Fix Plugin Check CI: WP-CLI token fix done; wp-env regression blocked upstream#766
Open
ilicfilip wants to merge 7 commits into
Open
Fix Plugin Check CI: WP-CLI token fix done; wp-env regression blocked upstream#766ilicfilip wants to merge 7 commits into
ilicfilip wants to merge 7 commits into
Conversation
The Plugin Check job ("test") fails at `wp package install` with
"github oauth token contains invalid characters". The token is the
auto-injected GITHUB_TOKEN that setup-php hands to Composer; a behavior
change in the floating @v2 tag surfaced the rejection. Pin to a known
version to stabilize the job. Repo has no custom token secret, so this
is not a credentials issue.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Test on Playground |
Contributor
✅ Code Coverage Report
🎉 Great job maintaining/improving code coverage! ℹ️ About this report
|
The setup-php pin did not fix the Plugin Check job: the token rejection
("invalid characters") comes from wp-cli's bundled Composer, not setup-php.
setup-php exports the Actions GITHUB_TOKEN for Composer, and wp-cli's
Composer refuses its format. Clear the token env for just this step so the
single public-package fetch runs unauthenticated (well within rate limits).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
wp-cli writes GITHUB_TOKEN to Composer's github-oauth config whenever it is a string (an empty env value still counts), and Composer rejects the Actions token as "invalid characters". Unsetting the var in the shell makes getenv() return false so wp-cli skips token config; the single public package fetch runs unauthenticated, within rate limits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…oken The Plugin Check job fails at `wp package install` because the Composer bundled in the stable WP-CLI phar rejects the new GitHub Actions token format (hyphens) with "contains invalid characters" — composer#12076. The token is exported by setup-php via COMPOSER_AUTH, so neutralizing GITHUB_TOKEN had no effect. The nightly WP-CLI bundles a Composer with relaxed token validation, fixing it at the root. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The nightly update failed with "/usr/local/bin/wp-cli is not writable by current user" because setup-php installs the phar to a root-owned path. Run the update via sudo so it can replace the phar in place. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
The Plugin Check job regressed (last passed 2026-05-05) without any change on our side. plugin-check-action installs @wordpress/env unpinned, so it pulls the latest; 11.6.0/11.7.0 migrated nodegit -> simple-git, which breaks the action's wp-env start (stalls at "Reading configuration", environment never initializes). Pin the global install to 11.5.0, the last version our job ran green with. Also bump the action to v1.1.6. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status: token issue FIXED ✅ — wp-env startup BLOCKED on upstream bug⚠️
This PR fixes the
test(WordPress.org Plugin Check) job ondevelop. There were two sequential failures. The first is fixed and verified; the second is a confirmed upstream bug with a maintainer-tracked fix in progress. Waiting on upstream.Part 1 — FIXED & verified: GitHub token rejected by WP-CLI's Composer
Symptom:
wp package install wp-cli/dist-archive-commandfailed with:Root cause: GitHub's Actions token format is now
ghs_<id>_<base64url-JWT>(contains hyphens). The Composer bundled inside the stable WP-CLI phar uses an old validation regex that rejects hyphens — composer#12076. The token reaches WP-CLI viaCOMPOSER_AUTH(exported globally bysetup-php), which WP-CLI reads beforeGITHUB_TOKEN, so clearingGITHUB_TOKENhad no effect.Fix (committed here):
sudo -E $(which wp) cli update --nightly --yesbefore the install. The nightly WP-CLI bundles a Composer with relaxed token validation.sudois needed because setup-php installs the phar to a root-owned path.Verified in CI:
Success: Updated WP-CLI to the latest nightly release.→Success: Package installed.→Success: Created progress-planner.zip. This part works — keep it.Part 2 — BLOCKED upstream: wp-env silently fails to start in plugin-check-action
Symptom (current failure): after the token fix, the job fails later inside
wordpress/plugin-check-action:This is a known upstream bug — WordPress/plugin-check-action#579 (filed 2026-05-27), with the underlying fix tracked in WordPress/gutenberg#78762.
Root cause (per maintainers' bisection in #579): The action auto-generates a
.wp-env.jsonthat always includes plugin-check as a URL plugin (https://downloads.wordpress.org/plugin/plugin-check.zip).@wordpress/env's HTTP zip-download path silently exits 0 without starting Docker on the current runner image (Node 24.16 / libuv 1.52.1, interacting with wp-env's pinnedgot@^11.8.5). The maintainers explicitly ruled out thetestsEnvironmentdual-env path and the--updateflag as triggers.This is develop-only (no
plugin-check.ymlonmain) and unrelated to the v1.9.1 sync. It is not fixable cleanly from our side without inlining the action's steps (the action force-reinstalls@wordpress/envitself, overriding any version pin we set — confirmed in this PR's commit history).Decision: wait for upstream
The maintainers' preferred fix is to change
plugin-check-actionto stop putting plugin-check as a URL plugin (install it via wp-cli post-boot instead). Once that ships, bumping the action version will fix us with no workaround. We are waiting on that rather than maintaining an inlined-workaround copy of the action.wp-env start— reference diff WordPress/performance#2496.Next steps for whoever picks this up
wordpress/plugin-check-actionto the fixed tag.continue-on-error: trueon thetestjob temporarily.Commits in this PR
@wordpress/env@11.5.0pin attempt — does not hold (action re-installs latest); can be droppedTest plan
wp package installsucceeds)