Fix Plugin Check CI: WP-CLI token fix done; wp-env regression blocked upstream#766
Open
ilicfilip wants to merge 7 commits into
Open
Fix Plugin Check CI: WP-CLI token fix done; wp-env regression blocked upstream#766ilicfilip wants to merge 7 commits into
ilicfilip wants to merge 7 commits into
Conversation
The Plugin Check job ("test") fails at `wp package install` with
"github oauth token contains invalid characters". The token is the
auto-injected GITHUB_TOKEN that setup-php hands to Composer; a behavior
change in the floating @v2 tag surfaced the rejection. Pin to a known
version to stabilize the job. Repo has no custom token secret, so this
is not a credentials issue.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Test on Playground |
Contributor
✅ Code Coverage Report
🎉 Great job maintaining/improving code coverage! ℹ️ About this report
|
The setup-php pin did not fix the Plugin Check job: the token rejection
("invalid characters") comes from wp-cli's bundled Composer, not setup-php.
setup-php exports the Actions GITHUB_TOKEN for Composer, and wp-cli's
Composer refuses its format. Clear the token env for just this step so the
single public-package fetch runs unauthenticated (well within rate limits).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
wp-cli writes GITHUB_TOKEN to Composer's github-oauth config whenever it is a string (an empty env value still counts), and Composer rejects the Actions token as "invalid characters". Unsetting the var in the shell makes getenv() return false so wp-cli skips token config; the single public package fetch runs unauthenticated, within rate limits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…oken The Plugin Check job fails at `wp package install` because the Composer bundled in the stable WP-CLI phar rejects the new GitHub Actions token format (hyphens) with "contains invalid characters" — composer#12076. The token is exported by setup-php via COMPOSER_AUTH, so neutralizing GITHUB_TOKEN had no effect. The nightly WP-CLI bundles a Composer with relaxed token validation, fixing it at the root. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The nightly update failed with "/usr/local/bin/wp-cli is not writable by current user" because setup-php installs the phar to a root-owned path. Run the update via sudo so it can replace the phar in place. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
The Plugin Check job regressed (last passed 2026-05-05) without any change on our side. plugin-check-action installs @wordpress/env unpinned, so it pulls the latest; 11.6.0/11.7.0 migrated nodegit -> simple-git, which breaks the action's wp-env start (stalls at "Reading configuration", environment never initializes). Pin the global install to 11.5.0, the last version our job ran green with. Also bump the action to v1.1.6. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ilicfilip
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status: token issue FIXED ✅ — wp-env startup BLOCKED on upstream bug⚠️
This PR fixes the
test(WordPress.org Plugin Check) job ondevelop. There were two sequential failures. The first is fixed and verified; the second is a confirmed upstream bug with a maintainer-tracked fix in progress. Waiting on upstream.Part 1 — FIXED & verified: GitHub token rejected by WP-CLI's Composer
Symptom:
wp package install wp-cli/dist-archive-commandfailed with:Root cause: GitHub's Actions token format is now
ghs_<id>_<base64url-JWT>(contains hyphens). The Composer bundled inside the stable WP-CLI phar uses an old validation regex that rejects hyphens — composer#12076. The token reaches WP-CLI viaCOMPOSER_AUTH(exported globally bysetup-php), which WP-CLI reads beforeGITHUB_TOKEN, so clearingGITHUB_TOKENhad no effect.Fix (committed here):
sudo -E $(which wp) cli update --nightly --yesbefore the install. The nightly WP-CLI bundles a Composer with relaxed token validation.sudois needed because setup-php installs the phar to a root-owned path.Verified in CI:
Success: Updated WP-CLI to the latest nightly release.→Success: Package installed.→Success: Created progress-planner.zip. This part works — keep it.Part 2 — BLOCKED upstream: wp-env silently fails to start in plugin-check-action
Symptom (current failure): after the token fix, the job fails later inside
wordpress/plugin-check-action.wp-env start --updatereports success (Command completed after 1 attempt(s)) but never actually boots Docker, so the next CLI call fails:This is a confirmed upstream bug — WordPress/gutenberg#78762 (status: In Progress), originally surfaced via WordPress/plugin-check-action#579.
Root cause (per the maintainers' bisection in #78762): it is not a
@wordpress/envversion change — thepackages/env/source is byte-identical across 11.5.0 → 11.6.0 → 11.7.0 (onlyCHANGELOG.md/README.mddiffer). It is a latent wp-env bug exposed by the Node.js 24.15 → 24.16 bump (libuv 1.51 → 1.52.1) in the new GitHub Actionsubuntu-24.04runner image. wp-env's URL-source download path extracts zips viaextract-zip→yauzl→zlib.InflateRaw; on Node 24.16 the extraction of a large zip (WP core, andplugin-check.zipwith 3589 entries) stalls and never resolves. With nothing left on the event loop, Node drains it and exits0cleanly → Docker is never started.The trigger is conclusively the URL-plugin entry the action always injects into
.wp-env.json(https://downloads.wordpress.org/plugin/plugin-check.zip). The maintainers' bisection ruled out thetestsEnvironmentdual-env path and the--updateflag; removing the URL source (installing plugin-check via wp-cli after start) makes all jobs green on both runner images.This is develop-only (no
plugin-check.ymlonmain) and unrelated to the v1.9.1 sync. It is not fixable from our side by pinning@wordpress/env: the versions are identical (so the pin is a no-op), and the action re-installs@wordpress/envunpinned itself anyway (overriding any pin) — both confirmed in this PR's commit history.Decision: wait for upstream
The fix-in-progress upstream is to replace
extract-zipwithadm-zip(gutenberg#78828) plus a post-start "is Docker actually up?" verification. Once that ships in a new@wordpress/envrelease (and/orplugin-check-actionstops using a URL plugin), bumping the action will fix us with no workaround. We are waiting on that rather than maintaining an inlined copy of the action.wp-env start— reference diff WordPress/performance#2496. (The action pins Node to major24internally, so an external Node pin only takes effect if we stop using the action.)Next steps for whoever picks this up
wordpress/plugin-check-actionto the fixed tag.continue-on-error: trueon thetestjob temporarily.Commits in this PR
@wordpress/env@11.5.0pin attempt — no-op (versions are byte-identical, and the action re-installs latest); can be droppedTest plan
wp package installsucceeds)