Skip to content

Releases: SymPress/workflows

1.0.1

13 Jun 16:54
@brianvarskonst brianvarskonst
Immutable release. Only release title and notes can be modified.
1.0.1
a827aae

Choose a tag to compare

View all tags
1.0.1 Latest
Latest

Workflows 1.0.1

Documentation-only patch release for the first stable SymPress Workflows release line.

This release does not change workflow behavior, inputs, permissions, security defaults, or consumer runtime behavior.

Changes

  • Removed repository setup instructions from the README to keep the landing page focused on usage.
  • Clarified the release tag convention:
    • exact release tags use SemVer without a v prefix, for example 1.0.0
    • major aliases keep the v prefix, for example v1
  • Updated consumer documentation examples to use exact version refs such as @1.0.0.
  • Updated the bug report template placeholder to match the release tag convention.

Compatibility

No migration is required.

Consumers using the stable major alias can continue to use:

jobs:
  qa:
    uses: SymPress/workflows/.github/workflows/sympress-qa.yml@v1

Consumers pinned to 1.0.0 do not need to update unless they want the latest documentation snapshot.

Maintainer Notes

The v1 tag now points to 1.0.1 so consumers using the stable major release line receive the latest patch release.

Assets 3
Loading
0 Join discussion

1.0.0

13 Jun 16:44
@brianvarskonst brianvarskonst
Immutable release. Only release title and notes can be modified.
1.0.0
91e9912

Choose a tag to compare

View all tags
1.0.0

Workflows 1.0.0

First stable release of the SymPress Workflows repository.

This release provides enterprise-ready reusable GitHub Actions workflows for SymPress projects, including CI, security checks, Composer/PHP validation, Playwright testing, WordPress artifact packaging, semantic releases, deployments, and supply-chain hardening.

Highlights

  • Reusable workflow suite for WordPress, Composer, PHP, JavaScript, Playwright, DDEV, releases, and deployments.
  • Hardened workflow defaults with read-only permissions where possible.
  • Full-length SHA pinning for third-party GitHub Actions.
  • Repository contract tests to guard workflow behavior and security posture.
  • Workflow linting with actionlint and security auditing with zizmor.
  • Documentation for installation, usage, consumer setup, release strategy, security hardening, and troubleshooting.
  • Enterprise-ready repository metadata, issue templates, CODEOWNERS, security policy, and maintainer guidance.
  • GPL-2.0-or-later licensing.

Included Workflows

  • sympress-qa.yml
  • composer-validate.yml
  • playwright.yml
  • wordpress-archive.yml
  • build-and-distribute.yml
  • automatic-release.yml
  • deploy-deployer.yml
  • woo-qit.yml

Security

This release includes security-focused defaults and checks:

  • Pinned third-party action references.
  • Minimal default workflow permissions.
  • Explicit permission declarations for privileged jobs.
  • Artifact manifest and checksum support.
  • Secret-like artifact scanning.
  • Dependency update automation via Dependabot.
  • CodeQL and workflow security validation support.

Usage

Consumer repositories should call the stable major release line:

jobs:
  qa:
    uses: SymPress/workflows/.github/workflows/sympress-qa.yml@1.0.0

Migration Notes

This is the first stable release. There are no previous stable versions to migrate from.

Projects currently using local workflow copies can migrate by replacing duplicated workflow logic with calls to this repository's reusable workflows.

Maintainer Notes

After publishing this release, keep v1 pointing at 1.0.0 so consumers can use the stable major release line.

Loading
0 Join discussion