# WF Cookie Consent — Development

This is the WordPress.org **SVN** working copy. Only `trunk/` (or a tag under
`tags/`) is shipped to users. Everything in this root directory — `package.json`,
`node_modules/`, this file — is build tooling and is **not** deployed.

## Asset build (minification)

Source files are edited directly; the minified files that the plugin enqueues
are generated from them:

| Source (edit this)                  | Output (generated, enqueued)            |
| ----------------------------------- | --------------------------------------- |
| `trunk/js/cookiechoices.js`         | `trunk/js/cookiechoices.min.js`         |
| `trunk/css/wf-cookie-consent.css`   | `trunk/css/wf-cookie-consent.min.css`   |

Tooling: [`terser`](https://terser.org/) (JS) and
[`clean-css`](https://github.com/clean-css/clean-css) (CSS) — lightweight, no
framework. (`@wordpress/scripts`/webpack is intentionally avoided: this plugin
is vanilla JS with no blocks/React, so it would only add weight.)

### Setup

```sh
nvm use            # uses Node 22 (see .nvmrc); npm ships with it
npm install
```

### Build

```sh
npm run build      # build:js + build:css
npm run build:js   # JS only
npm run build:css  # CSS only
npm run watch      # rebuild on change while developing
```

**Always run `npm run build` and commit the regenerated `*.min.*` files**
before tagging a release. Bump the version in `trunk/wf-cookie-consent.php`
(header + `WFCOOKIECONSENT_VERSION`) and `trunk/readme.txt` (`Stable tag` +
changelog) in the same change.

> `node_modules/` is covered by `svn:ignore` on the root — never `svn add` it.

## PHP linting (PHPCS + WordPress Coding Standards)

Static analysis of the plugin PHP against the WordPress Coding Standards —
catches missing output escaping / input sanitization, i18n issues, unprefixed
globals, and PHP/WP version-compatibility problems before release. Config:
[`phpcs.xml.dist`](phpcs.xml.dist) (scans `trunk/`, uses `WordPress-Extra` +
`PHPCompatibilityWP`, text domain `wf-cookie-consent`).

Requires PHP + Composer. If you have them on the host:

```sh
composer install
composer lint        # report issues (phpcs)
composer lint:fix    # auto-fix what can be fixed (phpcbf)
```

No host PHP/Composer? Run it in a disposable official `composer` image that
mounts this repo root (this does **not** touch the `wfcc-test-*` WordPress test
stack):

```sh
docker run --rm -v "$PWD":/app -w /app composer:2 install
docker run --rm -v "$PWD":/app -w /app composer:2 composer lint
docker run --rm -v "$PWD":/app -w /app composer:2 composer lint:fix
```

> A quick PHP **syntax** check (no Composer needed) can also run in the existing
> test container:
> `docker exec wfcc-test-wpcli-1 php -l wp-content/plugins/wf-cookie-consent/wf-cookie-consent.php`

`vendor/` is covered by `svn:ignore` — never `svn add` it.

