diff --git a/.github/workflows/plugin-check.yml b/.github/workflows/plugin-check.yml index fe48df729..7379462f7 100644 --- a/.github/workflows/plugin-check.yml +++ b/.github/workflows/plugin-check.yml @@ -16,6 +16,16 @@ jobs: coverage: none tools: wp-cli + # The stable WP-CLI phar bundles an old Composer that rejects the new + # GitHub Actions token format (ghs__, contains + # hyphens) with "contains invalid characters" — see + # https://github.com/composer/composer/issues/12076. The nightly build + # bundles a Composer with the relaxed token validation. + - name: Update WP-CLI to nightly + # setup-php installs the wp-cli phar to a root-owned path, so the + # in-place update needs sudo to overwrite it. + run: sudo -E $(which wp) cli update --nightly --yes + - name: Install latest version of dist-archive-command run: wp package install wp-cli/dist-archive-command:v3.1.0 @@ -25,8 +35,16 @@ jobs: mkdir build unzip ${{ github.event.repository.name }}.zip -d build + # plugin-check-action installs @wordpress/env unpinned, so it pulls the + # latest. 11.6.0/11.7.0 migrated nodegit -> simple-git and break the + # action's wp-env start (stalls at "Reading configuration"). Pin to the + # last-known-good 11.5.0 (our last green run, 2026-05-05, used it). + # See https://github.com/WordPress/gutenberg/blob/trunk/packages/env/CHANGELOG.md + - name: Pin @wordpress/env to last-known-good version + run: sudo npm -g --no-fund i @wordpress/env@11.5.0 + - name: Run plugin check - uses: wordpress/plugin-check-action@v1.1.5 + uses: wordpress/plugin-check-action@v1.1.6 with: build-dir: './build/${{ github.event.repository.name }}' exclude-checks: |