Adapt plugin to WP-Stateless 4.0.0, prepare for publishing

Author: balexey88

.github/workflows/publish-release.yml

@@ -0,0 +1,131 @@
+name: Publish Release
+run-name: Publish Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: 'Release version (e.g. 1.2.3)'
+        required: true
+
+permissions:
+  contents: write
+
+env:
+  TAG: ${{ github.event.inputs.release }}
+  BRANCH: temp-release-${{ github.event.inputs.release }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # ref and repository are required, otherwise repo could appear in detached head state
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          repository: ${{ github.repository }}
+
+      - name: Parse Changelog Entries
+        uses: actions/github-script@v7
+        id: changelog
+        with:
+          script: |
+            const { open } = require('fs/promises');
+
+            const version = process.env.TAG;
+            const delimiter = '#### ';
+            const file = await open('./changes.md');
+
+            let description = [];
+            let found = false;
+
+            for await (let line of file.readLines()) {
+              line = line.trim();
+              
+              if ( line.startsWith(`${delimiter}${version}`) ) {
+                found = true;
+                continue;
+              }
+              
+              if (!found) continue;
+              if ( line.startsWith(delimiter) )  break;
+
+              description.push(line);
+            }
+
+            if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
+
+            core.setOutput('description', description.join('\n') );
+
+
+      # cleanup files that are not needed for the release
+      # but keep the .git folder, because we need it for the next step
+      - name: Cleanup files
+        run: |
+          rm -f composer.lock || true
+          rm -rf tests || true
+          rm -rf vendor/composer/installers || true
+          find ./ -name '.git*' -not -path './.git' -type f -delete || true
+          find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
+          find ./vendor -name .svn -exec rm -rf {} \; || true
+
+      # cleanup files, specific to Google API PHP library
+      - name: Cleanup files for Google API library
+        run: |
+          rm -f lib/Google/phpstan.neon.dist || true
+          rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
+          find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
+          find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
+
+      # commit changes to temporary release branch and create a new tag
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: Cleanup files for release
+          new_branch: ${{ env.BRANCH }}
+          tag: ${{ env.TAG }}
+
+      # generate SBOM that will be attached to a release as an artifact
+      - name: Create SBOM
+        id: sbom
+        uses: anchore/sbom-action@v0
+        with:
+          path: .
+          output-file: sbom.spdx.json
+          format: spdx-json
+
+      # create a draft release with the version changelog as a description
+      - name: Create Draft Release
+        id: draft_release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: "Release ${{ env.TAG }}"
+          body: "${{ steps.changelog.outputs.description }}"
+          tag_name: ${{ env.TAG }}
+          draft: true
+          prerelease: false
+        
+      # attach SBOM to release
+      - name: Upload SBOM to release
+        uses: actions/upload-release-asset@v1.0.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.draft_release.outputs.upload_url }}
+          asset_path: ./sbom.spdx.json
+          asset_name: sbom.spdx.json
+          asset_content_type: application/json
+
+      # publish release using an ID from the 'draft_release' step
+      - name: Publish Release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.draft_release.outputs.id }}
+
+      # delete temporary release branch
+      - name: Delete temporary release branch
+        run: |
+          git push origin --delete ${{ env.BRANCH }}

.github/workflows/tests.yml

@@ -2,33 +2,30 @@ name: Tests
 
 on:
   push:
-    branches: [ main ]
   pull_request:
-    branches: [ main ]
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-
-    - name: Validate composer.json and composer.lock
-      run: composer validate
-
-    - name: Cache Composer packages
-      id: composer-cache
-      uses: actions/cache@v2
-      with:
-        path: vendor
-        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-php-
-
-    - name: Install dependencies
-      if: steps.composer-cache.outputs.cache-hit != 'true'
-      run: composer install --prefer-dist --no-progress --no-suggest
-
-    - name: Run test suite
-      run: composer test
+      - uses: actions/checkout@v2
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Cache Composer packages
+        id: composer-cache
+        uses: actions/cache@v2
+        with:
+          path: vendor
+          key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-php-
+
+      - name: Install dependencies
+        if: steps.composer-cache.outputs.cache-hit != 'true'
+        run: composer install --prefer-dist --no-progress
+
+      - name: Run test suite
+        run: composer test

README.md

@@ -11,7 +11,7 @@ Provides compatibility between the [LiteSpeed Cache](https://wordpress.org/plugi
 
 ### Notes
 
-* Tested with LiteSpeed Cache plugin version 5.7.0.1
+* Tested with LiteSpeed Cache plugin version 6.1
 
 ### Support, Feedback, & Contribute
 

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy Overview
+
+Thank you for using and contributing to our product. At [UDX](https://udx.io), we take the security of our products seriously and appreciate collaborative efforts to ensure the safety of our users and contributors.
+
+## Reporting a Security Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you find a security vulnerability, please [submit a vulnerability report](https://github.com/udx/wp-stateless-litespeed-cache-addon/security/advisories/new). Provide detailed information about the vulnerability to help us understand and address the issue promptly. We kindly request that you avoid public disclosure until we've had the opportunity to analyze and resolve the reported issue.
+
+## Responsible Disclosure
+
+Responsible disclosure is crucial to maintaining the security of our product. We ask for your cooperation in allowing us sufficient time to investigate and address the reported vulnerability before making it public. We will keep you informed of our progress and make every effort to address the issue promptly.
+
+## Supported Versions
+
+Security updates are provided for the latest stable release. Please ensure that you are using a supported version before reporting a security vulnerability.
+
+## Contact Information
+
+For security-related matters, please contact our security team at [security@udx.io](mailto:security@udx.io). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless-litespeed-cache-addon/issues).
+
+Thank you for helping us ensure the security of WP-Stateless - LiteSpeed Cache Addon. Your contributions are greatly appreciated.