ci.yml

name: CI
on:
    pull_request:
    workflow_dispatch:

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true

jobs:
    generate-drift:
        name: OpenAPI generation drift
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v6
            - uses: actions/setup-node@v6
              with:
                  node-version: '24'
                  cache: 'npm'
            - run: npm ci
            - name: Regenerate from live OpenAPI
              run: npm run generate
            - name: Fail if generated code is stale
              run: git diff --exit-code src/Generated blocks/generated
            - name: Fail if distribution drifts between local zip and SVN deploy
              run: node bin/check-distignore.mjs
            - name: Fail if a mapped component is missing from the pinned UI build
              run: node bin/check-component-map.mjs

    lint:
        name: Lint and Plugin Check
        needs: [generate-drift]
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v6
            - uses: shivammathur/setup-php@v2
              with:
                  php-version: '8.3'
                  tools: composer
                  coverage: none
            - run: composer install --prefer-dist --no-progress
            - run: vendor/bin/phpcs --standard=phpcs.xml.dist
            - run: vendor/bin/phpstan analyze --no-progress --memory-limit=1G
            - uses: actions/setup-node@v6
              with:
                  node-version: '24'
                  cache: 'npm'
            - run: npm ci
            - name: Prettier check
              run: npx prettier --check .
            - name: JS lint
              run: npm run lint:js
            - name: CSS lint
              run: npm run lint:css
            - run: npm run build:all
            # --update forces a fresh pull of plugin-check.latest-stable.zip;
            # without it wp-env reuses a stale cached copy and misses newer checks.
            - run: npx wp-env start --update
            # Advisory, not gating. `wp-env run` fails with "Environment not
            # initialized" on GitHub runners even though `start --update`
            # succeeds; it is not reproducible locally (works on a clean cold
            # start) and is not in the ci-success rollup, so it never blocks a
            # merge. The real WP.org-submission gate is the lefthook pre-push
            # plugin-check hook, which runs the same command locally and passes.
            # Slug is the mounted plugin dir, matching that hook; a hardcoded
            # stale name silently checks nothing.
            # TODO: restore as a hard gate once the runner-side wp-env issue is fixed.
            - name: Plugin Check
              continue-on-error: true
              run: npx wp-env run cli wp plugin check "$(basename "$PWD")" --severity=5

    test:
        name: PHPUnit (PHP ${{ matrix.php }} / WP ${{ matrix.wp }})
        runs-on: ubuntu-latest
        strategy:
            fail-fast: false
            matrix:
                php: ['7.4', '8.1', '8.3']
                wp: ['6.5', 'latest']
                include:
                    - php: '8.3'
                      wp: 'trunk'
        services:
            mysql:
                image: mariadb:10.6
                env:
                    MARIADB_ROOT_PASSWORD: root
                ports: ['3306:3306']
                options: >-
                    --health-cmd="mariadb-admin ping"
                    --health-interval=10s
                    --health-timeout=5s
                    --health-retries=5
        steps:
            - uses: actions/checkout@v6
            - uses: shivammathur/setup-php@v2
              with:
                  php-version: ${{ matrix.php }}
                  extensions: mysqli, zip, gd
                  tools: composer, wp-cli
                  coverage: none
            - run: composer install --prefer-dist --no-progress
            - run: sudo apt-get install -y -qq subversion
            - run: bash bin/install-wp-tests.sh wordpress_test root root 127.0.0.1 ${{ matrix.wp }}
            - run: vendor/bin/phpunit

    build:
        name: Build distribution zip
        needs: [lint, test]
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v6
            - uses: shivammathur/setup-php@v2
              with:
                  php-version: '8.3'
                  tools: composer
            - run: composer install --no-dev --optimize-autoloader --prefer-dist
            - uses: actions/setup-node@v6
              with:
                  node-version: '24'
                  cache: 'npm'
            - run: npm ci
            - run: npm run build:all
            - run: npm run plugin-zip
            - uses: actions/upload-artifact@v4
              with:
                  name: roxyapi-plugin
                  path: roxyapi.zip
                  if-no-files-found: error

    # Single rollup context to require in branch protection. Requiring this one
    # job (instead of each matrix job by name) keeps the required-checks list
    # stable as the PHP/WP matrix changes, and makes a red CI block every merge,
    # dependabot auto-merge included.
    ci-success:
        name: CI success
        if: always()
        needs: [generate-drift, lint, test, build]
        runs-on: ubuntu-latest
        steps:
            - name: Require all gating jobs to pass
              run: |
                  results="${{ needs.generate-drift.result }} ${{ needs.lint.result }} ${{ needs.test.result }} ${{ needs.build.result }}"
                  echo "gating job results: $results"
                  for r in $results; do
                    if [ "$r" != "success" ]; then
                      echo "::error::A gating job did not succeed ($r). Blocking merge."
                      exit 1
                    fi
                  done
                  echo "all gating jobs passed"