WPSDK/wp-github-updater
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/SilverAssist/wp-github-updater.git synced 2026-05-01 11:12:18 +08:00
Code Releases Packages Activity Actions
wp-github-updater/phpcs.xml
Miguel Colmenares 7faeb7cd2f fix: Exclude test files from WordPress.Security checks 
- Test and bootstrap files don't need output escaping
- Focus security checks on production code only
2025-10-11 23:12:01 -05:00

106 lines
3.9 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<phpcs>
<!--
WP GitHub Updater - PHP Coding Standards Configuration
This configuration enforces the coding standards defined in our
project instructions, specifically:
🚨 MANDATORY STANDARDS:
- ALL strings MUST use double quotes: "string" not 'string'
- WordPress security best practices (escaping, sanitization)
- Text domain validation for i18n functions
- PSR-12 compliance for modern PHP 8+ conventions
- Proper documentation standards for public APIs
Package-specific allowances:
- PSR-4 naming conventions (not WordPress file naming)
- Namespace usage instead of global prefixes
- String interpolation with variables in double quotes
- Reasonable line length limits (120/160 characters)
-->
<arg name="basepath" value="."/>
<arg name="cache" value=".phpcs-cache"/>
<arg name="colors"/>
<arg name="extensions" value="php"/>
<arg name="parallel" value="80"/>
<arg value="p"/>
<!-- Show progress -->
<arg value="s"/>
<!-- Paths to check -->
<file>src</file>
<file>tests</file>
<!-- Base PSR12 standard -->
<rule ref="PSR12"/>
<!-- 🚨 CRITICAL RULE: Enforce double quotes for strings -->
<!-- This is our MANDATORY string quotation standard -->
<rule ref="Squiz.Strings.DoubleQuoteUsage">
<exclude name="Squiz.Strings.DoubleQuoteUsage.NotRequired"/>
<!-- Allow variables in double quotes (string interpolation) -->
<exclude name="Squiz.Strings.DoubleQuoteUsage.ContainsVar"/>
</rule>
<!-- WordPress Security (Critical for WordPress integration) -->
<rule ref="WordPress.Security.EscapeOutput"/>
<rule ref="WordPress.Security.ValidatedSanitizedInput"/>
<!-- Exclude WordPress.Security checks from test files -->
<rule ref="WordPress.Security">
<exclude-pattern>tests/bootstrap.php</exclude-pattern>
<exclude-pattern>tests/fixtures/*</exclude-pattern>
</rule>
<!-- WordPress i18n (Text domain validation) -->
<rule ref="WordPress.WP.I18n">
<properties>
<property name="text_domain" type="array">
<element value="wp-github-updater"/>
</property>
</properties>
<!-- Allow dynamic text domains from configuration -->
<exclude name="WordPress.WP.I18n.NonSingularStringLiteralText"/>
<exclude name="WordPress.WP.I18n.NonSingularStringLiteralDomain"/>
</rule>
<!-- Basic Documentation (without overly strict requirements) -->
<rule ref="Squiz.Commenting.ClassComment">
<exclude name="Squiz.Commenting.ClassComment.TagNotAllowed"/>
<!-- Allow test classes without doc comments -->
<exclude-pattern>tests/*</exclude-pattern>
</rule>
<!-- Allow WordPress-style method naming for i18n wrappers -->
<rule ref="PSR1.Methods.CamelCapsMethodName">
<exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps"/>
<type>warning</type> <!-- Make this a warning instead of error -->
</rule>
<!-- Allow flexibility for package-specific conventions -->
<rule ref="WordPress.Files.FileName">
<severity>0</severity> <!-- PSR-4 naming -->
</rule>
<rule ref="WordPress.NamingConventions.PrefixAllGlobals">
<severity>0</severity> <!-- Namespaced package -->
</rule>
<rule ref="PSR1.Files.SideEffects">
<severity>0</severity> <!-- Test files can have side effects -->
</rule>
<!-- Allow reasonable line lengths for readability -->
<rule ref="Generic.Files.LineLength">
<properties>
<property name="lineLimit" value="120"/>
<property name="absoluteLineLimit" value="160"/>
</properties>
</rule>
<!-- Exclude external dependencies -->
<exclude-pattern>vendor/*</exclude-pattern>
<exclude-pattern>*.min.*</exclude-pattern>
</phpcs>
View git blame Copy permalink