Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input.
Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version.
Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur.
Props johnbillion.
See #52625.
Built from https://develop.svn.wordpress.org/trunk@50474
git-svn-id: http://core.svn.wordpress.org/trunk@50085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the logic in `update_https_detection_errors()` to never store error messages from the actual request since they could use a different encoding, which would make storing them in an option potentially fail, leading WordPress to then falsely assume that HTTPS is supported.
While this doesn't actually fix the encoding issue, it is not crucial to do so anyway, since these messages are not used anywhere. A simple differentiation between whether the overall HTTPS request or only the SSL verification failed should be sufficient for the purpose of this function.
Props flixos90, tmatsuur, lukecarbis.
Fixes#52484.
Built from https://develop.svn.wordpress.org/trunk@50471
git-svn-id: http://core.svn.wordpress.org/trunk@50082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adjust the background color palette rules so they don't show up on inner containers when they're not supposed to:
- When an inner container block is present, it only applies them to direct children of the block with the background color assigned.
- Since the background color should only be applied to the Cover block's overlay, not to the inner container, it opts that specific block out of this rule.
Props dianeco, kjellr, paaljoachim.
Fixes#52676.
Built from https://develop.svn.wordpress.org/trunk@50466
git-svn-id: http://core.svn.wordpress.org/trunk@50077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The editor uses the full height of its container, so the added margins cause the visual editor to break out of the container. This removes the top & bottom margins, and makes the left & right margins consistent with the meta box area.
Props antonlukin, paaljoachim, felipeelia.
Fixes#52646.
Built from https://develop.svn.wordpress.org/trunk@50465
git-svn-id: http://core.svn.wordpress.org/trunk@50076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This avoids a fatal error on PHP 8 if `error_reporting()` is disabled in `php.ini`.
On systems with this function disabled, it's best to add a dummy function to the `wp-config.php` file, as there are multiple other calls in core or plugins.
However, as this call to the function is run prior to `wp-config.php` loading, it is now wrapped in a `function_exists()` check.
Props peterwilsoncc, fijisunshine, ayeshrajans.
Fixes#52226.
Built from https://develop.svn.wordpress.org/trunk@50447
git-svn-id: http://core.svn.wordpress.org/trunk@50058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, jQuery 1.12.4 was added to the WordPress SVN repo in order to backport an upstream security patch from jQuery 3.4.0.
Now that WordPress includes an unmodified version of jQuery 3.5.1 and no longer needs to maintain a fork, it can be removed from the SVN repo and installed via NPM again as part of the build.
Follow-up to [45342], [49101].
Props peterwilsoncc, SergeyBiryukov.
Fixes#52647.
Built from https://develop.svn.wordpress.org/trunk@50445
git-svn-id: http://core.svn.wordpress.org/trunk@50056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `external-http`, `media`, and `restapi` groups combined take roughly the same time as all the other tests combined. Splitting the test run in two speeds up the PHP 5.6 test runs which are the slowest by quite a margin. The net reduction in duration is only seen on PHP versions older than 7.0 where the reduction is greater than the time taken for the job to be set up.
Props peterwilsoncc, desrosj, johnbillion
Special shout out to manzoorwanijk whose article about running steps in parallel started me down this path.
Fixes#52645
Built from https://develop.svn.wordpress.org/trunk@50444
git-svn-id: http://core.svn.wordpress.org/trunk@50055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some PHPUnit tests were concerned with the state of files in the `build` directory. In order to allow the tests to run without requiring a build to be run first, these have been moved into assertions that run after the build step (and therefore cause it to fail if they do not pass), or into QUnit tests as necessary.
Various other PHPUnit tests implictly depend on built JavaScript files being present. These files are now touched during the test setup to avoid PHP warnings if the `build` files are not present.
The `wp-tests-config-sample.php` file and the GitHub Actions configuration have also been changed so `ABSPATH` uses `src` instead of `build`, therefore allowing the PHPUnit tests to be run without a build having to be run first. This means all new local installations of WordPress will use `src` for PHPUnit testing. If you would like to switch your existing installation over then change the location of `ABSPATH` in `wp-tests-config.php` to point to `src` instead of `build`.
Props peterwilsoncc, iandunn, gziolo, desroj, johnbillion
Fixes#51734
See #45863
Built from https://develop.svn.wordpress.org/trunk@50441
git-svn-id: http://core.svn.wordpress.org/trunk@50052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `actions/cache` GitHub action uses a `key` input to find the desired cache in storage. Currently, this is defined as a combination of the operating system being used, the software being cached (NPM or Composer), PHP version (Composer only), and a hash of the relevant lock file.
The `cache` action also supports a `restore-keys` input, which is an ordered list of keys to use for restoring a cache if no cache hit occurred for the specified key.
However, this means that every time a lock file is updated, the cache is being recreated by first restoring a previous one (when available), and then installing new versions of dependencies on top of that. This results in old, unused versions of dependencies never being removed from the cache.
In this change, the `restore-keys` are removed. This will force a new, fresh cache to be generated when the desired `key` is not matched. In testing, this results in a ~40% reduction in cache size when compared to the latest successful workflow runs. Since there is no way to manually flush the cache in GHA, the benefits of this change will not be seen until the `package-lock.json` and `composer.lock` files are updated, or the cache at the desired key is evicted.
Props johbillion.
See #52660.
Built from https://develop.svn.wordpress.org/trunk@50436
git-svn-id: http://core.svn.wordpress.org/trunk@50047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In GitHub Actions, there is a `fail-fast` option that will cancel all incomplete jobs within a workflow as soon as one failure is encountered. This defaults to `true`.
This is great for alerting you of a failure faster, but does not give you the full picture of what is failing. For example, it’s possible that there is a failing test on 2 versions of PHP, but not others. If `fail-fast` is enabled, it’s impossible to know this.
Even with `fail-fast` disabled, the workflow will still report a failure if one or more jobs produce a failing result.
Props johbillion, jorbin.
Fixes#52612.
Built from https://develop.svn.wordpress.org/trunk@50435
git-svn-id: http://core.svn.wordpress.org/trunk@50046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Different branches have support for different types of testing based on the tooling that was in place at the time each version was branched. The workflows currently in place have patterns configured to match the relevant `branches` and `tags` for each workflow, but only for `push` events.
This copies the patterns for matching supported `branches` over to the `pull_request` event to prevent workflows from running for a pull request to a branch that does not support that workflow.
Fixes#52643.
Built from https://develop.svn.wordpress.org/trunk@50432
git-svn-id: http://core.svn.wordpress.org/trunk@50043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures a transparent logo remains visible while focused. Also cleans up dark mode CSS, consolidating styles and removing overrides that are no longer needed.
Follow up to [50154].
Props poena, sabernhardt, ryelle.
Fixes#52257.
Built from https://develop.svn.wordpress.org/trunk@50423
git-svn-id: http://core.svn.wordpress.org/trunk@50034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This includes many minor adjustments to a wide array of core files to replace shorthands with full declarations.
Follow-up to [50001], [50270], [50367].
Props Clorith, hellofromTonya, peterwilsoncc, adamsilverstein, aristath.
See #51812.
Built from https://develop.svn.wordpress.org/trunk@50420
git-svn-id: http://core.svn.wordpress.org/trunk@50031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a reference to `WP_Block_Type::__construct()` for information on accepted arguments in `register_block_type()`.
Synchronize the documentation between several places, use `WP_Block_Type::__construct()` as the canonical source.
Props ediamin, audrasjb, peterwilsoncc.
Fixes#48640.
Built from https://develop.svn.wordpress.org/trunk@50419
git-svn-id: http://core.svn.wordpress.org/trunk@50030 1a063a9b-81f0-0310-95a4-ce76da25c4cd