diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 21021be..2a865f0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,7 @@ updates: interval: weekly timezone: America/Los_Angeles day: tuesday - target-branch: "develop" + target-branch: "main" open-pull-requests-limit: 99 ignore: - dependency-name: phpunit/phpunit @@ -23,7 +23,7 @@ updates: interval: weekly timezone: America/Los_Angeles day: tuesday - target-branch: "develop" + target-branch: "main" open-pull-requests-limit: 99 - package-ecosystem: github-actions directory: "/" @@ -31,5 +31,5 @@ updates: interval: weekly timezone: America/Los_Angeles day: tuesday - target-branch: "develop" + target-branch: "main" open-pull-requests-limit: 99 diff --git a/.github/workflows/build-tag-release.yml b/.github/workflows/build-tag-release.yml index 9f13be6..974a50e 100644 --- a/.github/workflows/build-tag-release.yml +++ b/.github/workflows/build-tag-release.yml @@ -15,9 +15,9 @@ jobs: outputs: is-plugin-update: ${{ steps.set-outputs.outputs.is-plugin-update }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - id: get-changed-files - uses: jitterbit/get-changed-files@v1 + uses: jitterbit/get-changed-files@b17fbb00bdc0c0f63fcf166580804b4d2cdc2a42 # v1 - id: set-outputs shell: bash run: | @@ -48,9 +48,9 @@ jobs: if: ${{ needs.check-status.outputs.is-plugin-update == 'false' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: WP.org Asset Only Update - uses: 10up/action-wordpress-plugin-asset-update@stable + uses: 10up/action-wordpress-plugin-asset-update@2480306f6f693672726d08b5917ea114cb2825f7 # stable 2025-01-21T21:32:26Z env: SVN_USERNAME: ${{ secrets.SVN_USERNAME }} SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} @@ -60,9 +60,9 @@ jobs: name: Create Tag and Draft Release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Build, Tag & Release - uses: pantheon-systems/plugin-release-actions/build-tag-release@main + uses: pantheon-systems/plugin-release-actions/build-tag-release@a3839d25efa9d0d4270c088702c2072a2e49edde # main 2025-11-07T23:23:14Z with: gh_token: ${{ github.token }} readme_md: README.md diff --git a/.github/workflows/composer-diff.yml b/.github/workflows/composer-diff.yml index 243a92c..0bdec74 100644 --- a/.github/workflows/composer-diff.yml +++ b/.github/workflows/composer-diff.yml @@ -12,13 +12,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Generate composer diff id: composer_diff - uses: IonBazan/composer-diff-action@v1 - - uses: marocchino/sticky-pull-request-comment@v2 + uses: IonBazan/composer-diff-action@3140157575f6a67799cc80248ae35f5fb303ab15 # v1.2.0 + - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 if: ${{ steps.composer_diff.outputs.composer_diff_exit_code != 0 }} with: header: composer-diff diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index 245871a..199743e 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -19,22 +19,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - - uses: pantheon-systems/validate-readme-spacing@v1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: pantheon-systems/validate-readme-spacing@229ea162621009cf8e09bf2beba405017150130e # v1.0.5 lint: name: PHPCS Linting runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/vendor key: test-lint-dependencies-{{ checksum "composer.json" }} restore-keys: test-lint-dependencies-{{ checksum "composer.json" }} - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2 with: php-version: 8.3 - name: Install dependencies @@ -46,8 +46,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - - uses: pantheon-systems/phpcompatibility-action@dev + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: pantheon-systems/phpcompatibility-action@bd72eb001d4fb9817c9d6e1a157a71e287f3ff80 # dev 2023-10-04T16:54:18Z with: paths: ${{ github.workspace }}/*.php ${{ github.workspace }}/inc/*.php test-versions: 8.3- @@ -56,8 +56,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - - uses: pantheon-systems/action-wporg-validator@1.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: pantheon-systems/action-wporg-validator@4df6286ef133ca95bbc955728fc649322e433380 # 1.0.0 2023-06-09T19:59:09Z with: type: 'plugin' test: @@ -71,9 +71,9 @@ jobs: matrix: php_version: [7.4, 8.2, 8.3, 8.4] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2 with: php-version: ${{ matrix.php_version }} extensions: mysqli, zip, imagick @@ -89,13 +89,13 @@ jobs: sudo apt-get install subversion svn --version - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/vendor key: test-dependencies-{{ checksum "composer.json" }} restore-keys: test-dependencies-{{ checksum "composer.json" }} - name: Setup WP-CLI - uses: godaddy-wordpress/setup-wp-cli@1 + uses: godaddy-wordpress/setup-wp-cli@80c9a89bd347082429795c0f12acf567e2c390d4 # 1 2022-10-04T19:52:20Z - name: Install dependencies run: | if [ ${{ matrix.php_version }} = "7.4" ]; then @@ -108,6 +108,6 @@ jobs: chmod +x ./bin/*.sh composer test:install - name: Setup WP-CLI - uses: godaddy-wordpress/setup-wp-cli@1 + uses: godaddy-wordpress/setup-wp-cli@80c9a89bd347082429795c0f12acf567e2c390d4 # 1 2022-10-04T19:52:20Z - name: Run PHPUnit run: composer test diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index d97bede..313cc11 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -2,7 +2,7 @@ name: Draft Release PR on: push: branches: - - develop + - main permissions: pull-requests: write @@ -13,9 +13,9 @@ jobs: name: Draft Release PR runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Create Draft Release PR - uses: pantheon-systems/plugin-release-actions/release-pr@main + uses: pantheon-systems/plugin-release-actions/release-pr@a3839d25efa9d0d4270c088702c2072a2e49edde # main 2025-11-07T23:23:14Z with: gh_token: ${{ github.token }} readme_md: README.md diff --git a/.github/workflows/test-behat.yml b/.github/workflows/test-behat.yml index 3080e20..342c981 100644 --- a/.github/workflows/test-behat.yml +++ b/.github/workflows/test-behat.yml @@ -27,12 +27,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Cache dependencies - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/vendor key: test-lint-dependencies-{{ checksum "composer.json" }} @@ -45,12 +45,12 @@ jobs: run: composer phpcs - name: Install Terminus - uses: pantheon-systems/terminus-github-actions@v1 + uses: pantheon-systems/terminus-github-actions@8e024bd89ff46ed2aa4e0663c6b54c87a94344f8 # v1.2.7 with: pantheon-machine-token: ${{ secrets.TERMINUS_TOKEN }} - name: Validate Readme Spacing - uses: pantheon-systems/validate-readme-spacing@v1 + uses: pantheon-systems/validate-readme-spacing@229ea162621009cf8e09bf2beba405017150130e # v1.0.5 - name: Install Subversion run: | @@ -75,7 +75,7 @@ jobs: run: echo "GIT_SSH_COMMAND=ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" >> $GITHUB_ENV - name: Install SSH key - uses: webfactory/ssh-agent@v0.9.1 + uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1 with: ssh-private-key: ${{ secrets.SITE_OWNER_SSH_PRIVATE_KEY }} @@ -86,7 +86,7 @@ jobs: { composer config -g github-oauth.github.com "$GITHUB_TOKEN"; } &>/dev/null - name: Validate fixture version - uses: jazzsequence/action-validate-plugin-version@v2 + uses: jazzsequence/action-validate-plugin-version@33b0e43e436229825afc8427b19829a0c9aea498 # v2.0.0 with: branch: ${{ github.head_ref }} dry-run: 'true' diff --git a/.github/workflows/wordpress-plugin-deploy.yml b/.github/workflows/wordpress-plugin-deploy.yml index feb0be1..f96dcb1 100644 --- a/.github/workflows/wordpress-plugin-deploy.yml +++ b/.github/workflows/wordpress-plugin-deploy.yml @@ -7,14 +7,14 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install Subversion run: | sudo apt-get update sudo apt-get install subversion svn --version - name: WordPress Plugin Deploy - uses: 10up/action-wordpress-plugin-deploy@2.1.1 + uses: 10up/action-wordpress-plugin-deploy@958b7fa0abf359af27e7e27c446cf5f4cc4660c7 # 2.1.1 2022-08-16T10:32:14Z env: SVN_USERNAME: ${{ secrets.SVN_USERNAME }} SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a5e6db..515468f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -27,37 +27,56 @@ We prefer to squash commits (i.e. avoid merge PRs) from a feature branch into `m `main` should be stable and usable, though will be few commits ahead of the public release on wp.org. -The `release` branch matches the latest stable release deployed to [wp.org](wp.org). +The `release` branch matches the latest stable release deployed to [wp.org](wp.org). Releases are shipped from tags created on push to the `release` branch. ## Release Process -1. Merge your feature branch into `develop` with a PR. This PR should include any necessary updates to the changelog in readme.txt and README.md. -1. A draft release PR will be generated by the [`release-pr`](https://github.com/pantheon-systems/pantheon-advanced-page-cache/actions/workflows/release-pr.yml) action. This PR needs to be switched to Ready to Review so automated testing will run. -1. After merging the release PR to the `release` branch, a draft Release will be automatically be created by the [`build-tag-release`](https://github.com/pantheon-systems/pantheon-advanced-page-cache/actions/workflows/build-tag-release.yml) workflow. This draft release will be automatically pre-filled with release notes. -1. Confirm that the necessary assets are present in the newly created tag, and test on a WP install if desired. -1. Review the release notes making any necessary changes and publish the release. -1. Wait for the [_Release wp-native-php-sessions plugin to wp.org_ action](https://github.com/pantheon-systems/wp-native-php-sessions/actions/workflows/wordpress-plugin-deploy.yml) to finish deploying to the WordPress.org plugin repository. If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes. -1. Check WordPress.org: Ensure that the changes are live on [the plugin repository](https://wordpress.org/plugins/native-php-sessions/). This may take a few minutes. +1. Merge your feature branch into `main` with a PR. This PR should include any necessary updates to the changelog in readme.txt and README.md. Features should be squash merged. +1. From main, checkout a new branch `release_X.Y.Z`. +1. Make a release commit: + * In `package.json`, `README.md`, `readme.txt`, and `pantheon-sessions.php`, remove the `-dev` from the version number. + * For the README files, the version number must be updated both at the top of the document as well as the changelog. + * Add the date to the `** X.Y.Z **` heading in the changelogs in `README.md`, `readme.txt`, and any other appropriate location. + * Commit these changes with the message `Release X.Y.Z` + * Push the release branch up. +1. Open a Pull Request to merge `release_X.Y.Z` into `release`. Your PR should consist of all commits to `main` since the last release, and one commit to update the version number. The PR name should also be `Release X.Y.Z`. +1. After all tests pass and you have received approval from a CODEOWNER (including resolving any merge conflicts), merge the PR into `release`. Use a "merge" commit, do no not rebase or squash. If the GitHub UI doesn't offer a "Merge commit" option (only showing "Squash and merge" or "Rebase and merge"), merge from the terminal instead: + `git checkout release` + `git merge release_X.Y.Z` + `git push origin release` +1. After merging to the `release` branch, a draft Release will be automatically created by the build-tag-release workflow. This draft release will be automatically pre-filled with release notes. +1. Confirm that the necessary assets are present in the newly created tag, and test on a WP install if desired. +1. Review the release notes, making any necessary changes, and publish the release. +1. Wait for the Release plugin to wp.org action to finish deploying to the WordPress.org plugin repository. +1. If all goes well, users with SVN commit access for that plugin will receive an email with a diff of the changes. +1. Check WordPress.org: Ensure that the changes are live on the plugin repository. This may take a few minutes. 1. Following the release, prepare the next dev version with the following steps: + * `git checkout release` + * `git pull origin release` * `git checkout main` - * `git pull origin main` - * `git checkout develop` - * `git rebase main` + * `git rebase release` * Update the version number in all locations, incrementing the version by one patch version, and add the `-dev` flag (e.g. after releasing `1.2.3`, the new verison will be `1.2.4-dev`) - * Add a new `** X.Y.X-dev **` heading to the changelog + * Add a new `** X.Y.Z-dev **` heading to the changelog * `git add -A .` - * `git commit -m "Prepare X.Y.X-dev"` - * `git push origin develop` + * `git commit -m "Prepare X.Y.Z-dev"` + * `git checkout -b release-XYZ-dev` + * `git push origin release-XYZ-dev` + * Create a pull request on GitHub UI from `release-XYZ-dev` to `main` to trigger all required status checks + * _Wait for all required status checks to pass in CI. Once all tests pass, push to main from the terminal:_ + * `git checkout main && git push origin main` + * _Note: While main is typically protected, having an open PR with passing tests allows direct push to main, which is the preferred method here._ + ## Asset-only Releases +> ⚠️ WARNING: This workflow has some pitfalls and may need further adjustment. Tread carefully if attempting an asset-only update and don't be surprised if it takes multiple attempts. + Thanks to [10up/action-wordpress-plugin-asset-update](https://github.com/10up/action-wordpress-plugin-asset-update/) we can make asset-only updates to WordPress.org without needing to create a new release. This is useful for updating the plugin banner, icon, screenshots or just updating the readme.txt. Broadly the process for creating asset-only releases is as follows: -1. Branch off of `main` (not `develop`) and make your changes. Ensure that you are _only_ making changes to `readme.txt`/`readme.md` or files in the `.wordpress.org` directory. Some other changes (e.g. to `.gitignore` or `composer.json`) are allowed but any file changes to anything beyond those locations will trigger the release automation. -1. Push your branch to GitHub and open a PR against `main`. -1. Automation will trigger and create a new release branch in the repository. Because the version numbers have not changed, you will need to ensure that the version numbers in your branch are correct. If they are not, and a new branch was created automatically that drops the `-dev` suffix but contains the correct version number, you can merge that branch into your PR branch to update the version numbers, then close the release branch. A release PR will not be created because the diffs will not have changed. +1. Branch off of `release` (not `main`) and make your changes. Ensure that you are _only_ making changes to `readme.txt`/`readme.md` or files in the `.wordpress.org` directory. Some other changes (e.g. to `.gitignore` or `composer.json`) are allowed but any file changes to anything beyond those locations will trigger the release automation. +1. Push your branch to GitHub and open a PR against `release`. 1. Once the PR is merged, the asset update action will run and update the assets on WordPress.org. -1. Check out `develop` and merge `main` into it to ensure that the asset-only changes are included in the next release. Then update the version numbers again to re-add the `-dev` suffix. +1. Check out `main` and merge `release` into it to ensure that the asset-only changes are included in the next release. **Note:** In the future we will work on making this process smoother and more automated. \ No newline at end of file diff --git a/README.md b/README.md index e38ee8c..a630179 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** comments, sessions **Requires at least:** 5.3 **Tested up to:** 6.9 -**Stable tag:** 1.4.5 +**Stable tag:** 1.4.6 **Requires PHP:** 7.4 **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -100,6 +100,8 @@ Adds a WP-CLI command to add an index to the sessions table if one does not exis ## Changelog ## +### 1.4.6 (23 January 2026) ### + ### 1.4.5 (December 2, 2025) ### * Compatibility: Supports Wordpress 6.9 diff --git a/pantheon-sessions.php b/pantheon-sessions.php index 03676b1..5d730d2 100644 --- a/pantheon-sessions.php +++ b/pantheon-sessions.php @@ -1,7 +1,7 @@