all the things!

.gitignore

@@ -0,0 +1,17 @@
+# Ignore Composer things.
+vendor/
+composer.lock
+*.idea
+
+# Ignore node things.
+node_modules/
+npm-debug.log
+yarn.lock
+
+# Ignore PHPUnit things.
+archives/
+phpcs-standard/
+.phpunit.result.cache
+
+# OS generated files.
+.DS_Store

CODEOWNERS

@@ -0,0 +1 @@
+* @pantheon-systems/cms-platform

Pantheon-WP-Minimum/ruleset.xml

@@ -0,0 +1,86 @@
+<?xml version="1.0"?>
+<ruleset name="Pantheon-WP-Minimum">
+	<description>Minimum requirements for WordPress sites running on Pantheon.</description>
+
+	<exclude-pattern>/node_modules/*</exclude-pattern>
+	<exclude-pattern>vendor/*</exclude-pattern>
+
+	<arg name="extensions" value="php" />
+
+	<rule ref="PHPCompatibilityWP" />
+		<exclude name="PHPCompatibility.Miscellaneous.RemovedAlternativePHPTags.MaybeASPOpenTagFound" />
+	</rule>
+
+	<rule ref="WordPress" />
+
+	<!-- Disallow use of __FILE__ in menu slugs, which exposes the filesystem's data. -->
+	<rule ref="WordPress.Security.PluginMenuSlug" />
+	<rule ref="WordPress.Security.PluginMenuSlug.Using__FILE__">
+		<type>error</type>
+	</rule>
+
+	<!-- Disallow functions where WordPress has an alternative. -->
+	<rule ref="WordPress.WP.AlternativeFunctions">
+		<!-- ...but, allow some back in. -->
+		<properties>
+			<property name="exclude" type="array">
+				<element value="file_get_contents" />
+				<element value="file_system_read" />
+				<element value="json_encode" />
+				<element value="json_decode" />
+
+				<!-- wp_parse_url() only exists for inconsistency in PHP <5.4 -->
+				<element value="parse_url" />
+			</property>
+		</properties>
+	</rule>
+	<rule ref="WordPress.DB.RestrictedFunctions" />
+	<rule ref="WordPress.DB.RestrictedClasses" />
+
+	<!-- Disallow eval(). (From WordPress-Core) -->
+	<rule ref="Squiz.PHP.Eval"/>
+	<rule ref="Squiz.PHP.Eval.Discouraged">
+		<type>error</type>
+		<message>eval() is a security risk and is not allowed.</message>
+	</rule>
+
+	<!-- Disallow create_function() -->
+	<rule ref="WordPress.PHP.RestrictedPHPFunctions"/>
+
+	<!-- Disallow goto function. -->
+	<rule ref="Generic.PHP.DiscourageGoto"/>
+	<rule ref="Generic.PHP.DiscourageGoto.Found">
+		<type>error</type>
+		<message>The "goto" language construct should not be used.</message>
+	</rule>
+
+	<!-- Disallow short PHP tags. (From WordPress-Core) -->
+	<rule ref="Generic.PHP.DisallowShortOpenTag" />
+
+	<!-- Disallow old-style PHP tags (e.g. ASP-style) -->
+	<rule ref="Generic.PHP.DisallowAlternativePHPTags">
+		<!-- Allow ASP-style tags that aren't tokenised. -->
+		<exclude name="Generic.PHP.DisallowAlternativePHPTags.MaybeASPShortOpenTagFound" />
+		<exclude name="Generic.PHP.DisallowAlternativePHPTags.MaybeASPOpenTagFound" />
+	</rule>
+
+	<!-- Require correct usage of WP's i18n functions. -->
+	<rule ref="WordPress.WP.I18n">
+		<properties>
+			<property name="check_translator_comments" value="false" />
+		</properties>
+
+		<!-- Allow empty strings to be translated (e.g. space character) -->
+		<exclude name="WordPress.WP.I18n.NoEmptyStrings" />
+
+		<!--
+			Allow unordered placeholders. It's not good style, but strictly
+			speaking it's not a problem.
+		-->
+		<exclude name="WordPress.WP.I18n.UnorderedPlaceholdersText" />
+		<exclude name="WordPress.WP.I18n.MixedOrderedPlaceholdersText" />
+	</rule>
+
+	<!-- Require valid syntax. -->
+	<rule ref="Generic.PHP.Syntax" />
+</ruleset>

Pantheon-WP/ruleset.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<ruleset name="Pantheon-WP">
+	<description>Pantheon WordPress Coding Standards</description>
+
+	<exclude-pattern>/node_modules/*</exclude-pattern>
+	<exclude-pattern>vendor/*</exclude-pattern>
+
+	<arg name="extensions" value="php" />
+
+	<!-- Include everything in the minimum ruleset -->
+	<rule ref="Pantheon-WP-Minimum" />
+
+	<!-- Rulesets to use -->
+	<rule ref="PHPCompatibilityWP" />
+	<rule ref="WordPress-Core">
+		<exclude name="Generic.Arrays.DisallowShortArraySyntax" />
+		<exclude name="Generic.Formatting.MultipleStatementAlignment.NotSameWarning" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.CloseBracketLine" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.MultipleArguments" />
+		<exclude name="WordPress.Arrays.MultipleStatementAlignment.DoubleArrowNotAligned" />
+		<exclude name="WordPress.PHP.DisallowShortTernary.Found" />
+		<!--
+		The following was written by Ryan McCue in the HM Coding Standards.
+		I tend to agree with the argument that Yoda conditions are ridiculous
+		but he gives a convincing argument and explains the reasoning far
+		better than I could. See: https://github.com/humanmade/coding-standards/blob/master/HM/ruleset.xml#L31-L50
+
+		OK, real talk right now. Yoda conditions are ridiculous.
+		The fundamental problem that Yoda conditions attempts to solve is:
+		the equality operator is very close to the assignment operator.
+		It's easy to mess up and accidentally assign to the variable you're
+		trying to check.
+		Here's the thing though. Yoda conditions just don't read correctly
+		in the code flow. They require you to change the way you think
+		about the control flow.
+		Rather than forcing every conditional to be backwards, why not ban
+		assignment from conditionals? You never really *need* to assign in
+		a conditional.
+		So, here's where I stand: no to Yoda conditions. Yes to banning
+		assignment in conditionals.
+		-->
+		<exclude name="WordPress.PHP.YodaConditions.NotYoda" />
+	</rule>
+	<rule ref="WordPress-Extra" />
+	<rule ref="WordPress-Docs" />
+	<rule ref="WordPressVIPMinimum" />
+
+	<!-- Rule exclusions -->
+	<rule ref="Generic.Arrays.DisallowLongArraySyntax" />
+
+	<!-- Require proper docblocks be used in all PHP files -->
+	<rule ref="WordPress-Docs">
+		<exclude name="Squiz.Commenting.FileComment.MissingPackageTag" />
+		<exclude name="Squiz.Commenting.FunctionComment.ParamCommentFullStop" />
+		<exclude name="Squiz.Commenting.FunctionComment.ThrowsNoFullStop" />
+		<exclude name="Squiz.Commenting.FunctionComment.SpacingAfterParamType" />
+	</rule>
+
+	<!-- Allow . in hook names. -->
+	<rule ref="WordPress.NamingConventions.ValidHookName">
+		<properties>
+			<property name="additionalWordDelimiters" value="." />
+		</properties>
+	</rule>
+
+	<!-- Ban inline assignment in control structures (see note on Yoda Conditions above). -->
+	<rule ref="PSR2R.ControlStructures.NoInlineAssignment" />
+</ruleset>

README.md

@@ -1,2 +1,51 @@
-# Pantheon-WP-Coding-Standards
-Pantheon WordPress PHPCS rulesets
+# Pantheon WP Coding Standards
+[![Unofficial Support](https://img.shields.io/badge/pantheon-unsupported-yellow?logo=pantheon&color=FFDC28)](https://pantheon.io/docs/oss-support-levels#unofficial-support) ![Packagist Version](https://img.shields.io/packagist/v/pantheon-systems/pantheon-wp-coding-standards) ![MIT License](https://img.shields.io/github/license/pantheon-systems/Pantheon-WP-Coding-Standards)
+PHPCS rulesets for WordPress projects on Pantheon.
+
+This is a work-in-progress...
+
+## Setup
+The PHPCS ruleset can be installed via Composer:
+
+`composer require --dev pantheon-systems/pantheon-wp-coding-standards`
+
+## Usage
+
+Run the following command to run the standards checks:
+
+```
+vendor/bin/phpcs -s --standard=Pantheon-WP .
+```
+
+We recommend using the `-s` flag so that PHPCS will report the specific rule that was violated. This makes it easier to add exclusions or research possible solutions.
+
+## Extending
+
+If you want to customize the defaults or add additional rules, you can create your own standard file (e.g. `phpcs.ruleset.xml`):
+
+```xml
+<?xml version="1.0"?>
+<ruleset>
+	<!-- Files or directories to check -->
+	<file>.</file>
+
+	<!-- Include the Pantheon-WP ruleset -->
+	<rule ref="Pantheon-WP" />
+
+	<!-- Add additional rules here -->
+	<rule ref="WordPress.WP.I18n">
+		<properties>
+			<property name="text_domain" value="my-plugin" />
+		</properties>
+</ruleset>
+```
+
+You can then reference this file when running PHPCS:
+
+```
+vendor/bin/phpcs -s --standard=phpcs.ruleset.xml .
+```
+
+## Included Checks
+
+The Pantheon WP standard is based upon [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards/), [VIP Coding Standards](https://github.com/Automattic/VIP-Coding-Standards) with some customizations based on [Human Made's Coding Standards](https://github.com/humanmade/coding-standards/).

composer.json

@@ -0,0 +1,29 @@
+{
+    "name": "pantheon-systems/pantheon-wp-coding-standards",
+    "description": "PHPCS Rulesets for WordPress projects on Pantheon.",
+    "type": "phpcodesniffer-standard",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Pantheon",
+            "email": "[email protected]"
+        }
+    ],
+    "minimum-stability": "dev",
+    "prefer-stable": true,
+    "require": {
+        "wp-coding-standards/wpcs": "^2.3",
+        "phpcompatibility/phpcompatibility-wp": "^2.1",
+        "automattic/vipwpcs": "^2.3"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "9.6.x-dev",
+        "yoast/phpunit-polyfills": "1.x-dev"
+    },
+    "config": {
+        "sort-packages": true,
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": true
+        }
+    }
+}

ruleset.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<ruleset name="Pantheon-WP">
+	<description>Proxy to the actual Pantheon-WP ruleset.</description>
+
+	<rule ref="vendor/pantheon-systems/pantheon-wp-coding-standards/Pantheon-WP/ruleset.xml" />
+
+</ruleset>