Merge pull request #3 from udx/develop-alexey-light

Prepare public release

.github/workflows/publish-release.yml

@@ -0,0 +1,152 @@
+name: Publish Release
+run-name: Publish Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: 'Release version (e.g. 1.2.3)'
+        required: true
+      prerelease:
+        description: 'Pre-release version (e.g. RC1, beta, etc...)'
+        required: false
+
+permissions:
+  contents: write
+
+env:
+  TAG: ${{ github.event.inputs.release }}
+  PRETAG: ${{ github.event.inputs.prerelease }}
+  BRANCH: temp-release-${{ github.event.inputs.release }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare vars
+        id: vars
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const full_tag = [
+              process.env.TAG,
+              process.env.PRETAG
+            ].filter(Boolean).join('-');
+            const branch = `temp-release-${full_tag}`;
+            const is_prerelease = !!process.env.PRETAG;
+
+            core.setOutput('full_tag', full_tag );
+            core.setOutput('branch', branch );
+            core.setOutput('is_prerelease', is_prerelease );
+        
+      # 'ref' and 'repository' are required, otherwise repo could appear in detached head state
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          repository: ${{ github.repository }}
+
+      - name: Parse Changelog Entries
+        uses: actions/github-script@v7
+        id: changelog
+        with:
+          script: |
+            const { open } = require('fs/promises');
+
+            const version = process.env.TAG;
+            const delimiter = '#### ';
+            const file = await open('./changes.md');
+
+            let description = [];
+            let found = false;
+
+            for await (let line of file.readLines()) {
+              line = line.trim();
+              
+              if ( line.startsWith(`${delimiter}${version}`) ) {
+                found = true;
+                continue;
+              }
+              
+              if (!found) continue;
+              if ( line.startsWith(delimiter) )  break;
+
+              description.push(line);
+            }
+
+            if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
+
+            core.setOutput('description', description.join('\n') );
+
+
+      # cleanup files that are not needed for the release
+      # but keep the .git folder, because we need it for the next step
+      - name: Cleanup files
+        run: |
+          rm -f composer.lock || true
+          rm -rf tests || true
+          rm -rf vendor/bin || true
+          rm -rf vendor/composer/installers || true
+          find ./ -name '.git*' -not -path './.git' -type f -delete || true
+          find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
+          find ./vendor -name .svn -exec rm -rf {} \; || true
+
+      # cleanup files, specific to Google API PHP library
+      - name: Cleanup files for Google API library
+        run: |
+          rm -f lib/Google/phpstan.neon.dist || true
+          rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
+          find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
+          find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
+
+      # commit changes to temporary release branch and create a new tag
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: Cleanup files for release
+          new_branch: ${{ steps.vars.outputs.branch }}
+          tag: ${{ steps.vars.outputs.full_tag }}
+
+      # generate SBOM that will be attached to a release as an artifact
+      - name: Create SBOM
+        id: sbom
+        uses: anchore/sbom-action@v0
+        with:
+          path: .
+          output-file: sbom.spdx.json
+          format: spdx-json
+
+      # create a draft release with the version changelog as a description
+      - name: Create Draft Release
+        id: draft_release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: "Release ${{ steps.vars.outputs.full_tag }}"
+          body: "${{ steps.changelog.outputs.description }}"
+          tag_name: ${{ steps.vars.outputs.full_tag }}
+          draft: true
+          prerelease: ${{ steps.vars.outputs.is_prerelease }}
+
+      # attach SBOM to release
+      - name: Upload SBOM to release
+        uses: actions/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.draft_release.outputs.upload_url }}
+          asset_path: ./sbom.spdx.json
+          asset_name: sbom.spdx.json
+          asset_content_type: application/json
+
+      # publish release using an ID from the 'draft_release' step
+      - name: Publish Release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.draft_release.outputs.id }}
+
+      # delete temporary release branch
+      - name: Delete temporary release branch
+        run: |
+          git push origin --delete ${{ steps.vars.outputs.branch }}

.github/workflows/tests.yml

@@ -2,9 +2,7 @@ name: Tests
 
 on:
   push:
-    branches: [main]
   pull_request:
-    branches: [main]
 
 jobs:
   build:

README.md

@@ -8,7 +8,7 @@ Provides compatibility between the [BuddyPress](https://wordpress.org/plugins/bu
 
 ### Notes
 
-* Tested with BuddyPress plugin version 11.4.0
+* Tested with BuddyPress plugin version 14.1.0
 
 ### Support, Feedback, & Contribute
 

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy Overview
+
+Thank you for using and contributing to our product. At [UDX](https://udx.io), we take the security of our products seriously and appreciate collaborative efforts to ensure the safety of our users and contributors.
+
+## Reporting a Security Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you find a security vulnerability, please [submit a vulnerability report](https://github.com/udx/wp-stateless-buddypress-addon/security/advisories/new). Provide detailed information about the vulnerability to help us understand and address the issue promptly. We kindly request that you avoid public disclosure until we've had the opportunity to analyze and resolve the reported issue.
+
+## Responsible Disclosure
+
+Responsible disclosure is crucial to maintaining the security of our product. We ask for your cooperation in allowing us sufficient time to investigate and address the reported vulnerability before making it public. We will keep you informed of our progress and make every effort to address the issue promptly.
+
+## Supported Versions
+
+Security updates are provided for the latest stable release. Please ensure that you are using a supported version before reporting a security vulnerability.
+
+## Contact Information
+
+For security-related matters, please contact our security team at [[email protected]](mailto:[email protected]). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless-buddypress-addon/issues).
+
+Thank you for helping us ensure the security of WP-Stateless - BuddyPress Addon. Your contributions are greatly appreciated.