WordPress / plugin-check

A repository for the new Plugin Check plugin from the WordPress Performance and Plugins Team.
https://wordpress.org/plugins/plugin-check/
GNU General Public License v2.0
265 stars 54 forks source link

Feature, add support for .distignore #692

Open angelomandato opened 1 month ago

angelomandato commented 1 month ago

I would like to add support for GitHub's .distignore, if the file is found then those files in this file are ignored for the _hiddenfiles check. I can gladly create a pull request but before I do I wanted to seek support from the rest of the committers.

There are 2 approaches, use a define that would be placed in the wp-config.php or make it a checkbox option before every scan.

Note: The plugin's current behavior should not use the .distignore I am proposing above by default, but only use it if a define or check option is set. I am suggesting this as an option for developers who develop locally that are aware their distribution used on the WordPress plugin SVN will not have these dot hidden files.

Define option to enable this option:

define('WP_PLUGIN_CHECK_USE_DISTIGNORE', true);

This way the current behavior remains, but for developers who setup a dev environment using this plugin who know that their releases will not have the hidden files can add the define to their wp-config.php.

Checkbox option to enable this option: The other approach is to add this as a checkbox option before performing a scan. This is equally acceptable, but if an option like this is too easy the developer may not understand the consequences if those hidden files end up in the distributed plugin. Maybe the option could be on the screen but hidden under a separate section that is titled "Advanced Options" and is only exposed when they click on a "show advanced options" button.

Thanks everyone for an awesome plugin!

swissspidy commented 1 month ago

Thanks for opening this request.

At first glance this enhancement doesn‘t strike me as a good fit for including in Plugin Check.

First, distignore may be common in WordPress but it‘s by no means a standard. Second, if we‘d do that it would give you a false impression that everything is fine. But if you forgot to actually use the distignore in your final ZIP file then you won‘t be warned about it. Finally, you shouldn‘t be running PCP on development files but on the production build you would also submit to dotorg. If you use the GitHub Action, you can easily build the plugin first and then point it to that build. To achieve what you want locally with a development build, simply disable this check using the CLI flags and PHP filters provided.

angelomandato commented 1 month ago

Thanks for feedback. As I mentioned this would be an option that if you go the define route on purpose would require some effort to enable it in a specific environment for the same reason you stated, not to give a false impression.

I am running the check in my dev environment, currently the plugin picks up all of the hidden files. You are correct if you put this in your CI/CD after the build process then yes the hidden files should not be there, in that case no define would be set.

I will check out the PHP filters. That may be all I need to do is add a few lines to the wp-config.php, this may just evolve into a blog post how-to!

xwolfde commented 1 month ago

How about adding an option to the settings which turns off this tests for dot-files (but warns, that the check was turned off in the report)?

ernilambar commented 3 weeks ago

For the quick fix, you can exclude specific check like this:

wp plugin check plugin-slug --exclude-checks=file_type