Skip to content
Github Action to perform automated code review on pull requests
Branch: master
Clone or download
mrrobot47 Remove ci_script_options usage
Signed-off-by: Riddhesh Sanghvi <>
Latest commit b0d2aec Mar 27, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
Dockerfile Modify input precedence Mar 22, 2019
LICENSE first commit Mar 20, 2019 Remove ci_script_options usage Mar 27, 2019

⚠️ Note: To use this GitHub Action, you must have access to GitHub Actions. GitHub Actions are currently only available in public beta. You can apply for Github Actions beta access here.

This action is a part of GitHub Actions Library created by rtCamp.

PHPCS Code Review - GitHub Action

A GitHub Action to perform automated pull request review. It is based on but can be used for any WordPress or even PHP projects.

The code review is performed using PHPCS.

Please note that, this action performs pull request review only. If you have an existing project, and you want entire project's code to be reviwed, you may need to do it manually.


  1. Create a .github/main.workflow in your GitHub repo, if one doesn't exist already.
  2. Add the following code to the main.workflow file.
workflow "Run Code Review" {
  resolves = ["PHPCS Code Review"]
  on = "pull_request"

action "PHPCS Code Review" {
  uses = "rtCamp/action-phpcs-code-review@master"
  secrets = ["GH_BOT_TOKEN"]
  args = ["WordPress,WordPress-Core,WordPress-Docs"]
  1. Define GH_BOT_TOKEN using GitHub Action's Secret. See GitHub Token Creation section for more details.

Now, next time you create a pull request or commit on an existing pull request, this action will run.

By default, pull request will be reviwed using WordPress coding and documentation standards. You can change the default by passing different PHPCS Coding Standard(s) in line args = ["WordPress-Core,WordPress-Docs"].

GitHub Token Creation

You can create GitHub Token from here.

It is recommended that you create this token from a bot user account. In a large team, if you use your human account token, you may get flooded with unncessary Github notifications.

Permissions required for this token differ according to which type of repo this workflow has been setup for.

Repo Type Permissions Required Screenshots
Public Under Repo section, only public_repo permission Screenshot Public Repo
Private Complete repo and write:discussion permissions Screenshot Private Repo

PHPCS Coding Standards

Below is list of PHPCS sniffs available at runtime. You can pass more than one standard at a time by comma separated value.

By default, WordPress-Core,WordPress-Docs value is passed.

  • MySource
  • PEAR
  • PHPCompatibility
  • PHPCompatibilityParagonieRandomCompat
  • PHPCompatibilityParagonieSodiumCompat
  • PHPCompatibilityWP
  • PSR1
  • PSR12
  • PSR2
  • Squiz
  • WordPress (default)
  • WordPress-Core (default)
  • WordPress-Docs (default)
  • WordPress-Extra
  • WordPress-VIP
  • WordPress-VIP-Go
  • WordPressVIPMinimum
  • Zend

Custom Sniffs

If your git repo have a file named phpcs.xml in the root of the repository, then that will take precedence. In that case, value passed to args such as args = ["WordPress,WordPress-Core,WordPress-Docs"] will be ignored.

If your git repo doesn't have phpcs.xml and you do not specify args in main.workflow PHPCS action, then this actions will fallback to default.

Here is a sample phpcs.xml you can use in case you want to use custom sniffs.


Automated Code Review in action

Automated PHPCS Code Review


Please note...

  1. This action runs only for PRs. It even runs on new commits pushed after a PR is created.
  2. This action doesn't run on code in the repository added before this action.
  3. This action doesn't run for code committed directly to a branch. We highly recommend that you disable direct commits to your main/master branch.


MIT © 2019 rtCamp

You can’t perform that action at this time.