From a328ead30686af4dff706be69f79eb280d98b9bc Mon Sep 17 00:00:00 2001 From: Brian Date: Fri, 13 Mar 2026 23:20:18 +0100 Subject: [PATCH 1/5] upgrade readme header --- readme.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 83dc826e..05b9ffb6 100644 --- a/readme.md +++ b/readme.md @@ -1,8 +1,18 @@ # Two-Factor +![Two-Factor](https://github.com/WordPress/two-factor/blob/master/.wordpress-org/banner-1544x500.png) -[![Test](https://github.com/WordPress/two-factor/actions/workflows/test.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/test.yml) [![Deploy](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml) [![WordPress Playground Demo](https://img.shields.io/wordpress/plugin/v/two-factor?logo=wordpress&logoColor=FFFFFF&label=Playground%20Demo&labelColor=3858E9&color=3858E9)](https://playground.wordpress.net/?blueprint-url=https://raw.githubusercontent.com/WordPress/two-factor/master/.wordpress-org/blueprints/blueprint.json) +![Required PHP Version](https://img.shields.io/wordpress/plugin/required-php/two-factor?label=Requires%20PHP) ![Required WordPress Version](https://img.shields.io/wordpress/plugin/wp-version/two-factor?label=Requires%20WordPress) ![WordPress Tested Up To](https://img.shields.io/wordpress/plugin/tested/two-factor?label=WordPress) [![GPL-2.0-or-later License](https://img.shields.io/github/license/WordPress/ai.svg)](https://github.com/WordPress/two-factor/blob/trunk/LICENSE.md?label=License) + +![WordPress.org Rating](https://img.shields.io/wordpress/plugin/rating/two-factor?label=WP.org%20Rating) ![WordPress Plugin Downloads](https://img.shields.io/wordpress/plugin/dt/two-factor?label=WP.org%20Downloads) ![WordPress Plugin Active Installs](https://img.shields.io/wordpress/plugin/installs/two-factor?label=WP.org%20Active%20Installs) [![WordPress Playground Demo](https://img.shields.io/wordpress/plugin/v/two-factor?logo=wordpress&logoColor=FFFFFF&label=Live%20Demo&labelColor=3858E9&color=3858E9)](https://playground.wordpress.net/?blueprint-url=https://raw.githubusercontent.com/WordPress/two-factor/master/.wordpress-org/blueprints/blueprint.json) + +[![Test](https://github.com/WordPress/two-factor/actions/workflows/test.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/test.yml) [![Deploy](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml) + +> Two-Factor plugin for WordPress. [View on WordPress.org →](https://wordpress.org/plugins/two-factor/) + +## Description + +The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password. This helps protect against unauthorized access even if passwords are compromised. -Two-Factor plugin for WordPress. [View on WordPress.org →](https://wordpress.org/plugins/two-factor/) ## Usage From ae23b238e86c502b3040668dc33392371afb32a1 Mon Sep 17 00:00:00 2001 From: Brian Date: Fri, 13 Mar 2026 23:21:32 +0100 Subject: [PATCH 2/5] revert commit --- readme.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/readme.md b/readme.md index 05b9ffb6..83dc826e 100644 --- a/readme.md +++ b/readme.md @@ -1,18 +1,8 @@ # Two-Factor -![Two-Factor](https://github.com/WordPress/two-factor/blob/master/.wordpress-org/banner-1544x500.png) -![Required PHP Version](https://img.shields.io/wordpress/plugin/required-php/two-factor?label=Requires%20PHP) ![Required WordPress Version](https://img.shields.io/wordpress/plugin/wp-version/two-factor?label=Requires%20WordPress) ![WordPress Tested Up To](https://img.shields.io/wordpress/plugin/tested/two-factor?label=WordPress) [![GPL-2.0-or-later License](https://img.shields.io/github/license/WordPress/ai.svg)](https://github.com/WordPress/two-factor/blob/trunk/LICENSE.md?label=License) - -![WordPress.org Rating](https://img.shields.io/wordpress/plugin/rating/two-factor?label=WP.org%20Rating) ![WordPress Plugin Downloads](https://img.shields.io/wordpress/plugin/dt/two-factor?label=WP.org%20Downloads) ![WordPress Plugin Active Installs](https://img.shields.io/wordpress/plugin/installs/two-factor?label=WP.org%20Active%20Installs) [![WordPress Playground Demo](https://img.shields.io/wordpress/plugin/v/two-factor?logo=wordpress&logoColor=FFFFFF&label=Live%20Demo&labelColor=3858E9&color=3858E9)](https://playground.wordpress.net/?blueprint-url=https://raw.githubusercontent.com/WordPress/two-factor/master/.wordpress-org/blueprints/blueprint.json) - -[![Test](https://github.com/WordPress/two-factor/actions/workflows/test.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/test.yml) [![Deploy](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml) - -> Two-Factor plugin for WordPress. [View on WordPress.org →](https://wordpress.org/plugins/two-factor/) - -## Description - -The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password. This helps protect against unauthorized access even if passwords are compromised. +[![Test](https://github.com/WordPress/two-factor/actions/workflows/test.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/test.yml) [![Deploy](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml/badge.svg)](https://github.com/WordPress/two-factor/actions/workflows/deploy.yml) [![WordPress Playground Demo](https://img.shields.io/wordpress/plugin/v/two-factor?logo=wordpress&logoColor=FFFFFF&label=Playground%20Demo&labelColor=3858E9&color=3858E9)](https://playground.wordpress.net/?blueprint-url=https://raw.githubusercontent.com/WordPress/two-factor/master/.wordpress-org/blueprints/blueprint.json) +Two-Factor plugin for WordPress. [View on WordPress.org →](https://wordpress.org/plugins/two-factor/) ## Usage From 5304545801be010fb91145b31051c70171b0ec11 Mon Sep 17 00:00:00 2001 From: Brian Date: Fri, 13 Mar 2026 23:39:29 +0100 Subject: [PATCH 3/5] Create build-plugin-zip.yml --- .github/workflows/build-plugin-zip.yml | 64 ++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/build-plugin-zip.yml diff --git a/.github/workflows/build-plugin-zip.yml b/.github/workflows/build-plugin-zip.yml new file mode 100644 index 00000000..4857eea6 --- /dev/null +++ b/.github/workflows/build-plugin-zip.yml @@ -0,0 +1,64 @@ +name: Build Plugin Zip + +on: + pull_request: + types: [ 'opened', 'synchronize', 'reopened', 'edited' ] + +# Cancels all previous workflow runs for pull requests that have not completed. +concurrency: + # The concurrency group contains the workflow name and the branch name for pull requests + # or the commit hash for any other events. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +# Disable permissions for all available scopes by default. +# Any needed permissions should be configured at the job level. +permissions: {} + +jobs: + build: + runs-on: 'ubuntu-24.04' + permissions: + contents: read + outputs: + job_status: ${{ job.status }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Set up PHP and Composer + uses: shivammathur/setup-php@v2 + with: + php-version: '7.4' + coverage: none + tools: composer:v2 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + cache: 'npm' + + - name: Install NPM dependencies + run: npm ci + + - name: Install Composer dependencies + run: composer install --no-dev --no-interaction + + - name: Build plugin + run: npm run build + + - name: Create artifact + run: | + mv dist two-factor + zip -r two-factor.zip two-factor/ + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: two-factor-plugin-zip-pr${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }} + path: two-factor.zip + if-no-files-found: error From 3443626aa4296cf2ce88062895c66e455fec9b5c Mon Sep 17 00:00:00 2001 From: Brian Date: Fri, 13 Mar 2026 23:42:01 +0100 Subject: [PATCH 4/5] Create pr-playground-preview.yml --- .github/workflows/pr-playground-preview.yml | 117 ++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 .github/workflows/pr-playground-preview.yml diff --git a/.github/workflows/pr-playground-preview.yml b/.github/workflows/pr-playground-preview.yml new file mode 100644 index 00000000..040863ad --- /dev/null +++ b/.github/workflows/pr-playground-preview.yml @@ -0,0 +1,117 @@ +name: PR Playground Preview + +# Use workflow_run for privileged operations +# Runs with write permissions and access to secrets +# Operates on artifacts from the unprivileged build workflow +on: + workflow_run: + workflows: ["Build Plugin Zip"] + types: + - completed + +# Disable permissions for all available scopes by default. +# Any needed permissions should be configured at the job level. +permissions: {} + +jobs: + + # Leaves a comment on a pull request with a link to test the changes in a WordPress Playground instance. + playground-details: + name: Comment on a pull request with Playground details + runs-on: ubuntu-24.04 + # Only run if the build workflow succeeded and was triggered by a pull_request + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' + outputs: + artifact-url: ${{ steps.expose.outputs.artifact-url }} + artifact-name: ${{ steps.expose.outputs.artifact-name }} + permissions: + contents: write + pull-requests: write + + steps: + - name: Extract PR metadata from artifact name + id: pr-metadata + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + const artifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{ github.event.workflow_run.id }}, + }); + + const artifact = artifacts.data.artifacts.find(a => + a.name.startsWith("two-factor-plugin-zip-pr") + ); + + if (!artifact) { + throw new Error('Could not find plugin artifact'); + } + + // Parse: two-factor-plugin-zip-pr123-abc123def... + const match = artifact.name.match(/^two-factor-plugin-zip-pr(\d+)-(.+)$/); + if (!match) { + throw new Error(`Could not parse artifact name: ${artifact.name}`); + } + + const [, prNumber, commitSha] = match; + + core.setOutput('pr-number', prNumber); + core.setOutput('commit-sha', commitSha); + core.setOutput('artifact-name', artifact.name); + + - name: Expose built artifact + id: expose + uses: WordPress/action-wp-playground-pr-preview/.github/actions/expose-artifact-on-public-url@c8607529dac8d2bf9a1e8493865fc97cd1c3c87b # v2 + with: + artifact-name: ${{ steps.pr-metadata.outputs.artifact-name }} + artifact-filename: two-factor.zip + pr-number: ${{ steps.pr-metadata.outputs.pr-number }} + commit-sha: ${{ steps.pr-metadata.outputs.commit-sha }} + artifact-source-run-id: ${{ github.event.workflow_run.id }} + artifacts-to-keep: '2' + + - name: Generate Playground blueprint JSON + id: blueprint + run: | + node - <<'NODE' >> "$GITHUB_OUTPUT" + const url = process.env.ARTIFACT_URL; + if (!url) { + throw new Error('ARTIFACT_URL is required'); + } + + const blueprint = { + landingPage: '/wp-admin/profile.php#two-factor-options', + preferredVersions: { + php: '8.2', + wp: 'latest', + }, + steps: [ + { + step: 'installPlugin', + pluginZipFile: { + resource: 'url', + url, + }, + }, + { + step: 'login', + username: 'admin', + }, + ], + }; + + console.log(`blueprint=${JSON.stringify(blueprint)}`); + NODE + env: + ARTIFACT_URL: ${{ steps.expose.outputs.artifact-url }} + + - name: Post Playground preview button + uses: WordPress/action-wp-playground-pr-preview@c8607529dac8d2bf9a1e8493865fc97cd1c3c87b # v2 + with: + mode: append-to-description + blueprint: ${{ steps.blueprint.outputs.blueprint }} + pr-number: ${{ steps.pr-metadata.outputs.pr-number }} + github-token: ${{ secrets.GITHUB_TOKEN }} From e05ef4847a561ea5462e0240542308e0feb4b244 Mon Sep 17 00:00:00 2001 From: Brian Date: Sat, 14 Mar 2026 09:53:07 +0100 Subject: [PATCH 5/5] upgrade version due to node version warning --- .github/workflows/build-plugin-zip.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-plugin-zip.yml b/.github/workflows/build-plugin-zip.yml index 4857eea6..ddef0b4f 100644 --- a/.github/workflows/build-plugin-zip.yml +++ b/.github/workflows/build-plugin-zip.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false @@ -37,7 +37,7 @@ jobs: tools: composer:v2 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' cache: 'npm' @@ -57,7 +57,7 @@ jobs: zip -r two-factor.zip two-factor/ - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: two-factor-plugin-zip-pr${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }} path: two-factor.zip