This satis exposes Composer packages for plugins we use across Genero projects. There are two distinct mechanisms depending on how upstream distributes the plugin:
-
Genero-owned fork (default) — a
generoi/<slug>repo holds a curatedcomposer.jsondeclaringtype: wordpress-pluginplus a CI workflow that polls upstream, commits new versions, tags, and triggers a satis rebuild. Listed underrepositoriesinsatis.jsonastype: vcs. The release zip URL is rewritten post-build byrewrite-dist-urls.jswhen entries are present inrelease-dist.json. -
Direct GitHub-release mirror — for plugins that already publish signed, prebuilt release zips and don't need a Genero fork (typically open-distribution but closed-source). Listed in
release-packages.json;generate-release-packages.jsruns before satis build, queries the GitHub API for the source repo's releases, and synthesises apackage-type entry per stable release withdist.urlpointing at the asset on GitHub. The Satis Build workflow runs daily so new upstream releases get picked up automatically.
-
Create repository with a basic
composer.json{ "name": "generoi/<plugin-slug>", "type": "wordpress-plugin", "description": "Plugin name", "homepage": "https://woocommerce.com/products/..." } -
Add
.github/workflows/build.ymlwhich checks for plugin updates, makes releases and triggers packagist update (generoi/github-action-update-pluginsREADME has morere examples).name: Build on: workflow_dispatch: schedule: - cron: '5 4 * * *' jobs: build: uses: generoi/github-action-update-plugins/.github/workflows/wccom-update.yml@master secrets: ACCESS_TOKEN: ${{ secrets.WCCOM_ACCESS_TOKEN }} ACCESS_TOKEN_SECRET: ${{ secrets.WCCOM_ACCESS_TOKEN_SECRET }} with: slug: 'woocommerce-subscriptions' changelog_extract: "'/[0-9\\-]+ - version/ { if (p) { exit }; if ($4 == ver) { p=1; next } } p && NF' changelog.txt" update-satis: needs: build if: needs.build.outputs.updated == 'true' uses: generoi/packagist/.github/workflows/update.yml@master secrets: token: ${{ secrets.PACKAGIST_UPDATE_PAT }}
-
Add
@generoi/deployas a collaborator withreadaccess. Do NOT grant write access. -
Change the
PACKAGIST_UPDATE_PATsecret permissions to be allowed to be used by the repository. -
Add the plugin to
satis.jsonin this repository. -
Trigger an initial build which will download the latest plugin version, commit it, tag it, push it, release it and if successful trigger a rebuild in this repository.
-
Whenever a new version is found using the cron schedule, the plugin will be updated, released and finally a rebuild of this repository will be once again triggered.
Use this when upstream already publishes a versioned release zip on
GitHub and we don't need a Genero-owned fork (no license key to inject,
no proprietary metadata, no custom composer.json).
-
Verify the upstream repo publishes a stable asset filename on every release (e.g.
altcha.zipforaltcha-org/altcha-wordpress-next). Inspect a recent release page to confirm. -
Add an entry to
release-packages.json:{ "altcha-org/altcha": { "source": "altcha-org/altcha-wordpress-next", "asset": "altcha.zip", "type": "wordpress-plugin" } }Optional fields:
homepage,require(applied uniformly to every synthesised version — only useful if upstream's dependency set is stable).typedefaults towordpress-plugin. -
Trigger a Satis Build (manually via the Actions tab or just wait for the daily cron at 04:30 UTC). The script enumerates the upstream's releases, synthesises one
packageentry per stable release, and exposes them through this satis under the chosen package name. -
In the consumer project (Bedrock site, etc.) add the satis as a
composerrepository (already done in agency projects) andcomposer require <name>:^<version>— Composer-installers will route it intoweb/app/plugins/<slug>/via Bedrock'sinstaller-paths.
GENEROI_DEPLOY_PATaction secret containg a Personal Access Token of@generoi/deploywith Conents (read) access. This is used by this repo to read plugin tags/contents from every package listed insatis.json. (settings link)PACKAGIST_UPDATE_PATaction secret containg a Personal Access Token of a user with write access to this repository. The token is limited to only this repository with Contents (write) access. (settings link)WCCOM_ACCESS_TOKENandWCCOM_ACCESS_TOKEN_SECRETaction secrets which contain the OAuth2 tokens stored in wp_options of the store which is connected to WooCommerce.LICENSE_KEYis added as a Repository Secret to each relevant plugin repository. The secret contains the license key.