Switch plugin-check runtime from wp-env to WordPress Playground

[Copilot]

This updates the action to use WordPress Playground instead of @wordpress/env for bootstrapping Plugin Check. It also adds support for merging a user-provided Playground blueprint so plugins can extend runtime setup when needed.

• Playground-based runtime

  • Replaced the wp-env startup flow in action.yml with @wp-playground/cli php
  • Generates a base blueprint that:
    • installs plugin-check
    • activates plugin-check
    • activates the target plugin
    • copies the object-cache.php drop-in required by Plugin Check

• Custom blueprint support

  • Added a new blueprint input
  • Merges a user-supplied blueprint with the action’s default setup so callers can layer additional runtime configuration without replacing the base Plugin Check environment

• Plugin dependency handling

  • Detects Requires Plugins from the plugin header
  • Adds dependency installation/activation to the generated blueprint
  • Validates plugin and dependency slugs before generating blueprint steps

• Scan hygiene

  • Automatically excludes blueprint files from Plugin Check when they live inside the scanned plugin directory
  • Improves blueprint error handling and emits clearer failures for missing/invalid blueprint input

• Docs and coverage

  • Documented the Playground-based setup and new blueprint input in README.md
  • Added a workflow fixture covering custom blueprint usage

Example:

- uses: wordpress/plugin-check-action@v1
  with:
    build-dir: './my-awesome-plugin'
    blueprint: './plugin-check-blueprint.json'
    categories: |
      performance
      accessibility

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.wordpress.org
  • Triggering command: /usr/local/bin/node node /home/REDACTED/.npm/_npx/8ab79f7a2a3f35a4/node_modules/.bin/wp-playground-cli php --blueprint=/tmp/plugin-check-blueprint.json --mount=/home/REDACTED/work/plugin-check-action/plugin-check-action/tests/fixtures/hello-dolly-copy:/wordpress/wp-content/plugins/hello-dolly-copy --verbosity=normal -- /tmp/wp-cli.phar plugin check hello-dolly-copy --categories=plugin_repo --format=json --error-severity=7 --warning-severity=6 --include-low-severity-errors --exclude-checks=prefixing (dns block)
• konstantin.obenland.it
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

🔍 WordPress Plugin Check Report

❌ Status: Failed

📊 Report

🎯 Total Issues	❌ Errors	⚠️ Warnings
9	8	1

---

❌ Errors (8)

📁 hello.php (7 errors)

📍 Line	🔖 Check	💬 Message
0	plugin_header_no_license	Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
0	missing_direct_file_access_protection	PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
49	WordPress.WP.AlternativeFunctions.rand_mt_rand	mt_rand() is discouraged. Use the far less predictable wp_rand() instead.
62	WordPress.Security.EscapeOutput.OutputNotEscaped	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
62	WordPress.WP.I18n.TextDomainMismatch	Mismatched text domain. Expected 'hello-dolly-copy' but got 'hello-dolly'.
63	WordPress.Security.EscapeOutput.OutputNotEscaped	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$lang'.
64	WordPress.Security.EscapeOutput.OutputNotEscaped	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$chosen'.

📁 readme.txt (1 error)

📍 Line	🔖 Check	💬 Message
0	no_plugin_readme	The plugin readme.txt does not exist.

---

⚠️ Warnings (1)

📁 hello.php (1 warning)

📍 Line	🔖 Check	💬 Message
72	WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound	Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "dolly_css".

---

🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check

[Copilot]

Pull request overview

This PR migrates the action’s runtime from @wordpress/env (wp-env) to WordPress Playground via @wp-playground/cli, and introduces an optional “blueprint” input that gets merged into a generated baseline blueprint used to install/activate Plugin Check and the target plugin (plus declared dependencies).

Changes:

• Replaced the wp-env startup/run flow with a Playground CLI invocation driven by a generated blueprint.
• Added blueprint input support and merge logic to let callers layer additional Playground setup steps.
• Extended the test workflow with a fixture to exercise custom blueprint usage.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
action.yml	Implements Playground-based execution, blueprint generation/merging, dependency handling, and blueprint exclusion behavior.
README.md	Documents Playground-based setup and the new blueprint input with an example.
.github/workflows/test.yml	Adds a workflow step to exercise the custom blueprint input against a fixture plugin.
tests/fixtures/custom-blueprint.json	Adds a minimal Playground blueprint used by the workflow fixture.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[swissspidy]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Applied the follow-up changes in bf3a010 and 497bd76. The action now pins @wp-playground/cli to 3.1.28, and the logs no longer print the full merged blueprint—only a small summary with clearer error handling.

[swissspidy]

@copilot actually i prefer installing and updating playground via package.json instead of hardcoding a version number

[Copilot]

@copilot actually i prefer installing and updating playground via package.json instead of hardcoding a version number

Updated in b82030a and 620eaa6. The Playground CLI version now lives in package.json/package-lock.json, and action.yml reads it from the action’s own package metadata instead of hardcoding the version.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated no new comments.