chore: PHPCS + PHPCompatibility tooling and CI (part of #20)#44
Merged
Conversation
…ing) - Add dev deps: squizlabs/php_codesniffer, wp-coding-standards/wpcs, phpcompatibility/phpcompatibility-wp, and the phpcs composer installer. - phpcs.xml.dist: WordPress-Extra with the heavy doc/formatting sniffs relaxed but all security/correctness sniffs enforced (testVersion 8.3-, plugin text domain and prefixes configured); CI fails on errors, warnings are reported. - composer scripts: lint / lint:fix / test. - .github/workflows/ci.yml runs php -l, PHPCS, and PHPUnit on PHP 8.3. - CONTRIBUTING.md documents the checks and the manual Plugin Check step. Applied phpcbf auto-formatting across the codebase, renamed loop vars that clobbered the $post/$page globals, prefixed uninstall option vars, and added narrowly-scoped phpcs:ignore (with reasons) for known-safe patterns (pre-escaped branding HTML, theme widget markup, trusted table names, intentional local-time scheduling). Co-Authored-By: Claude Opus 4.8 <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR adds PHP linting/static analysis tooling (PHPCS + PHPCompatibilityWP) and wires it into CI to enforce WordPress coding standards and PHP version compatibility for the OutPost plugin.
Changes:
- Add PHPCS ruleset (
phpcs.xml.dist) using WordPress-Extra + PHPCompatibilityWP, plus Composer scripts forlint,lint:fix, andtest. - Add GitHub Actions CI workflow running PHP lint, PHPCS, and PHPUnit on PHP 8.3.
- Apply codebase-wide formatting updates and targeted fixes (variable renames/prefixing, narrowly scoped PHPCS ignores with reasons).
Reviewed changes
Copilot reviewed 28 out of 29 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| uninstall.php | Minor formatting + rename option list var to avoid generic naming. |
| templates/email/welcome.php | ABSPATH guard formatting + branding output PHPCS ignore annotation. |
| templates/email/manage-links.php | ABSPATH guard formatting + branding output PHPCS ignore annotation; minor loop formatting. |
| templates/email/digest.php | ABSPATH guard formatting + rename loop var to avoid $post clobbering; branding output PHPCS ignore. |
| templates/email/confirmation.php | ABSPATH guard formatting + branding output PHPCS ignore annotation. |
| public/class-outpost-public-page.php | Convert short arrays to array() and adjust formatting/DB query wrapping. |
| phpcs.xml.dist | New PHPCS ruleset enforcing WP-Extra + PHPCompatibilityWP and project-specific config. |
| outpost.php | Formatting + switch to array() for hook callbacks and autoloader map. |
| includes/class-outpost-widget.php | Formatting + add PHPCS ignores for trusted theme markup / pre-escaped branding. |
| includes/class-outpost-subscriber.php | Formatting + switch to array() in hooks/DB calls/URLs/email headers. |
| includes/class-outpost-shortcodes.php | Formatting + PHPCS ignores for known-escaped helper output and URLs. |
| includes/class-outpost-settings.php | Formatting (arrays) in settings save allowlist. |
| includes/class-outpost-hashtag-manager.php | Add PHPCS ignore reasons for trusted table-name interpolation; formatting updates. |
| includes/class-outpost-feed-fetcher.php | Formatting + switch empty arrays to array(); wrap wp_remote_get args. |
| includes/class-outpost-email-digest.php | Formatting + switch empty arrays to array(); wrap prepare/get_results. |
| includes/class-outpost-blocks.php | Formatting + wrap block registration/localize calls using array(). |
| includes/class-outpost-activator.php | Formatting + clarify local-time cron scheduling and add targeted PHPCS ignore. |
| CONTRIBUTING.md | New contributor docs for lint/test workflow and manual Plugin Check guidance. |
| composer.json | Add PHPCS/WPCS/PHPCompatibilityWP dev deps, allow-plugins, and scripts. |
| composer.lock | Lockfile updates for new dev dependencies. |
| blocks/feed/editor.asset.php | Formatting + switch to array() return structure. |
| blocks/account-feed/editor.asset.php | Formatting + switch to array() return structure. |
| admin/views/subscribers.php | ABSPATH guard formatting + wrap prepared query formatting. |
| admin/views/setup-wizard.php | ABSPATH guard formatting. |
| admin/views/settings.php | ABSPATH guard formatting + loop var rename to avoid $page clobbering; wp_kses arg formatting. |
| admin/views/hashtags.php | ABSPATH guard formatting + refactor delete link construction. |
| admin/views/dashboard.php | ABSPATH guard formatting + wp_kses arg formatting + minor loop formatting. |
| admin/class-outpost-admin.php | Formatting + wrap redirects/add_query_arg arrays and settings payload arrays. |
| .github/workflows/ci.yml | New CI workflow running composer install, PHP lint, PHPCS, and PHPUnit. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+123
to
+132
| <a href=" | ||
| <?php | ||
| echo esc_url( | ||
| wp_nonce_url( | ||
| admin_url( 'admin.php?outpost_action=delete_hashtag&id=' . $row->id ), | ||
| 'outpost_delete_hashtag_' . $row->id | ||
| ) | ||
| ); | ||
| ?> | ||
| " |
| public static function get( $id ) { | ||
| global $wpdb; | ||
| $table = $wpdb->prefix . 'outpost_hashtags'; | ||
| // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $table is a trusted, code-derived table name; values are placeheld. |
| ) ); | ||
| return $wpdb->get_row( | ||
| $wpdb->prepare( | ||
| // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $table is a trusted, code-derived table name; values are placeheld. |
payown
added a commit
that referenced
this pull request
Jun 16, 2026
Add a WordPress.org-format readme.txt (stable tag 1.1.0, sections, changelog, upgrade notice). Bump the plugin Version to 1.1.0 and OUTPOST_VERSION to match, add a Tested up to header, and raise Requires PHP to 8.3 per the project standard. Completes #20 alongside the tooling PR (#44). Co-authored-by: Michael Babcock <[email protected]> Co-authored-by: Claude Opus 4.8 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 4. Tooling half of #20 (readme/headers follow in a separate PR).
What
squizlabs/php_codesniffer,wp-coding-standards/wpcs,phpcompatibility/phpcompatibility-wp, the phpcs composer installer.phpcs.xml.dist:WordPress-Extrawith heavy doc/formatting sniffs relaxed, all security and correctness sniffs enforced (testVersion8.3-, text domain + prefixes configured). CI fails on errors; warnings are reported but non-blocking.lint/lint:fix/test..github/workflows/ci.yml:php -l, PHPCS, PHPUnit on PHP 8.3.CONTRIBUTING.md: documents the checks and the manual Plugin Check step (Plugin Check needs a WP runtime, so it stays out of CI).Adoption notes
phpcbfauto-formatted the codebase (the bulk of the diff is whitespace/alignment — no behavior change).$post/$pageWordPress globals; prefixed uninstall option vars.phpcs:ignorewith--reasons (pre-escaped branding HTML, theme widget markup, trusted table-name interpolation, intentional local-time cron scheduling) — same pattern already used inuninstall.php.error_log()calls remain as warnings (non-blocking); chore: remove or guard error_log() debug calls in the feed fetcher #21 removes them.Verify
composer lintandcomposer testboth pass locally (PHPCS exit 0, 22/22 tests). CI should go green on this PR.Part of #20
🤖 Generated with Claude Code