WP Plugin Post-Release
Reusable post-release workflow for WordPress plugins. Runs after Release Please creates a tag: builds the distribution ZIP, uploads it to the GitHub Release, and triggers a privatesatis rebuild.
Trigger
yaml
on:
workflow_call:Typically chained after the release-please job when release_created == 'true'.
Inputs
| Input | Type | Default | Required | Description |
|---|---|---|---|---|
tag-name | string | -- | Yes | Release tag (e.g. 1.2.3) |
zip-name | string | -- | Yes | Archive name without version (e.g. wp-plugin-my-project) |
has-ui | boolean | false | No | Build UI assets with npm |
has-strauss | boolean | false | No | Run Strauss for vendor prefixing |
needs-satis-auth | boolean | false | No | Configure HTTP Basic auth for privatesatis |
ui-check-file | string | 'assets/dist/app.js' | No | File to verify UI build succeeded |
node-version | string | '22' | No | Node.js version |
php-version | string | '8.4' | No | PHP version |
php-extensions | string | 'mbstring, xml, json, curl' | No | PHP extensions |
extra-zip-excludes | string | '' | No | Additional patterns to exclude from ZIP (space-separated) |
Secrets
| Secret / Variable | Type | Description |
|---|---|---|
PRIVATESATIS_DISPATCH_TOKEN | org secret | PAT with repo scope on the my-satis-repo repository |
PRIVATESATIS_PASSWORD | org secret | HTTP Basic password for privatesatis.middag.com.br |
PRIVATESATIS_USERNAME | org variable | HTTP Basic username for privatesatis.middag.com.br |
Permissions
yaml
permissions:
contents: writeRequired to upload assets to the GitHub Release.
Job: build-and-upload
Runs on ubuntu-latest:
- Checkout at the release tag (
ref: tag-name). - Setup PHP with the configured version and extensions.
- Setup Node.js (if
has-ui). - Build UI assets —
cd ui && npm ci && npm run build(ifhas-ui). - Verify UI assets — confirms the verification file exists (if
has-ui). - Configure Satis auth — writes
auth.jsonwith HTTP Basic credentials (ifneeds-satis-auth). - Composer install — with
--no-devor with dev dependencies when Strauss is needed. - Strauss —
composer straussfor vendor prefixing (ifhas-strauss). - Reinstall without dev — removes dev dependencies after Strauss and optimizes autoloader (if
has-strauss). - Strip tokens — runs
scripts/strip-lock-tokens.phpto remove tokens fromcomposer.lock(if the script exists). - Build dist archive — creates ZIP excluding development files.
- Upload to GitHub Release — via
softprops/action-gh-release@v3. - Trigger privatesatis rebuild — dispatches
repository_dispatchto themy-satis-reporepository.
Default ZIP exclude patterns
.git/* .github/* .cache/* .claude/* .aiox-core/*
tests/* docs/* docs-site/* ui/src/* ui/node_modules/* node_modules/*
bitbucket-pipelines.yml .php-cs-fixer.php .phpstan.neon
.php-rector.php .phpunit.xml phpstan.neon rector.php auth.json
.release-please-manifest.json release-please-config.jsonUsage example
yaml
# .github/workflows/release.yml
name: Release
on:
push:
branches: [main]
jobs:
release-please:
uses: middag-io/.github-private/.github/workflows/release-please.yml@workflows-v1
post-release:
needs: release-please
if: needs.release-please.outputs.release_created == 'true'
uses: middag-io/.github-private/.github/workflows/wp-plugin-post-release.yml@workflows-v1
with:
tag-name: ${{ needs.release-please.outputs.tag_name }}
zip-name: wp-plugin-my-project
has-ui: true
has-strauss: true
needs-satis-auth: true
secrets: inherit