Merge branch 'master' into CANTINA-852

Automattic · May 27, 2022 · 46f758c · 46f758c
2 parents fff5a4f + 9353929
commit 46f758c
Show file tree

Hide file tree

Showing 4,689 changed files with 775,873 additions and 101,114 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,9 +2,9 @@ workflows:
   version: 2
   main:
     jobs:
+      - php-lint
       - php74-core-tests
       - php74-core-multisite-tests
-      - php74-lint
       - php74-build-singlesite
       - php74-build-singlesite-58
       - php74-build-singlesite-57
@@ -91,10 +91,12 @@ job-references:
   php_core_job: &php_core_job
     steps:
       - checkout
+      - run: *prepare_repo
       - run:
           name: "Run Tests"
           command: |
-            cp -r "$HOME/project/" "/wordpress/wordpress-core-${WP_VERSION}/build/wp-content/mu-plugins"
+            cp -r "$HOME/project/" "/wordpress/wordpress-core-${WP_VERSION}/src/wp-content/mu-plugins"
+            echo "define( 'VIP_JETPACK_SKIP_LOAD', 'true' );" >> "/wordpress/wordpress-core-${WP_VERSION}/src/wp-content/mu-plugins/000-vip-init.php"
             /usr/local/bin/runner
           environment:
             MYSQL_HOST: << pipeline.parameters.db_host >>
@@ -130,10 +132,10 @@ jobs:
       - image: ghcr.io/automattic/vip-container-images/wp-core-test-runner
       - image: *db_image
 
-  php74-lint:
+  php-lint:
     <<: *lint_job
     docker:
-      - image: cimg/php:7.4-node
+      - image: cimg/php:8.0-node
 
   php74-build-multisite:
     <<: *php_job
@@ -158,7 +160,7 @@ jobs:
     <<: *php_job
     environment:
       WP_MULTISITE: "0"
-      WP_VERSION: "5.5.8"
+      WP_VERSION: "5.5.9"
       PHPUNIT_VERSION: "7"
     docker:
       - image: ghcr.io/automattic/vip-container-images/wp-test-runner:latest
@@ -168,7 +170,7 @@ jobs:
     <<: *php_job
     environment:
       WP_MULTISITE: "0"
-      WP_VERSION: "5.6.7"
+      WP_VERSION: "5.6.8"
       PHPUNIT_VERSION: "7"
     docker:
       - image: ghcr.io/automattic/vip-container-images/wp-test-runner:latest
@@ -178,7 +180,7 @@ jobs:
     <<: *php_job
     environment:
       WP_MULTISITE: "0"
-      WP_VERSION: "5.7.5"
+      WP_VERSION: "5.7.6"
       PHPUNIT_VERSION: "7"
     docker:
       - image: ghcr.io/automattic/vip-container-images/wp-test-runner:latest
@@ -188,7 +190,7 @@ jobs:
     <<: *php_job
     environment:
       WP_MULTISITE: "0"
-      WP_VERSION: "5.8.3"
+      WP_VERSION: "5.8.4"
       PHPUNIT_VERSION: "7"
     docker:
       - image: ghcr.io/automattic/vip-container-images/wp-test-runner:latest
@@ -227,11 +229,12 @@ jobs:
                 --wp-endpoint=https://public-api.wordpress.com/wp/v2/sites/wpvipchangelog.wordpress.com/posts \
                 --wp-tag-ids=1784989 \
                 --wp-channel-ids=267076 \
+                --wp-status=publish \
                 --debug
 
   search-dev-tools:
     docker:
-      - image: cimg/node:16.14.0
+      - image: cimg/node:16.15.0
     steps:
       - checkout
       - run:

diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
@@ -0,0 +1,10 @@
+name: CodeQL Config
+
+paths:
+  - search/search-dev-tools/src/
+
+paths-ignore:
+  - node_modules
+
+queries:
+  - uses: security-and-quality
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,44 @@
+name: CodeQL Analysis
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "search/search-dev-tools/src/**.js"
+      - ".github/workflows/codeql-analysis.yml"
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "search/search-dev-tools/src/**.js"
+      - ".github/workflows/codeql-analysis.yml"
+  schedule:
+    - cron: '24 2 * * 6'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Static Code Analysis with CodeQL
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@a3a6c128d771b6b9bdebb1c9d0583ebd2728a108 # tag=v2.1.11
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@a3a6c128d771b6b9bdebb1c9d0583ebd2728a108 # tag=v2.1.11
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,26 @@
+name: Dependency Review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    name: Review Dependencies
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # tag=v1.4.3
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+
+      - name: Check out the source code
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+      - name: Review dependencies
+        uses: actions/dependency-review-action@a9c83d3af6b9031e20feba03b904645bb23d1dab # tag=v1.0.2
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # tag=v1.4.0
+        uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # tag=v1.4.3
         with:
           egress-policy: block
           allowed-endpoints: 
@@ -55,19 +55,21 @@ jobs:
             registry-1.docker.io:443
             registry.npmjs.org:443
             s.w.org:443
+            update.containous.cloud:443
+            update.traefik.io:443
             vaultpress.com:443
             wordpress.org:443
             dns.google:53
             e2e-test-site.vipdev.lndo.site:80
 
       - name: Check out repository code
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           submodules: true
           path: vip-go-mu-plugins
 
       - name: Setup Node
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
         with:
           node-version: 'lts/*'
           cache: npm
@@ -106,7 +108,7 @@ jobs:
         working-directory: vip-go-mu-plugins
 
       - name: Archive test results
-        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # renovate: tag=v2.3.1
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
         if: failure()
         with:
           name: test-results

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -28,12 +28,12 @@ jobs:
           - "1"
     steps:
       - name: Check out source code
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           submodules: recursive
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@7854a0cae7fa7a5f3feac66d27bae2dc42d1067a # tag=2.17.0
+        uses: shivammathur/setup-php@448bd61c6fe9db2113173467e4c22b87ddc2971a # tag=2.18.1
         with:
           coverage: none
           php-version: ${{ matrix.php }}

diff --git a/.github/workflows/parsely.yml b/.github/workflows/parsely.yml
@@ -29,23 +29,25 @@ jobs:
         parsely:
           - "2.6"
           - "3.1"
+          - "3.2"
+          - "3.3"
         mode:
           - "filter_enabled"
           - "option_enabled"
         include:
           - php: "7.4"
             wp: "latest"
             multisite: "0"
-            parsely: "3.1"
+            parsely: "3.3"
             mode: "filter_and_option_enabled"
     steps:
       - name: Check out source code
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           submodules: recursive
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@7854a0cae7fa7a5f3feac66d27bae2dc42d1067a # tag=2.17.0
+        uses: shivammathur/setup-php@448bd61c6fe9db2113173467e4c22b87ddc2971a # tag=2.18.1
         with:
           coverage: none
           php-version: ${{ matrix.php }}

diff --git a/.github/workflows/release-changelog.yml b/.github/workflows/release-changelog.yml
@@ -1,6 +1,7 @@
 name: release-changelog
 
-on: workflow_dispatch
+on:
+  workflow_dispatch
 
 permissions:
   contents: read
@@ -15,12 +16,12 @@ jobs:
       id: ${{ steps.id-generator.outputs.id }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # tag=v1.4.0
+        uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # tag=v1.4.3
         with:
           egress-policy: audit
 
       - name: Check out source code
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
 
       - name: Retrieve tags
         run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
@@ -52,17 +53,18 @@ jobs:
   release-changelog:
     name: Publish Changelog
     runs-on: ubuntu-latest
+    needs: tag-release
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # tag=v1.4.0
+        uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # tag=v1.4.3
         with:
           egress-policy: audit
 
       - name: Check out source code
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
 
       - name: Set up Node.js environment
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
         with:
           node-version: 14
           cache: npm
@@ -74,5 +76,6 @@ jobs:
       - name: Promote changelog entries
         env:
           CHANGELOG_BEARER_TOKEN: ${{ secrets.CHANGELOG_BEARER_TOKEN }}
+          RELEASE_ID: ${{ needs.tag-release.outputs.id }}
         working-directory: ./bin
         run: node ./mark-production-changelog.js
diff --git a/.gitmodules b/.gitmodules
@@ -13,9 +13,6 @@
 [submodule "cron-control"]
 	path = cron-control
 	url = https://github.com/Automattic/Cron-Control.git
-[submodule "debug-bar-cron"]
-	path = debug-bar-cron
-	url = https://github.com/tollmanz/debug-bar-cron.git
 [submodule "shared-plugins/jetpack-force-2fa"]
 	path = shared-plugins/jetpack-force-2fa
 	url = https://github.com/Automattic/jetpack-force-2fa.git

diff --git a/000-vip-init.php b/000-vip-init.php
@@ -10,6 +10,7 @@
  */
 
 use Automattic\VIP\Utils\Context;
+use Automattic\VIP\Utils\WPComVIP_Restrictions;
 
 /**
  * By virtue of the filename, this file is included first of
@@ -22,6 +23,10 @@
 	exit();
 }
 
+if ( file_exists( __DIR__ . '/healthcheck/healthcheck.php' ) ) {
+	require_once __DIR__ . '/healthcheck/healthcheck.php';
+}
+
 // Execute the healthcheck as quickly as possible
 if ( isset( $_SERVER['REQUEST_URI'] ) && '/cache-healthcheck?' === $_SERVER['REQUEST_URI'] ) {
 	if ( function_exists( 'newrelic_end_transaction' ) ) {
@@ -127,13 +132,15 @@
 defined( 'WPCOM_VIP_MACHINE_USER_EMAIL' ) || define( 'WPCOM_VIP_MACHINE_USER_EMAIL', '[email protected]' );
 defined( 'WPCOM_VIP_MACHINE_USER_ROLE' ) || define( 'WPCOM_VIP_MACHINE_USER_ROLE', 'administrator' );
 
-add_action( 'set_current_user', function() {
-	$user = get_user_by( 'login', WPCOM_VIP_MACHINE_USER_LOGIN );
+if ( ! defined( 'WP_INSTALLING' ) || ! WP_INSTALLING ) {
+	add_action( 'set_current_user', function() {
+		$user = get_user_by( 'login', WPCOM_VIP_MACHINE_USER_LOGIN );
 
-	if ( $user && $user->ID ) {
-		defined( 'WPCOM_VIP_MACHINE_USER_ID' ) || define( 'WPCOM_VIP_MACHINE_USER_ID', $user->ID );
-	}
-}, PHP_INT_MIN );
+		if ( $user && $user->ID ) {
+			defined( 'WPCOM_VIP_MACHINE_USER_ID' ) || define( 'WPCOM_VIP_MACHINE_USER_ID', $user->ID );
+		}
+	}, PHP_INT_MIN );
+}
 
 // Support a limited number of additional "Internal Events" in Cron Control.
 // These events run regardless of the number of pending events, and they cannot be deleted.
@@ -191,6 +198,9 @@
 require_once __DIR__ . '/vip-helpers/vip-syndication-cache.php';
 require_once __DIR__ . '/vip-helpers/vip-migrations.php';
 require_once __DIR__ . '/vip-helpers/class-user-cleanup.php';
+require_once __DIR__ . '/vip-helpers/class-wpcomvip-restrictions.php';
+
+add_action( 'init', [ WPComVIP_Restrictions::class, 'instance' ] );
 
 //enabled on selected sites for now
 if ( true === defined( 'WPCOM_VIP_CLEAN_TERM_CACHE' ) && true === constant( 'WPCOM_VIP_CLEAN_TERM_CACHE' ) ) {
@@ -228,11 +238,6 @@
 	}
 
 	define( 'WP_ENVIRONMENT_TYPE', $environment_type );
-
-	// VIP sites should not be set as staging in Jetpack
-	// since it breaks SSO and prevents data from being passed to
-	// WordPress.com
-	add_filter( 'jetpack_is_staging_site', '__return_false' );
 }
 
 // Load config related helpers
@@ -263,9 +268,11 @@
 	return $headers;
 } );
 
-// Disable core sitemaps
-//
-// https://make.wordpress.org/core/2020/07/22/new-xml-sitemaps-functionality-in-wordpress-5-5/
-add_filter( 'wp_sitemaps_enabled', '__return_false' );
+if ( ! defined( 'WP_RUN_CORE_TESTS' ) || ! WP_RUN_CORE_TESTS ) {
+	// Disable core sitemaps
+	//
+	// https://make.wordpress.org/core/2020/07/22/new-xml-sitemaps-functionality-in-wordpress-5-5/
+	add_filter( 'wp_sitemaps_enabled', '__return_false' );
+}
 
 do_action( 'vip_loaded' );