diff --git a/.gitignore b/.gitignore
index 2c6316984..c6af64db7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ unittests-secrets.ini
*.dia~
*.swp
phpunit.xml
+tests/manual/vipgoci-run.sh
+tests/manual/vipgoci-run-secrets*
diff --git a/README.md b/README.md
index c1d6f9e32..c36d9a031 100644
--- a/README.md
+++ b/README.md
@@ -15,14 +15,14 @@ Currently, a number of types of scanners are supported:
Here is an example of the scanning results provided by `vip-go-ci`:
-
+
`vip-go-ci` scans files differently depending on scan type:
* For PHP linting, it will loop through every modified file in the pull request (or, each file existing in the code-base), and post a generic pull request comment for any issues it finds with the PHP-code.
* With PHPCS scanning it will scan only the files affected by the pull request using PHPCS and post a GitHub review on the pull request.
* SVG scanning behaves similar to PHPCS scanning.
-* WPScan API scanning will loop through every added plugin or theme in a pull request, as well as any plugin or theme that is updated or has files removed, and check with the WPScan API if it is obsolete or vulnerable. A pull request comment is posted if that is the case.
+* WPScan API scanning will loop through every added plugin or theme in a pull request, as well as any plugin or theme that has files updated, and check with the WPScan API if it is obsolete or vulnerable. A pull request comment is posted if that is the case.
In addition to the above scanning, `vip-go-ci` can also automatically approve pull requests that fulfill a certain criteria:
@@ -36,7 +36,7 @@ A pull request with obsolete or vulnerable plugin or theme is not auto-approved.
Here is an example auto approval by `vip-go-ci`:
-
+
`vip-go-ci` will not re-approve a pull request already approved by itself, but it will remove previous approval by itself if the pull request does not fulfil the requirements for approval any longer.
@@ -58,10 +58,12 @@ If you have a feature request, please read the [file on contributing](CONTRIBUTI
### System requirements
-* `vip-go-ci` requires PHP 8.0 or later. PHP 8.1 is recommended.
- * The PHP-based utlities — PHPCS, SVG scanner and PHP Lint — can be run using different PHP versions than `vip-go-ci` itself. See individual sections below on this.
+* `vip-go-ci` requires PHP 8.0 or PHP 8.1. PHP 8.1 is recommended. PHP 8.2 is not yet supported.
+ * Required PHP add-ons include: `curl` and `xml`. Also, PCNTL should be enabled.
+ * The PHP-based utlities — PHPCS, SVG scanner and PHP Lint — can be run using different PHP versions than `vip-go-ci` itself. See individual sections below on this.
+ * These utilities have their own requirements.
* Linux is recommended as a platform for `vip-go-ci`.
-* git version 2.10 or later.
+* git version 2.30 or later.
* Working bash shell.
* Access to GitHub API and other APIs configured.
@@ -625,29 +627,6 @@ At this time, only certain messages are posted to IRC, all indicated by a specia
Using the `VIPGOCI_IRC_IGNORE_STRING_START` and `VIPGOCI_IRC_IGNORE_STRING_END` constants, it is possible to designate parts of strings that should not be logged to the IRC API. Simply place any string not to be logged to IRC between these two constants and it will be filtered away before submisssion. Multiple constants can be used in one log message.
-
-## Updating tools-init.sh with new versions
-
-`tools-init.sh` will install PHPCS and related tools in your home-directory upon execution. It will keep these tools up to date when run; it should be executed on regular basis to keep everything up to date.
-
-However, once a while `tools-init.sh` itself needs to be updated with new versions of these utilities. The file keeps two data entries for each utility: Version number and SHA1 hash. The version number refers to a release on GitHub, and the hash to the SHA1 hash of the release's `.tar.gz` archive on GitHub. The hash is used to make sure that the relevant utility has not changed since last updated in `tools-init.sh`.
-
-Versions and hashes can be determined in the following way. Releases of the `WordPress-Coding-Standards` utility, for instance, are hosted [here](https://github.com/WordPress/WordPress-Coding-Standards/releases). Once a version has been chosen, `tools-init.sh` can be updated in the following way:
-
-```
-export WP_CODING_STANDARDS_VER="2.1.1"
-```
-
-Then the hash has to be calculated. First, obtain a `.tar.gz` archive for the release from GitHub. The download URL for `WordPress-Coding-Standards` is: `https://github.com/WordPress/WordPress-Coding-Standards/archive/VERSION.tar.gz` -- simply replace `VERSION` with the version to be used. Then run the `sha1sum` UNIX utility against the downloaded file. Any other compatible tool can be used.
-
-For version 2.1.1 of `WordPress-Coding-Standards` the hash is added as follows:
-
-```
-export WP_CODING_STANDARDS_SHA1SUM="d35ec268531453cbf2078c57356e38c5f8936e87";
-```
-
-All utilities in `tools-init.sh` follow the same pattern.
-
## Exit codes
`vip-go-ci.php` exits with different UNIX exit codes depending on what problems were found and if any system issues were encountered:
@@ -655,88 +634,13 @@ All utilities in `tools-init.sh` follow the same pattern.
* Code `0`: Normal, no errors were found in the code scanned and no fatal system errors were encountered. There could have been warnings found in the code, though.
* Code `220`: Internal error in `vip-go-ci`.
* Code `230`: Commit specified is not associated with any pull request.
+* Code `247`: Fatal error when communicating with HTTP API.
+* Code `248`: Commit specified is not the latest one in pull request.
* Code `249`: Scanning exceeded maximum time allowed.
* Code `250`: Scanning was completed, but some errors were found in the code.
* Code `251`: Exiting due to a system problem.
* Code `252`: A fatal problem with GitHub was encountered leading to an exit.
* Code `253`: A problem with usage options was detected, leading to an exit.
-* Code `247`: Fatal error when communicating with HTTP API.
-* Code `248`: Commit specified is not the latest one in pull request.
-
-## Tests
-
-To run the tests for `vip-go-ci`, you will need to install `phpunit` and any dependencies needed (this would include `xdebug`).
-
-Note that the test suite uses the `@runTestsInSeparateProcesses` and `@preserveGlobalState` PHPUnit flags to avoid any influence of one test on another. Further, tests should include all required files in `setUp()` function to avoid the same function being defined multiple times across multiple tests during the same run. Combining the usage of `@runTestsInSeparateProcesses` and the inclusion of required files in `setUp()` means each test is independent of other tests, which enables functions to be defined for each test easily.
-
-### Setting up test suite
-
-To be able run the test suite, a few steps will need to be taken.
-
-1) run the following command:
-> mv phpunit.xml.dist phpunit.xml
-
-2) replace the string `PROJECT_DIR` in `phpunit.xml` with your local project directory.
-
-For example:
-> PROJECT_DIR/tests/integration
-will be:
-> ~/Projects/vip-go-ci/tests/integration
-
-3) This step is only needed if you intend to run the integration tests.
-
-Start with preparing the `unittests.ini` file:
-
-> cp unittests.ini.dist unittests.ini
-
-Alter any options in the file as needed to match the setup of your system. Note that in some cases, you may have to use different PHP versions for PHPCS or the SVG scanner, than `vip-go-ci` itself.
-
-#### Test suite secrets file
-
-Note that some tests will require a GitHub token to submit POST/PUT requests to GitHub in order to complete, and some will need access to a repo-meta API.
-
-To skip these tests, simply place an empty `unittests-secrets.ini` file in the root directory of `vip-go-ci` and skip the rest of this section.
-
-To enable the testing of these, you need to set up a `unittests-secrets.ini` file in the root directory of `vip-go-ci`. This file should include the following fields:
-
-```
-[git-secrets]
-github-token= ; Personal access token from GitHub
-team-slug= ; Team slug to test if present, is a string.
-org-name= ; GitHub organisation name to use in testing
-
-[repo-meta-api-secrets]
-repo-meta-api-base-url= ; URL to base of meta API
-repo-meta-api-user-id= ; User ID for the meta API
-repo-meta-api-access-token= ; Access token for the meta API
-repo-owner= ; Repository owner for the test, should be found in meta API
-repo-name= ; Repository name for the test
-support-level= ; Name of support level given by meta API (only used in tests)
-support-level-field-name= ; Support level field name in meta API (only used in tests)
-
-[wpscan-api-scan]
-access-token= ; Access token for WPScan API.
-```
-
-This file is not included, and needs to be configured manually.
-
-### Unit test suite
-
-The unit test suite can be run using the following command:
-
-> VIPGOCI_TESTING_DEBUG_MODE=true phpunit --testsuite=unit-tests
-
-By running this command, you will run the tests that do not depend on external calls.
-
-### Integration test suite
-
-The integration tests can be run using the following command:
-
-> VIPGOCI_TESTING_DEBUG_MODE=true phpunit --testsuite=integration-tests
-
-Integration tests will execute the scanning utilities — PHPCS, SVG scanner and PHP Lint — and so paths to these, and a PHP interpreter, need to be configured. See the `unittests.ini` file.
-
-By using this command, you will run the tests of the test-suite which can be run (depending on tokens and other detail), and get feedback on any errors or warnings. Note that when run, requests will be made to the GitHub API, but using anonymous calls (unless configured as shown above). It can happen that the GitHub API returns with an error indicating that the maximum limit of API requests has been reached; the solution is to wait and re-run or use authenticated calls (see above).
## Setting GitHub Build Status
@@ -796,4 +700,18 @@ Note that the utility supports setting options via [environmental variables](#co
Here is an example GitHub build status:
-
+
+
+## Testing
+
+Information on automated and manual testing of `vip-go-ci` can be found in [TESTING.md](TESTING.md).
+
+## Releasing new versions
+
+Documentation on what steps to follow when releasing a new version of `vip-go-ci` can be found in the [RELEASING.md](RELEASING.md) file.
+
+## Updating tools-init.sh with new versions
+
+For information on how to update `tools-init.sh`, see the [TOOLS-UPDATE.md](TOOLS-UPDATE.md) file.
+
+
diff --git a/RELEASING.md b/RELEASING.md
new file mode 100644
index 000000000..cbb1463c5
--- /dev/null
+++ b/RELEASING.md
@@ -0,0 +1,53 @@
+# Releasing a new version of vip-go-ci
+
+Releasing a new version of `vip-go-ci` entails a bit of preparation. Follow the steps in each section below to release a new version.
+
+## Creating a new version of vip-go-ci
+
+A few steps need to be completed to define a new version of `vip-go-ci` and have everything ready for a new release:
+
+ * Select a version number. Version numbers follow this pattern: `X.Y.Z`.
+ * Commit the new version number to [defines.php](defines.php) into a branch named `add-changelog-X-Y-Z` where `X`, `Y` and `Z` form the version number.
+ * Open up a [new pull request](https://github.com/Automattic/vip-go-ci/compare) in the code repository. This pull request should be used to update the version number in `defines.php` and to append to the [changelog](CHANGELOG.md).
+ * Use the TODO list template that is automatically provided in the pull request (defined [here](https://github.com/Automattic/vip-go-ci/blob/trunk/.github/PULL_REQUEST_TEMPLATE)). Use the section of the template intended for use as a changelog pull request. An example pull request can be found [here](https://github.com/Automattic/vip-go-ci/pull/312/).
+ * Assign a milestone to the newly created pull request that matches the version number selected.
+ * Use the new pull request to add items to the [CHANGELOG.md](https://github.com/Automattic/vip-go-ci/blob/trunk/CHANGELOG.md) file.
+ * Avoid altering any functionality in this pull request.
+ * Assign the newly formed milestone to any pull requests intended to be part of the release.
+
+## Testing the new version
+
+Follow these steps to test the new version before a release:
+
+ * Ensure all pull requests that update the code have been merged. Do _not_ merge the changelog/version number pull request yet.
+ * Ensure that all TODO items in the pull request created for changelog and version number have been completed.
+ * Running tests
+ * Some of the TODO items involve running the individual test suites included. The test suites should be run against the main branch of the repository when all pull requests have been merged (except for the changelog version/number pull request). See more about automated testing in the [TESTING.md document](TESTING.md#automated-testing).
+ * Another item entails manually testing `vip-go-ci` against common code patterns. Again refer to the [TESTING.md document](TESTING.md#manual-testing).
+ * If any problems are found in the steps above, fix those before continuing.
+ * When all pull requests with new or modified code have been merged, ensure that the pull request that modifies the version number and changelog is merged. Ensure all tests pass when this pull request has been merged.
+
+By now, everything is ready for the release itself.
+
+## Actually releasing a new version
+
+Follow these steps to release a new version of `vip-go-ci`:
+
+ * Ensure it is not Friday. A new version of `vip-go-ci` should not be released just before the weekend.
+ * Ensure that the versioning and testing stages above have been completed.
+ * Ensure final testing is complete.
+ * Visit the [releases section of the vip-go-ci repository](https://github.com/Automattic/vip-go-ci/releases).
+ * Press _Draft a new release_, enter a version number in the _Tag version_ field and ensure that the _Release title_ field contains the same value. Then press _Publish release_.
+ * Update the [latest tag](https://github.com/Automattic/vip-go-ci/releases/tag/latest) so that it's commit-ID matches the one of the latest released version. This tag is used by [tools-init.sh](https://github.com/Automattic/vip-go-ci/blob/trunk/tools-init.sh) (more information available in [TOOLS-UPDATE.md](TOOLS-UPDATE.md)). Replace the latest tag by using the git command line: `git checkout trunk && git pull && git tag -d latest && git tag latest X.Y.Z && git push --force origin latest`. Then ensure that the latest tag refers to the same commit-ID as the release itself, [here](https://github.com/Automattic/vip-go-ci/tags).
+ * The new version will be automatically deployed by the `tools-init.sh` script where it is used.
+ * _VIP: Ensure internal steps are followed for this section._
+
+_VIP: When new release is published, ensure to follow all internal post-release steps._
+
+## Rolling back a release
+
+In some cases, it may be necessary to roll back a release. Follow this list to do so:
+
+ * Simply issue a _new release_ that points to an older commit-ID which an older, stable release is based on.
+ * For example, if problems are found in the (imaginary) `2.0.7` version, we would release version `2.0.8` which would point to `490c36892a0309988386e6c8d3fbbdb05bcf0244` (which would also be tagged as `2.0.6`). In the end, two releases would point to the same commit-ID, and hence would be identical.
+ * Removing the latest release on GitHub will _not_ ensure a revert to an older version automatically; a new version should be released.
diff --git a/TESTING.md b/TESTING.md
new file mode 100644
index 000000000..db749d1f0
--- /dev/null
+++ b/TESTING.md
@@ -0,0 +1,149 @@
+# Tests
+
+## Introduction
+
+`vip-go-ci` relies on both manual and automated testing. Much of the functionality `vip-go-ci` provides is automatically tested using it's extensive unit and integration test suites. _Most_ of the tests in the test suites are run automatically when code is committed and pushed to the repository, though _some_ integration tests need to be run manually (due to secrets, see below). The manual testing that should be performed is functional, testing the final behaviour of the software.
+
+## Automated testing
+
+### Setting up test suites
+
+First ensure that you have `phpunit` installed along with any add-ons needed, for example `xdebug`. Other requirements are listed in [README.md](README.md#system-requirements).
+
+Then follow these steps to run the test suites:
+
+1) Put the PHPUnit configuration file in place:
+
+> mv phpunit.xml.dist phpunit.xml
+
+2) Replace the string `PROJECT_DIR` in `phpunit.xml` with your local project directory.
+
+For example:
+
+> <directory>PROJECT_DIR/tests/integration</directory>
+
+will be:
+
+> <directory>~/Projects/vip-go-ci/tests/integration</directory>
+
+3) Copy configuration file for tests and update the file as needed. Note that this step is only needed if you intend to run the integration tests.
+
+> cp unittests.ini.dist unittests.ini
+
+Alter any options in the file as needed to match the setup of your system. Note that in some cases, you may have to use different PHP versions for PHPCS or the SVG scanner than `vip-go-ci` itself.
+
+#### Test suite secrets file
+
+Some tests will require a GitHub token to submit POST/PUT requests to the GitHub API, some will need access to a repo-meta API and some access to the WPScan API.
+
+To skip these tests, simply place an empty `unittests-secrets.ini` file in the root directory of `vip-go-ci` and skip the rest of this section.
+
+To enable the testing of these, you need to set up a `unittests-secrets.ini` file in the root directory of `vip-go-ci`. This file should include the following fields:
+
+```
+[git-secrets]
+github-token= ; Personal access token from GitHub
+team-slug= ; Team slug to test if present, is a string.
+org-name= ; GitHub organisation name to use in testing
+
+[repo-meta-api-secrets]
+repo-meta-api-base-url= ; URL to base of meta API
+repo-meta-api-user-id= ; User ID for the meta API
+repo-meta-api-access-token= ; Access token for the meta API
+repo-owner= ; Repository owner for the test, should be found in meta API
+repo-name= ; Repository name for the test
+support-level= ; Name of support level given by meta API (only used in tests)
+support-level-field-name= ; Support level field name in meta API (only used in tests)
+
+[wpscan-api-scan]
+access-token= ; Access token for WPScan API.
+```
+
+This file is not included, and needs to be configured manually.
+
+### Unit test suite
+
+The unit test suite can be run using the following command:
+
+> VIPGOCI_TESTING_DEBUG_MODE=true phpunit --testsuite=unit-tests
+
+By running this command, you will run the tests that do not depend on external calls.
+
+### Integration test suite
+
+The integration tests can be run using the following command:
+
+> VIPGOCI_TESTING_DEBUG_MODE=true phpunit --testsuite=integration-tests
+
+Integration tests will execute the scanning utilities — PHPCS, SVG scanner and PHP Lint — and so paths to these, and a PHP interpreter, need to be configured. See the `unittests.ini` file.
+
+By using this command, you will run the tests of the test-suite which can be run (depending on tokens and other detail), and get feedback on any errors or warnings. Note that when run, requests will be made to the GitHub API using anonymous calls (unless configured to use an access-token as shown above). It can happen that the GitHub API returns with an error indicating that the maximum limit of API requests has been reached; the solution is to wait and re-run or switch to authenticted calls.
+
+### Details on tests
+
+Note that the test suite uses the `@runTestsInSeparateProcesses` and `@preserveGlobalState` PHPUnit flags to avoid any influence of one test on another. Further, tests should include all required files in `setUp()` function to avoid the same function being defined multiple times across multiple tests during the same run. Combining the usage of `@runTestsInSeparateProcesses` and the inclusion of required files in `setUp()` means each test is independent of other tests, which enables functions to be defined for each test easily and avoids leakage between tests.
+
+## Manual testing
+
+### Introduction
+
+Manual testing is still required to ensure the final behavior of `vip-go-ci` is correct. This entails, for example, ensuring that PHPCS-issues are noted for pull requests that should have them due to problematic PHP code embedded in those pull requests. We aim to eliminate the need for manual testing by automating them.
+
+### Setting up
+
+Begin by forking [this repository](https://github.com/gudmdharalds-a8c/vip-go-ci-manual-testing). Use the forked repository to run the manual tests.
+
+Navigate into the [tests/manual](tests/manual) directory on the command line. Then follow these steps:
+
+1) Move the main script file:
+
+> mv vipgoci-run.sh.dist vipgoci-run.sh
+
+2) Add the following to a file named `vipgoci-run-secrets.sh`:
+
+```
+#!/bin/bash
+
+# Repo settings.
+export REPO_ORG=""
+export REPO_NAME=""
+
+# Access token for GitHub.
+export VIPGOCI_GITHUB_TOKEN=""
+
+# WPScan API.
+export VIPGOCI_WPSCAN_API_TOKEN=""
+
+# IRC config.
+export VIPGOCI_IRC_API_BOT=""
+export VIPGOCI_IRC_API_ROOM=""
+export VIPGOCI_IRC_API_TOKEN=""
+export VIPGOCI_IRC_API_URL=""
+
+# Pixel API.
+export VIPGOCI_PIXEL_API_GROUPPREFIX=""
+export VIPGOCI_PIXEL_API_URL=""
+
+# Generic support comments.
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_BRANCHES=""
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_ON_DRAFTS=""
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_REPO_META_MATCH=""
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_SKIP_IF_LABEL_EXISTS=""
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_STRING=''
+
+# Repo meta API.
+export VIPGOCI_REPO_META_API_ACCESS_TOKEN=""
+export VIPGOCI_REPO_META_API_BASE_URL=""
+export VIPGOCI_REPO_META_API_USER_ID=""
+
+# Reviews.
+export DISMISSED_REVIEWS_EXCLUDE_REVIEWS_FROM_TEAM=""
+```
+
+Ensure to populate the relevant fields with your own values.
+
+3) Create the pull requests needed in the forked repository on GitHub. Re-create the same pull requests as found [here](https://github.com/gudmdharalds-a8c/vip-go-ci-manual-testing/pulls), refering to the same branch names.
+
+### Running tests
+
+Run each test, identified by branch, found in `vipgoci-run.sh`. Ensure that the reviews, comments and labels generated are correct.
diff --git a/TOOLS-UPDATE.md b/TOOLS-UPDATE.md
new file mode 100644
index 000000000..b3de5c0f9
--- /dev/null
+++ b/TOOLS-UPDATE.md
@@ -0,0 +1,22 @@
+# Updating tools-init.sh with new versions
+
+[tools-init.sh](tools-init.sh) will install `vip-go-ci`, PHPCS and related tools in your home-directory upon execution. If the tools are already installed, it will update them as needed; it should be executed on regular basis to keep everything up to date. See [installation section](README.md#installing).
+
+However, once a while `tools-init.sh` itself needs to be updated with new versions of these utilities. The file keeps three data entries for each utility that are important in this context: Repository owner and name for the utility, version number, and SHA1 hash. The repository owner and name refers to the GitHub repository where the utility is hosted, the version number refers to a release number on GitHub, and the hash to the SHA1 hash of the release's `.tar.gz` archive on GitHub. The hash is used to make sure that the relevant utility has not changed since last updated in `tools-init.sh`.
+
+Only version number and SHA1 hash need updating for a new release of a utility. These can be determined in the following way. Releases of the `WordPress-Coding-Standards` utility, for instance, are hosted [here](https://github.com/WordPress/WordPress-Coding-Standards/releases). Once a version has been chosen, `tools-init.sh` can be updated in the following way:
+
+```
+export WP_CODING_STANDARDS_VER="2.1.1"
+```
+
+Then the hash has to be calculated. First, obtain a `.tar.gz` archive for the release from GitHub. The download URL for `WordPress-Coding-Standards` is: `https://github.com/WordPress/WordPress-Coding-Standards/archive/VERSION.tar.gz` — simply replace `VERSION` with the version to be used. Then run the `sha1sum` UNIX utility against the downloaded file. Any other compatible tool can be used.
+
+For version `2.1.1` of `WordPress-Coding-Standards` the hash should be specified as follows:
+
+```
+export WP_CODING_STANDARDS_SHA1SUM="d35ec268531453cbf2078c57356e38c5f8936e87";
+```
+
+All utilities in `tools-init.sh` follow the same pattern. Utility updates in the file should be committed to the repository via pull requests.
+
diff --git a/docs/vipgoci-auto-approvals-approved.png b/docs-images/vipgoci-auto-approvals-approved.png
similarity index 100%
rename from docs/vipgoci-auto-approvals-approved.png
rename to docs-images/vipgoci-auto-approvals-approved.png
diff --git a/docs/vipgoci-github-build-status-success.png b/docs-images/vipgoci-github-build-status-success.png
similarity index 100%
rename from docs/vipgoci-github-build-status-success.png
rename to docs-images/vipgoci-github-build-status-success.png
diff --git a/docs/vipgoci-scanning-feedback.png b/docs-images/vipgoci-scanning-feedback.png
similarity index 100%
rename from docs/vipgoci-scanning-feedback.png
rename to docs-images/vipgoci-scanning-feedback.png
diff --git a/tests/manual/vipgoci-run.sh.dist b/tests/manual/vipgoci-run.sh.dist
new file mode 100755
index 000000000..2593e9cda
--- /dev/null
+++ b/tests/manual/vipgoci-run.sh.dist
@@ -0,0 +1,262 @@
+#!/bin/bash
+
+#
+# Branches and commit-IDs to scan. Pull requests to scan should
+# match those.
+#
+# Find main configuration below.
+#
+
+# PR with some PHPCS issues and PHP linting problem.
+export REPO_BRANCH="phpcs-and-linting-issues"
+export REPO_COMMIT_ID="3e8d5b9c2566ef285cb5d85e5c71cf82f40f9afa"
+
+# PR with more PHPCS issues, one large file (not skipped).
+#export REPO_BRANCH="phpcs-issues"
+#export REPO_COMMIT_ID="590d5c3daff17135af352cc9f3db024ac15d601a"
+
+# PR with some PHPCS issues, is from forked repo.
+# Note: This may need adjusting as this refers to external repository
+#export REPO_BRANCH="ext-branch-with-phpcs-issues"
+#export REPO_COMMIT_ID="9e90666a805ae8f364d662051d56d5a616338e9c"
+
+# PR with SVG issues.
+#export REPO_BRANCH="svg-issues"
+#export REPO_COMMIT_ID="44703e9d29e742a9b048e9ae2ad8e05c2fcc9d8d"
+
+# PR is auto approvable due to SVG file change only.
+#export REPO_BRANCH="auto-approvable-svg-file"
+#export REPO_COMMIT_ID="dfc0b80c44d20a1a29a4cee57094915483b6e1e8"
+
+# PR with no issues at all.
+#export REPO_BRANCH="no-issues"
+#export REPO_COMMIT_ID="250cc71a91daf0ed381817b935ed2dc2758d431c"
+
+# PR is not auto approvable.
+#export REPO_BRANCH="not-auto-approvable"
+#export REPO_COMMIT_ID="8509196e6b9dd1b020d456c2a6a6110bbe3b7320"
+
+# PR is auto approvable due to consisting of updates to approved file types only.
+#export REPO_BRANCH="auto-approvable-file-types"
+#export REPO_COMMIT_ID="facd284118a04aa25cc65ac79769618732317250"
+
+# PR is auto approvable due to non-functional changes.
+#export REPO_BRANCH="auto-approvable-non-functional-changes"
+#export REPO_COMMIT_ID="2d317b31f3f7c397ae4a7c7820d318e7a41cd19d"
+
+# PR updates a large file.
+#export REPO_BRANCH="too-large-file-and-phpcs-issues"
+#export REPO_COMMIT_ID="e4c5a36ecfbdad1138f8f8d1d5138cc4c7557bab"
+
+# PR updates a large file and autoapprovable file.
+#export REPO_BRANCH="too-large-file-and-non-auto-approvable-file"
+#export REPO_COMMIT_ID="9870438ab11b45d3bc83fe766afa20926e4f8e43"
+
+# PR includes a .vipgoci_options file.
+#export REPO_BRANCH="vipgoci-options-file-test"
+#export REPO_COMMIT_ID="9de88e331bbc8872879f2e80f6ccff71f054ebac"
+
+# PR with some WordPress plugins added to be scanned via WPScan API.
+#export REPO_BRANCH="wpscan-api-testing1"
+#export REPO_COMMIT_ID="afa7cf7df5cb941a8b170c42f50cd56300b4fc8d"
+
+# PR with some WordPress plugins altered to be scanned via WPScan API.
+#export REPO_BRANCH="wpscan-api-testing2"
+#export REPO_COMMIT_ID="f1e3eb6764066f333758c0cf3ac6d9c87af99316"
+
+# PR with some WordPress plugin removed.
+#export REPO_BRANCH="wpscan-api-testing3"
+#export REPO_COMMIT_ID="083bfb778bf6f0909eb4c6469d2683316ed99437"
+
+# PR with some WordPress plugin removed.
+#export REPO_BRANCH="wpscan-api-testing4"
+#export REPO_COMMIT_ID="a83ef4f813fa99d6a1595b35485f65c3773b07cb"
+
+# PR with some WordPress plugins altered to be scanned via WPScan API.
+#export REPO_BRANCH="wpscan-api-testing5"
+#export REPO_COMMIT_ID="85f6858f6bbb7b845fd7bc3060a5b7559e4db795"
+
+# PR with WordPress plugin added to theme directory (theme should not be scanned).
+#export REPO_BRANCH="wpscan-api-testing6"
+#export REPO_COMMIT_ID="b781799f8c6f789280672ce2dd63390c309fc25a"
+
+# Include information from custom config file
+CURRENT_DIR=`dirname -- "$0"`
+. "$CURRENT_DIR/vipgoci-run-secrets.sh"
+
+#
+# Main configuration parameters (except for custom).
+#
+
+# Output settings
+export VIPGOCI_OUTPUT="/tmp/output.txt"
+
+# PHP binary to run vip-go-ci itself
+export VIPGOCI_EXEC_PHP_PATH="/usr/bin/php8.1"
+
+# Linting
+export VIPGOCI_LINT_ENABLED="true"
+export VIPGOCI_LINT_PHP_PATH="/usr/bin/php8.1"
+export VIPGOCI_LINT_SKIP_FOLDERS_IN_REPO_OPTIONS_FILE="true"
+export VIPGOCI_LINT_SKIP_FOLDERS="skip-folder-testlint"
+export VIPGOCI_LINT_PHP_VERSIONS="7.4,8.1"
+export VIPGOCI_LINT_PHP_VERSION_PATHS="7.4:/usr/bin/php7.4,8.1:/usr/bin/php8.1"
+
+# PHPCS
+export PHPCS_ENABLED="true"
+export VIPGOCI_PHPCS_PHP_PATH="/usr/bin/php7.4"
+export VIPGOCI_PHPCS_PATH="$HOME/vip-go-ci-tools/phpcs/bin/phpcs"
+export VIPGOCI_PHPCS_STANDARD="WordPress-VIP-Go,PHPCompatibilityWP,WordPress"
+export VIPGOCI_PHPCS_STANDARDS_IGNORE="PHPCSUtils"
+export VIPGOCI_PHPCS_SEVERITY="1"
+export VIPGOCI_PHPCS_RUNTIME_SET="testVersion 7.4-"
+export VIPGOCI_PHPCS_SKIP_FOLDERS_IN_REPO_OPTIONS_FILE="true"
+export VIPGOCI_PHPCS_SKIP_SCANNING_VIA_LABELS_ALLOWED="true"
+export VIPGOCI_PHPCS_SNIFFS_EXCLUDE="Generic.PHP.Syntax,Generic.Commenting.DocComment,WordPress.Files.FileName,Squiz.Strings.DoubleQuoteUsage,Squiz.Commenting.FileComment,Squiz.Commenting.BlockComment,Squiz.Commenting.FileComment,PEAR.Functions.FunctionCallSignature"
+export VIPGOCI_PHPCS_SNIFFS_INCLUDE=""
+export VIPGOCI_PHPCS_SKIP_FOLDERS=""
+
+# WPScan API
+export VIPGOCI_WPSCAN_API="true"
+export VIPGOCI_WPSCAN_API_PATHS="plugins"
+export VIPGOCI_WPSCAN_API_REPORT_END_MSG=""
+
+# SVG config
+export VIPGOCI_SVG_CHECKS="true"
+export VIPGOCI_SVG_PHP_PATH="/usr/bin/php8.1"
+export VIPGOCI_SVG_SCANNER_PATH="$HOME/vip-go-ci-tools/vip-go-svg-sanitizer/svg-scanner.php"
+
+# Autoapproval
+export VIPGOCI_AUTOAPPROVE_ENABLED="true"
+export VIPGOCI_AUTOAPPROVE_PHP_NONFUNCTIONAL_CHANGES="true"
+export VIPGOCI_AUTOAPPROVE_FILETYPES="css,txt,json"
+export VIPGOCI_AUTOAPPROVE_LABEL="[ Status ] Auto approved"
+
+# Generic support comments
+export VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS="true"
+
+# Reviews
+export VIPGOCI_SCAN_DETAILS_MSG_INCLUDE="true"
+export VIPGOCI_REPORT_NO_ISSUES_FOUND="true"
+export VIPGOCI_REVIEW_COMMENTS_IGNORE="File appears to be minified and cannot be processed|||All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'time2'"
+export VIPGOCI_REVIEW_COMMENTS_INCLUDE_SEVERITY="true"
+export VIPGOCI_REVIEW_COMMENTS_SORT="true"
+export VIPGOCI_REVIEW_COMMENTS_MAX="18"
+export VIPGOCI_REVIEW_COMMENTS_TOTAL_MAX="100"
+
+export DISMISS_STALE_REVIEWS="true"
+export DISMISSED_REVIEWS_REPOST_COMMENTS="true"
+
+# Which repo options are allowed?
+export VIPGOCI_REPO_OPTIONS="true"
+export VIPGOCI_REPO_OPTIONS_ALLOWED="skip-execution,skip-draft-prs,phpcs,phpcs-severity,phpcs-sniffs-include,phpcs-sniffs-exclude,review-comments-sort,review-comments-include-severity,post-generic-pr-support-comments,review-comments-sort,svg-checks,autoapprove,autoapprove-php-nonfunctional-changes"
+
+# Misc
+export VIPGOCI_MAX_EXEC_TIME="600"
+export VIPGOCI_DEBUG_LEVEL=2
+export VIPGOCI_NAME_TO_USE="vip-go-ci"
+export VIPGOCI_INFORMATIONAL_MSG="vip-go-ci"
+
+# Paths to git repository
+export GIT_REPO_BASE_PATH="/tmp"
+export GIT_REPO_PATH="$GIT_REPO_BASE_PATH/$REPO_NAME"
+
+# Build status notification
+export VIPGOCI_BUILD_CONTEXT="vip-go-ci"
+
+export VIPGOCI_BUILD_DESCRIPTION_PENDING="In progress"
+export VIPGOCI_BUILD_DESCRIPTION_SUCCESS="No significant issues found"
+export VIPGOCI_BUILD_DESCRIPTION_INTERNAL_ERROR="Internal error"
+export VIPGOCI_BUILD_DESCRIPTION_NOT_PART_OF_PR="Pull request not found for commit"
+export VIPGOCI_BUILD_DESCRIPTION_HTTP_API_FATAL_ERROR="Fatal error when communicating with HTTP API"
+export VIPGOCI_BUILD_DESCRIPTION_COMMIT_NOT_LATEST_IN_PR="Commit not latest in PR"
+export VIPGOCI_BUILD_DESCRIPTION_EXEC_TIME="Build timed out, PR may be too large"
+export VIPGOCI_BUILD_DESCRIPTION_CODE_ISSUES="Problems were identified"
+export VIPGOCI_BUILD_DESCRIPTION_SYSTEM_PROBLEM="Build setup problem, please contact VIP"
+export VIPGOCI_BUILD_DESCRIPTION_GITHUB_PROBLEM="GitHub communication error. Please retry"
+export VIPGOCI_BUILD_DESCRIPTION_USAGE_ERROR="vip-go-ci usage error, please contact VIP"
+export VIPGOCI_BUILD_DESCRIPTION_UNKNOWN_ERROR="Unknown error, please contact VIP"
+
+#
+# Check out git repository, or update
+#
+
+if [ ! -d "$GIT_REPO_PATH" ] ; then
+ git -C "$GIT_REPO_BASE_PATH" clone "https://github.com/$REPO_ORG/$REPO_NAME.git"
+
+ # Fetch external branch from another repository
+ git -C "$GIT_REPO_PATH" fetch "https://github.com/gudmdharalds/vip-go-ci-manual-testing.git" ext-branch-with-phpcs-issues-original:ext-branch-with-phpcs-issues
+else
+ git -C "$GIT_REPO_PATH" pull
+fi
+
+#
+# Checkout correct branch
+#
+
+pushd $GIT_REPO_PATH && \
+git checkout $REPO_BRANCH && \
+git pull && \
+popd
+
+#
+# Set GitHub build status indication
+#
+
+if [ "$VIPGOCI_BUILD_CONTEXT" != "" ] ; then
+ $VIPGOCI_EXEC_PHP_PATH ~/vip-go-ci-tools/vip-go-ci/github-commit-status.php --env-options="repo-name=REPO_NAME,repo-owner=REPO_ORG,github-token=VIPGOCI_GITHUB_TOKEN,github-commit=REPO_COMMIT_ID,build-context=VIPGOCI_BUILD_CONTEXT,build-description=VIPGOCI_BUILD_DESCRIPTION_PENDING" --build-state="pending"
+ echo ""
+fi
+
+#
+# Actually run vip-go-ci
+#
+$VIPGOCI_EXEC_PHP_PATH ~/vip-go-ci-tools/vip-go-ci/vip-go-ci.php --env-options="max-exec-time=VIPGOCI_MAX_EXEC_TIME,repo-name=REPO_NAME,repo-owner=REPO_ORG,token=VIPGOCI_GITHUB_TOKEN,commit=REPO_COMMIT_ID,output=VIPGOCI_OUTPUT,repo-options=VIPGOCI_REPO_OPTIONS,repo-options-allowed=VIPGOCI_REPO_OPTIONS_ALLOWED,lint=VIPGOCI_LINT_ENABLED,lint-php-versions=VIPGOCI_LINT_PHP_VERSIONS,lint-php-version-paths=VIPGOCI_LINT_PHP_VERSION_PATHS,lint-skip-folders=VIPGOCI_LINT_SKIP_FOLDERS,lint-skip-folders-in-repo-options-file=VIPGOCI_LINT_SKIP_FOLDERS_IN_REPO_OPTIONS_FILE,phpcs=PHPCS_ENABLED,phpcs-php-path=VIPGOCI_PHPCS_PHP_PATH,phpcs-path=VIPGOCI_PHPCS_PATH,phpcs-standard=VIPGOCI_PHPCS_STANDARD,phpcs-standards-to-ignore=VIPGOCI_PHPCS_STANDARDS_IGNORE,phpcs-severity=VIPGOCI_PHPCS_SEVERITY,phpcs-runtime-set=VIPGOCI_PHPCS_RUNTIME_SET,phpcs-skip-folders=VIPGOCI_PHPCS_SKIP_FOLDERS,phpcs-skip-folders-in-repo-options-file=VIPGOCI_PHPCS_SKIP_FOLDERS_IN_REPO_OPTIONS_FILE,phpcs-skip-scanning-via-labels-allowed=VIPGOCI_PHPCS_SKIP_SCANNING_VIA_LABELS_ALLOWED,phpcs-sniffs-exclude=VIPGOCI_PHPCS_SNIFFS_EXCLUDE,phpcs-sniffs-include=VIPGOCI_PHPCS_SNIFFS_INCLUDE,wpscan-api=VIPGOCI_WPSCAN_API,wpscan-api-paths=VIPGOCI_WPSCAN_API_PATHS,wpscan-api-token=VIPGOCI_WPSCAN_API_TOKEN,wpscan-api-report-end-msg=VIPGOCI_WPSCAN_API_REPORT_END_MSG,svg-checks=VIPGOCI_SVG_CHECKS,svg-php-path=VIPGOCI_SVG_PHP_PATH,svg-scanner-path=VIPGOCI_SVG_SCANNER_PATH,autoapprove=VIPGOCI_AUTOAPPROVE_ENABLED,autoapprove-filetypes=VIPGOCI_AUTOAPPROVE_FILETYPES,autoapprove-label=VIPGOCI_AUTOAPPROVE_LABEL,autoapprove-php-nonfunctional-changes=VIPGOCI_AUTOAPPROVE_PHP_NONFUNCTIONAL_CHANGES,irc-api-token=VIPGOCI_IRC_API_TOKEN,irc-api-url=VIPGOCI_IRC_API_URL,irc-api-bot=VIPGOCI_IRC_API_BOT,irc-api-room=VIPGOCI_IRC_API_ROOM,pixel-api-url=VIPGOCI_PIXEL_API_URL,pixel-api-groupprefix=VIPGOCI_PIXEL_API_GROUPPREFIX,post-generic-pr-support-comments=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS,post-generic-pr-support-comments-string=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_STRING,post-generic-pr-support-comments-repo-meta-match=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_REPO_META_MATCH,post-generic-pr-support-comments-branches=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_BRANCHES,post-generic-pr-support-comments-on-drafts=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_ON_DRAFTS,post-generic-pr-support-comments-skip-if-label-exists=VIPGOCI_POST_GENERIC_PR_SUPPORT_COMMENTS_SKIP_IF_LABEL_EXISTS,repo-meta-api-base-url=VIPGOCI_REPO_META_API_BASE_URL,repo-meta-api-user-id=VIPGOCI_REPO_META_API_USER_ID,repo-meta-api-access-token=VIPGOCI_REPO_META_API_ACCESS_TOKEN,scan-details-msg-include=VIPGOCI_SCAN_DETAILS_MSG_INCLUDE,report-no-issues-found=VIPGOCI_REPORT_NO_ISSUES_FOUND,review-comments-ignore=VIPGOCI_REVIEW_COMMENTS_IGNORE,review-comments-include-severity=VIPGOCI_REVIEW_COMMENTS_INCLUDE_SEVERITY,review-comments-sort=VIPGOCI_REVIEW_COMMENTS_SORT,review-comments-max=VIPGOCI_REVIEW_COMMENTS_MAX,review-comments-total-max=VIPGOCI_REVIEW_COMMENTS_TOTAL_MAX,dismiss-stale-reviews=DISMISS_STALE_REVIEWS,dismissed-reviews-repost-comments=DISMISSED_REVIEWS_REPOST_COMMENTS,dismissed-reviews-exclude-reviews-from-team=DISMISSED_REVIEWS_EXCLUDE_REVIEWS_FROM_TEAM,informational-msg=VIPGOCI_INFORMATIONAL_MSG,debug-level=VIPGOCI_DEBUG_LEVEL,name-to-use=VIPGOCI_NAME_TO_USE" --local-git-repo="$GIT_REPO_PATH" --enforce-https-urls=false --wpscan-api-dry-mode=false
+
+#
+# Set GitHub build status after run
+#
+
+export VIPGOCI_EXIT_CODE="$?"
+
+if [ "$VIPGOCI_EXIT_CODE" == "0" ] ; then
+ export BUILD_STATE="success"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_SUCCESS"
+elif [ "$VIPGOCI_EXIT_CODE" == "220" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_INTERNAL_ERROR"
+elif [ "$VIPGOCI_EXIT_CODE" == "230" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_NOT_PART_OF_PR"
+elif [ "$VIPGOCI_EXIT_CODE" == "247" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_HTTP_API_FATAL_ERROR"
+elif [ "$VIPGOCI_EXIT_CODE" == "248" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_COMMIT_NOT_LATEST_IN_PR"
+elif [ "$VIPGOCI_EXIT_CODE" == "249" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_EXEC_TIME"
+elif [ "$VIPGOCI_EXIT_CODE" == "250" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_CODE_ISSUES"
+elif [ "$VIPGOCI_EXIT_CODE" == "251" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_SYSTEM_PROBLEM"
+elif [ "$VIPGOCI_EXIT_CODE" == "252" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_GITHUB_PROBLEM"
+elif [ "$VIPGOCI_EXIT_CODE" == "253" ] ; then
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_USAGE_ERROR"
+else
+ export BUILD_STATE="failure"
+ export BUILD_DESCRIPTION="$VIPGOCI_BUILD_DESCRIPTION_UNKNOWN_ERROR"
+fi
+
+if [ "$VIPGOCI_BUILD_CONTEXT" != "" ] ; then
+ $VIPGOCI_EXEC_PHP_PATH ~/vip-go-ci-tools/vip-go-ci/github-commit-status.php --env-options="repo-name=REPO_NAME,repo-owner=REPO_ORG,github-token=VIPGOCI_GITHUB_TOKEN,github-commit=REPO_COMMIT_ID,build-context=VIPGOCI_BUILD_CONTEXT,build-description=BUILD_DESCRIPTION,build-state=BUILD_STATE"
+ echo ""
+fi
+
+exit $VIPGOCI_EXIT_CODE