Tests

Author: PDowney

.github/workflows/tests.yml

@@ -0,0 +1,85 @@
+name: Tests
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    
+    strategy:
+      matrix:
+        php-version: ['7.4', '8.0', '8.1', '8.2', '8.3', '8.4']
+
+    name: PHP ${{ matrix.php-version }} Tests
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php-version }}
+        extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, gd
+        coverage: xdebug
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate --strict
+
+    - name: Cache Composer packages
+      id: composer-cache
+      uses: actions/cache@v3
+      with:
+        path: vendor
+        key: ${{ runner.os }}-php-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-php-${{ matrix.php-version }}-
+
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress --no-interaction
+
+    - name: Run PHPUnit tests
+      run: composer test
+
+    - name: Run tests with coverage
+      if: matrix.php-version == '8.1'
+      run: composer test:coverage
+
+    - name: Check coverage threshold
+      if: matrix.php-version == '8.1'
+      run: composer coverage:check
+
+    - name: Upload coverage reports to Codecov
+      if: matrix.php-version == '8.1'
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./coverage/clover.xml
+        fail_ci_if_error: true
+
+  code-quality:
+    runs-on: ubuntu-latest
+    name: Code Quality
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: '8.1'
+        extensions: dom, curl, libxml, mbstring, zip
+
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress --no-interaction
+
+    - name: Run PHPCS
+      run: vendor/bin/phpcs --standard=phpcs.xml simple-wp-optimizer.php
+
+    - name: Run PHPMD
+      run: vendor/bin/phpmd simple-wp-optimizer.php text phpmd.xml
+
+    - name: Run PHPStan
+      run: vendor/bin/phpstan analyse --configuration=phpstan.neon

CHANGELOG.md

@@ -10,23 +10,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **DNS Prefetch Security Enhancement**: Enhanced DNS prefetch validation to reject file paths, query parameters, and fragments - only clean domains are now accepted
 - **Documentation Enhancement**: Added @since version tags to all PHPDoc blocks for better change tracking
 - **Developer Guidelines**: Created comprehensive CONTRIBUTING.md file with development standards, security requirements, and contribution workflow
+- **Comprehensive Unit Testing**: Implemented complete testing infrastructure with PHPUnit, WP_Mock, and 80% coverage requirement
+  - **Test Coverage**: 18 core functions with comprehensive unit and integration tests
+  - **Security Testing**: XSS prevention, DNS validation, CSRF protection, and input sanitization validation
+  - **Performance Testing**: Caching mechanisms, optimization effects, and conditional loading verification
+  - **CI/CD Integration**: GitHub Actions workflow with multi-PHP version testing (7.4-8.4) and automated quality checks
 
 ### Enhanced
 - **DNS Prefetch Optimization**: Improved DNS prefetch function with static caching, duplicate removal, AJAX detection, and enhanced domain validation
 - **Security Validation**: Strengthened DNS prefetch domain validation to prevent file path injection (e.g., `https://google.com/file.php` is now rejected)
 - **User Experience**: Updated DNS prefetch textarea description to clearly explain that only clean domains are allowed
 - **Code Quality**: Enhanced function documentation and maintained WordPress coding standards compliance
+- **Testing Infrastructure**: Complete test suite with fixtures, helpers, and comprehensive coverage reporting
 
 ### Security
 - **Domain Validation**: Enhanced DNS prefetch security to block file paths, query parameters, and URL fragments
 - **Input Sanitization**: Maintained comprehensive input validation and output escaping throughout all changes
 - **Clean Domain Output**: DNS prefetch now automatically strips paths and returns only clean domain URLs for security
+- **Security Testing**: Comprehensive security validation tests including XSS prevention and malicious input handling
 
 ### Performance
 - **Reduced Database Queries**: Option caching system minimizes repeated database calls
 - **Conditional Loading**: Admin assets only load when needed, reducing unnecessary resource usage
 - **Optimized DNS Prefetch**: Enhanced processing efficiency with static caching and validation improvements
 
+### Developer Experience
+- **Testing Framework**: PHPUnit with WP_Mock for WordPress-specific testing
+- **Code Coverage**: 80% minimum coverage requirement with detailed reporting
+- **Quality Assurance**: PHPCS, PHPMD, and PHPStan integration for code quality
+- **Development Workflow**: Automated testing with GitHub Actions CI/CD pipeline
+
 ## [1.5.12] - 2025-08-02
 ### Added
 - **Disable Post via Email**: New option to disable the post-via-email feature for enhanced security and performance.

composer.json

@@ -20,11 +20,23 @@
     "dealerdirect/phpcodesniffer-composer-installer": "^1.0.0",
     "php-stubs/wordpress-stubs": "^6.8",
     "szepeviktor/phpstan-wordpress": "^1.3",
-    "phpstan/phpstan": "^1.0"
+    "phpstan/phpstan": "^1.0",
+    "10up/wp_mock": "^1.0",
+    "mockery/mockery": "^1.5",
+    "phpunit/php-code-coverage": "^9.2",
+    "sebastianbergmann/phpcov": "^8.2"
   },
   "config": {
     "allow-plugins": {
       "dealerdirect/phpcodesniffer-composer-installer": true
     }
+  },
+  "scripts": {
+    "test": "phpunit",
+    "test:coverage": "phpunit --coverage-html coverage --coverage-clover coverage.xml",
+    "test:unit": "phpunit --testsuite=unit",
+    "test:integration": "phpunit --testsuite=integration",
+    "test:watch": "phpunit --watch",
+    "coverage:check": "php scripts/check-coverage.php"
   }
 }

phpunit.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<phpunit
+    bootstrap="tests/bootstrap.php"
+    colors="true"
+    convertErrorsToExceptions="true"
+    convertNoticesToExceptions="true"
+    convertWarningsToExceptions="true"
+    stopOnFailure="false"
+    testdox="true"
+    beStrictAboutTestsThatDoNotTestAnything="true"
+    beStrictAboutOutputDuringTests="true"
+    beStrictAboutChangesToGlobalState="true"
+>
+    <testsuites>
+        <testsuite name="unit">
+            <directory>tests/unit</directory>
+        </testsuite>
+        <testsuite name="integration">
+            <directory>tests/integration</directory>
+        </testsuite>
+    </testsuites>
+    
+    <filter>
+        <whitelist>
+            <file>simple-wp-optimizer.php</file>
+        </whitelist>
+    </filter>
+    
+    <coverage>
+        <report>
+            <html outputDirectory="coverage/html"/>
+            <clover outputFile="coverage/clover.xml"/>
+            <text outputFile="php://stdout" showUncoveredFiles="true"/>
+        </report>
+        <include>
+            <file>simple-wp-optimizer.php</file>
+        </include>
+    </coverage>
+    
+    <logging>
+        <junit outputFile="coverage/junit.xml"/>
+    </logging>
+    
+    <php>
+        <const name="WP_TESTS_PHPUNIT_POLYFILLS_PATH" value="vendor/yoast/phpunit-polyfills"/>
+    </php>
+</phpunit>

readme.txt

@@ -49,6 +49,10 @@ No, the plugin has a simple interface where you can toggle features on and off.
 * **PERFORMANCE**: Enhanced DNS prefetch function with static caching, duplicate removal, and AJAX detection
 * **SECURITY**: Enhanced DNS prefetch validation to reject file paths, query parameters, and fragments - only clean domains accepted
 * **SECURITY**: Strengthened domain validation to prevent file path injection (e.g., `https://google.com/file.php` now rejected)
+* **TESTING**: Implemented comprehensive unit testing infrastructure with PHPUnit and WP_Mock
+* **TESTING**: Added 18 core function tests with 80% coverage requirement and security validation
+* **TESTING**: Created CI/CD pipeline with GitHub Actions for multi-PHP version testing (7.4-8.4)
+* **TESTING**: Integrated automated code quality checks with PHPCS, PHPMD, and PHPStan
 * **DOCUMENTATION**: Added @since version tags to all PHPDoc blocks for better change tracking
 * **DEVELOPER EXPERIENCE**: Created comprehensive CONTRIBUTING.md file with development standards and security requirements
 * **USER EXPERIENCE**: Updated DNS prefetch textarea description to clearly explain clean domain requirements