Exclude dev files from plugin production builds: source files, changelogs, dev configs, docs by kraftbj · Pull Request #47365 · Automattic/jetpack

kraftbj · 2026-02-26T22:53:54Z

Proposed changes:

Plugin production mirrors (e.g. jetpack-production) are shipping development-only files from vendor packages that serve no purpose at runtime.

An audit of the production build (70M total) found ~4.5M of files that can be excluded via .gitattributes production-exclude rules with zero runtime risk.

Source files (commits 1-3)

225 TypeScript files (.ts/.tsx) across vendor packages -- no production-exclude rule existed for these
~25 JSX files across vendor packages -- same
~15 SCSS files leaking through because the old rules (**/src/css/*.scss) only matched a specific path

Changelogs, licenses, dev configs, docs (commit 4, revised in commit 5)

Category	Files	Size
CHANGELOG.md files in automattic vendor subpackages	53	1.9M
LICENSE.txt, SECURITY.md, TRACKING.md in automattic vendor subpackages	~110	1.3M
docs/ directories	~8	96K
Dev configs (.babelrc, babel.config.*, webpack/jest configs)	~20	80K
vendor/composer/installed.json	1	152K
.gitignore, package.json, test/ in vendor	~6	24K

Not included (deferred per review)

Source maps (*.map) -- deferred to MONOREP-394 for broader discussion on debugging/i18n tradeoffs
Root CHANGELOG.md / SECURITY.md -- kept for discoverability
Third-party license files -- kept to preserve license attribution

Applied across all plugins

All 19 plugins with vendor includes are updated, plus the plugin skeleton template for newly scaffolded plugins.

Other information:

Have you written new tests for your changes, if applicable? N/A -- .gitattributes changes are not testable via unit tests
Have you checked the E2E test CI results, and verified that your changes do not break them? N/A
Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)? N/A

Does this pull request change what data or activity we track or use?

No.

Testing instructions:

After merging + next mirror push, verify production mirrors no longer contain the excluded files:

# Check jetpack-production for source files
gh api "repos/Automattic/jetpack-production/git/trees/HEAD?recursive=true" \
  --jq '[.tree[].path | select(test("(jetpack_vendor|vendor/automattic)/.*\\.(ts|tsx|scss|jsx)$"))] | length'
# Expected: 0

# Check for CHANGELOGs in vendor subpackages
gh api "repos/Automattic/jetpack-production/git/trees/HEAD?recursive=true" \
  --jq '[.tree[].path | select(test("(jetpack_vendor|vendor/automattic)/.*/CHANGELOG\\.md$"))] | length'
# Expected: 0

Changelog

Changelog entries already included for all affected plugins.

…duction Broadens the production-exclude rules in .gitattributes to catch all TypeScript and SCSS source files under jetpack_vendor/ and vendor/. The previous SCSS rules only matched src/css/*.scss, missing files in other paths (15 SCSS files leaking). There were no TypeScript rules at all for vendor packages (225 .ts/.tsx files leaking). Fixes MONOREP-371

…uction builds Add production-exclude rules for TypeScript and SCSS source files under jetpack_vendor/automattic/ and vendor/automattic/ to every plugin's .gitattributes. These are build inputs with compiled output already shipping — they're not needed at runtime. For wpcomsh, also broadens the existing narrow SCSS rules from **/src/css/*.scss to **/*.scss to catch files in other paths. Also updates the plugin skeleton template so new plugins get these rules from the start.

github-actions · 2026-02-26T22:54:45Z

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack or WordPress.com Site Helper), and enable the exclude-dev-vendor-files branch.
To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack exclude-dev-vendor-files

bin/jetpack-downloader test jetpack-mu-wpcom-plugin exclude-dev-vendor-files

Interested in more tips and information?

In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
Read more about our development workflow here: PCYsg-eg0-p2
Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

github-actions · 2026-02-26T22:55:19Z

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

✅ Include a description of your PR changes.
✅ Add a "[Status]" label (In Progress, Needs Review, ...).
✅ Add testing instructions.
✅ Specify whether this PR includes any changes to data or privacy.
✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

Ensure all required checks appearing at the bottom of this PR are passing.
Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
You can use GitHub's Reviewers functionality to request a review.
When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

Beta plugin:

No scheduled milestone found for this plugin.