Skip to content

1.0.0

Choose a tag to compare

View all tags
@brianvarskonst brianvarskonst released this 13 Jun 16:44
· 3 commits to main since this release
Immutable release. Only release title and notes can be modified.
1.0.0
91e9912

Workflows 1.0.0

First stable release of the SymPress Workflows repository.

This release provides enterprise-ready reusable GitHub Actions workflows for SymPress projects, including CI, security checks, Composer/PHP validation, Playwright testing, WordPress artifact packaging, semantic releases, deployments, and supply-chain hardening.

Highlights

  • Reusable workflow suite for WordPress, Composer, PHP, JavaScript, Playwright, DDEV, releases, and deployments.
  • Hardened workflow defaults with read-only permissions where possible.
  • Full-length SHA pinning for third-party GitHub Actions.
  • Repository contract tests to guard workflow behavior and security posture.
  • Workflow linting with actionlint and security auditing with zizmor.
  • Documentation for installation, usage, consumer setup, release strategy, security hardening, and troubleshooting.
  • Enterprise-ready repository metadata, issue templates, CODEOWNERS, security policy, and maintainer guidance.
  • GPL-2.0-or-later licensing.

Included Workflows

  • sympress-qa.yml
  • composer-validate.yml
  • playwright.yml
  • wordpress-archive.yml
  • build-and-distribute.yml
  • automatic-release.yml
  • deploy-deployer.yml
  • woo-qit.yml

Security

This release includes security-focused defaults and checks:

  • Pinned third-party action references.
  • Minimal default workflow permissions.
  • Explicit permission declarations for privileged jobs.
  • Artifact manifest and checksum support.
  • Secret-like artifact scanning.
  • Dependency update automation via Dependabot.
  • CodeQL and workflow security validation support.

Usage

Consumer repositories should call the stable major release line:

jobs:
  qa:
    uses: SymPress/workflows/.github/workflows/sympress-qa.yml@1.0.0

Migration Notes

This is the first stable release. There are no previous stable versions to migrate from.

Projects currently using local workflow copies can migrate by replacing duplicated workflow logic with calls to this repository's reusable workflows.

Maintainer Notes

After publishing this release, keep v1 pointing at 1.0.0 so consumers can use the stable major release line.

Assets 3
Loading
0 Join discussion