 @@ jobs:
           npm --version
           node --version
           git --version
-          svn --version
 
       - name: Install npm Dependencies
         run: npm ci
@@ -164,10 +175,13 @@ jobs:
   slack-notifications:
     name: Slack Notifications
     uses: WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk
+    permissions:
+      actions: read
+      contents: read
     needs: [ phpcs, jshint ]
     if: ${{ github.repository == 'WordPress/wordpress-develop' && github.event_name != 'pull_request' && always() }}
     with:
-      calling_status: ${{ needs.phpcs.result == 'success' && needs.jshint.result == 'success' && 'success' || ( needs.phpcs.result == 'cancelled' || needs.jshint.result == 'cancelled' ) && 'cancelled' || 'failure' }}
+      calling_status: ${{ contains( needs.*.result, 'cancelled' ) && 'cancelled' || contains( needs.*.result, 'failure' ) && 'failure' || 'success' }}
     secrets:
       SLACK_GHA_SUCCESS_WEBHOOK: ${{ secrets.SLACK_GHA_SUCCESS_WEBHOOK }}
       SLACK_GHA_CANCELLED_WEBHOOK: ${{ secrets.SLACK_GHA_CANCELLED_WEBHOOK }}
@@ -177,20 +191,22 @@ jobs:
   failed-workflow:
     name: Failed workflow tasks
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
     needs: [ phpcs, jshint, slack-notifications ]
     if: |
       always() &&
       github.repository == 'WordPress/wordpress-develop' &&
       github.event_name != 'pull_request' &&
       github.run_attempt < 2 &&
       (
-        needs.phpcs.result == 'cancelled' || needs.phpcs.result == 'failure' ||
-        needs.jshint.result == 'cancelled' || needs.jshint.result == 'failure'
+        contains( needs.*.result, 'cancelled' ) ||
+        contains( needs.*.result, 'failure' )
       )
 
     steps:
       - name: Dispatch workflow run
-        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           retries: 2
           retry-exempt-status-codes: 418