enginescript-site-optimizer/.github/workflows/new-pull-request.yml at main · EngineScript/enginescript-site-optimizer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# This workflow automatically posts a guidance comment on new pull requests.
# It welcomes contributors and provides a brief message to acknowledge their
# contribution to EngineScript Site Optimizer.
# The workflow is triggered whenever a new pull request is opened.

name: New Pull Request Guidance

on:
  # pull_request_target is used only so the workflow can post this static
  # guidance comment on forked PRs. Do not add checkout, build, or script steps
  # here because this event has access to repository-scoped credentials.
  pull_request_target:
    types: [opened]

permissions: read-all

env:
  PLUGIN_SLUG: enginescript-site-optimizer

jobs:
  guide:
    runs-on: ubuntu-latest
    # Explicitly define permissions required by the job
    permissions:
      pull-requests: write
    steps:
      - name: Post guidance comment on new PR
        uses: peter-evans/create-or-update-comment@v5
        with:
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            Thanks for contributing to EngineScript Site Optimizer!

            **Before we review:**
            - [ ] Have you tested your changes with WordPress 6.8+?
            - [ ] Are your changes compatible with PHP 8.2+?
            - [ ] Have you followed WordPress coding standards?
            - [ ] Did you update the CHANGELOG.md if needed?

            **Security Reminder**
            This plugin optimizes WordPress frontend and admin performance, so please ensure:
            - All user input is properly sanitized
            - All output is properly escaped
            - No security vulnerabilities are introduced

            We'll review your PR soon.