Labsco
Automattic logo

gitattributes

572

by automattic · part of automattic/wordpress-activitypub

Use when auditing or updating .gitattributes export-ignore coverage so dev-only files (lint configs, CI, tests, docs, build tooling) don't ship in the…

🔥🔥✓ VerifiedFreeQuick setup
🔒 Repo-maintenance skill. It exists to help maintain automattic/wordpress-activitypub itself — it's only useful if you contribute code to that project.

Use when auditing or updating .gitattributes export-ignore coverage so dev-only files (lint configs, CI, tests, docs, build tooling) don't ship in the…

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.


name: gitattributes description: Use when auditing or updating .gitattributes export-ignore coverage so dev-only files (lint configs, CI, tests, docs, build tooling) don't ship in the WordPress.org plugin zip. Run before a release, after adding a new top-level file or config, or when a tool is renamed (e.g. .eslintrc.js → eslint.config.cjs).

.gitattributes Export-Ignore Audit

Ensure the WordPress.org release archive (git archive output) contains only runtime files. Dev tooling, tests, CI, and repo meta must be export-ignored.

Why This Matters

The WordPress.org zip is built via git archive. Anything without export-ignore ends up on every user's site, bloating the install and shipping dev-only code. Equally bad: stale export-ignore entries for files that no longer exist look tidy but protect nothing.

Quick Audit (one command)

Copy & paste — that's it
# Entries in the release archive at the repository root
git archive --format=tar HEAD | tar -t | awk -F/ '{print $1}' | sort -u

# Same, but uses the working-tree .gitattributes (use while iterating on edits)
git archive --worktree-attributes --format=tar HEAD | tar -t | awk -F/ '{print $1}' | sort -u

git archive HEAD reads .gitattributes from the commit, so uncommitted fixes won't show up. Use --worktree-attributes to preview a pending change before committing.

The output should contain ONLY runtime artifacts. For this plugin that's: LICENSE, readme.txt, activitypub.php, assets, build, includes, integration, patterns, templates.

Anything else in the list is a gap — add an export-ignore rule.

Cross-Check Tracked vs Ignored

Copy & paste — that's it
# Top-level tracked entries
git ls-tree --name-only HEAD | sort > /tmp/tracked.txt

# Entries referenced in .gitattributes
grep export-ignore .gitattributes | awk '{print $1}' | sed 's|^/||; s|/$||' | sort > /tmp/ignored.txt

# Stale entries (in .gitattributes but no longer tracked)
comm -23 /tmp/ignored.txt /tmp/tracked.txt

Stale entries aren't dangerous, but they rot and mislead future readers. Delete them.

What Belongs in Each Bucket

CategoryExamplesRule
Runtime PHPactivitypub.php, includes/, integration/keep
Runtime assetsassets/, build/, patterns/, templates/keep
WordPress.org metareadme.txt, LICENSEkeep
Dev dotfiles.editorconfig, .prettierrc.js, .stylelintrc.json, eslint.config.cjs, .wp-env.jsonexport-ignore
Repo meta.github/, .githooks/, .gitignore, .gitattributes, .wordpress-org/export-ignore
Agent/AI tooling.agents/, .claude/, AGENTS.md, CLAUDE.mdexport-ignore
Build & package configspackage.json, package-lock.json, composer.json, webpack.config.js, tsconfig.json, jest.config.js, jest.setup.jsexport-ignore
QA configsphpcs.xml, phpunit.xml.distexport-ignore
Source (pre-build)src/export-ignore (shipping build/ instead)
Teststests/export-ignore
Docs for contributorsdocs/, snippets/, CHANGELOG.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, FEDERATION.md, README.md, SECURITY.mdexport-ignore
Scriptsbin/, local/export-ignore

When to Run This Audit

  • Before tagging a release.
  • After adding or renaming any top-level file, dotfile, or config.
  • After adopting a new dev tool (lint, test runner, bundler).
  • When a linter flat-config migration renames files (e.g. .eslintrc.jseslint.config.cjs).

Writing Rules

  • Use a leading / to anchor to the repo root: /phpcs.xml, not phpcs.xml.
  • Use a trailing / for directories: /tests/.
  • Keep grouping comments tidy (dotfiles, build configs, source/tests, docs, linguist).

Linguist Attributes (bonus)

Also used in .gitattributes to shape GitHub's language stats:

  • /build/** linguist-generated — hides machine-built output.
  • /docs/** linguist-documentation — keeps docs out of the language bar.
  • /package-lock.json linguist-generated — hides lockfile churn.

These don't affect the archive, but live in the same file, so keep them current too.

Red Flags

  • Release zip is larger than expected → something new is leaking in.
  • New dev dependency added, .gitattributes untouched → likely a gap.
  • Lint tool migrated to a new config filename → old entry is stale, new file is leaking.
  • Top-level file renamed → old export-ignore is dead weight, new one is missing.