Update ai-album-finder branch#40
Merged
jonathanbossenger merged 101 commits intoai-album-finderfrom Mar 7, 2026
Merged
Conversation
This will let us build out everything else in a clean way.
Storing the images as backups in the theme folder for now.
This doesn't have our up-to-date color values. I just needed to plug in the slugs.
Note that we need to use `!important` to fix this margin for the Query Pagination block in the site editor.
Adds Album, Artist, and Song CPTs. Adds Genre taxonomy.
Shouldn't be extended here.
Adds custom post types and taxonomies
Add mcp.json template that contains the GitHub MCP setup.
Still need to update dynamic content.
Removes unused patterns and pattern references. Moves old content patterns to templates for now.
Just cleanup right now.
This changes all of the image references to dynamic ones stored in the theme.
Initial theme design
Make the vendor deploy run after the site deploy is successful.
This is needed since they are disabled on DotCom.
Enable experimental Gutenberg blocks.
This is a partial fix for #30 Currently, the list of term images is hardcoded in the `Term` class. It's a good first step that at least lets us get rid of several templates and patterns (DRY, FTW!).
This had some extra block bindings necessary.
This disables content-only focus mode for unsynced patterns and the font library.
Uses the WP Term Images plugin for attaching images to terms. This cuts way back on code. This change also swaps the images in the theme to `.webp` for smaller file sizes.
Big theme cleanup
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+21
to
+71
| name: Build and Deploy Vendor Folders | ||
| runs-on: ubuntu-latest | ||
| # For workflow_run events, only proceed if the upstream workflow succeeded. | ||
| if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} | ||
| # workflow_run executes in the context of the default branch, so use | ||
| # head_branch from the event payload to select the right environment. | ||
| environment: ${{ (github.event.workflow_run.head_branch || github.ref_name) == 'trunk' && 'production' || 'staging' }} | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup PHP | ||
| uses: shivammathur/setup-php@v2 | ||
| with: | ||
| php-version: '8.2' | ||
| tools: composer | ||
|
|
||
| # ── Plugin ───────────────────────────────────────────────────────────── | ||
|
|
||
| - name: Install plugin dependencies (bifrost-music) | ||
| working-directory: plugins/bifrost-music | ||
| run: composer install --no-dev --optimize-autoloader --no-interaction | ||
|
|
||
| - name: Upload plugin vendor folder | ||
| if: ${{ inputs.dry_run != true && hashFiles('plugins/bifrost-music/vendor/**') != '' }} | ||
| uses: Automattic/FTP-Deploy-Action@3.1.2 | ||
| with: | ||
| ftp-server: sftp://sftp.wp.com/htdocs/wp-content/plugins/bifrost-music/vendor/ | ||
| ftp-username: ${{ secrets.SFTP_USER }} | ||
| ftp-password: ${{ secrets.SFTP_PASSWORD }} | ||
| local-dir: plugins/bifrost-music/vendor/ | ||
| git-ftp-args: --all | ||
| known-hosts: ${{ secrets.SFTP_KNOWN_HOSTS }} | ||
|
|
||
| # ── Theme ─────────────────────────────────────────────────────────────── | ||
|
|
||
| - name: Install theme dependencies (bifrost-noise) | ||
| working-directory: themes/bifrost-noise | ||
| run: composer install --no-dev --optimize-autoloader --no-interaction | ||
|
|
||
| - name: Upload theme vendor folder | ||
| if: ${{ inputs.dry_run != true && hashFiles('themes/bifrost-noise/vendor/**') != '' }} | ||
| uses: Automattic/FTP-Deploy-Action@3.1.2 | ||
| with: | ||
| ftp-server: sftp://sftp.wp.com/htdocs/wp-content/themes/bifrost-noise/vendor/ | ||
| ftp-username: ${{ secrets.SFTP_USER }} | ||
| ftp-password: ${{ secrets.SFTP_PASSWORD }} | ||
| local-dir: themes/bifrost-noise/vendor/ | ||
| git-ftp-args: --all | ||
| known-hosts: ${{ secrets.SFTP_KNOWN_HOSTS }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
In general, this needs an explicit permissions block to limit the GITHUB_TOKEN to the least privileges required. Since the job only checks out code and interacts with an external SFTP endpoint using secrets, it only needs read access to repository contents. We can safely restrict permissions to contents: read at the workflow root so it applies to all jobs (there is only one job here), and we don’t need any write scopes like issues: write or pull-requests: write.
The best fix is to add a top-level permissions section right after the name (line 1) and before the on: block (line 3). This will explicitly document that this workflow’s GITHUB_TOKEN is limited to reading repository contents, matching CodeQL’s suggested “minimal starting point”. No imports or additional methods are required since this is a pure YAML configuration change. Existing functionality will remain unchanged because the workflow was not relying on elevated token permissions.
Suggested changeset
1
.github/workflows/deploy-vendors.yml
| @@ -1,4 +1,6 @@ | ||
| name: Deploy Vendor Folders | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_run: |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.