From 79eed982590d536c479759a16b13654707baa7d9 Mon Sep 17 00:00:00 2001
From: balexey88 <balexey88@gmail.com>
Date: Thu, 25 Jan 2024 17:56:32 +0200
Subject: [PATCH] Avoid using 'WP' prefix for namespaces according to WP
 requirements. Add GitHub Action. Update tested version of BuddyBoss

---
 .github/workflows/publish-release.yml | 131 ++++++++++++++++++++++++++
 .github/workflows/security-scan.yml   |  25 +++++
 .github/workflows/tests.yml           |   2 -
 README.md                             |   2 +-
 SECURITY.md                           |   2 +-
 class-buddyboss.php                   |   2 +-
 readme.txt                            |   2 +-
 tests/ClassBuddyBossTest.php          |   3 +-
 vendor/bin/.phpunit.result.cache      |   2 +-
 vendor/composer/installed.php         |  12 +--
 wp-stateless-buddyboss-addon.php      |   6 +-
 11 files changed, 171 insertions(+), 18 deletions(-)
 create mode 100644 .github/workflows/publish-release.yml
 create mode 100644 .github/workflows/security-scan.yml

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
new file mode 100644
index 0000000..9631e29
--- /dev/null
+++ b/.github/workflows/publish-release.yml
@@ -0,0 +1,131 @@
+name: Publish Release
+run-name: Publish Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: 'Release version (e.g. 1.2.3)'
+        required: true
+
+permissions:
+  contents: write
+
+env:
+  TAG: ${{ github.event.inputs.release }}
+  BRANCH: temp-release-${{ github.event.inputs.release }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # ref and repository are required, otherwise repo could appear in detached head state
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          repository: ${{ github.repository }}
+
+      - name: Parse Changelog Entries
+        uses: actions/github-script@v7
+        id: changelog
+        with:
+          script: |
+            const { open } = require('fs/promises');
+
+            const version = process.env.TAG;
+            const delimiter = '#### ';
+            const file = await open('./changes.md');
+
+            let description = [];
+            let found = false;
+
+            for await (let line of file.readLines()) {
+              line = line.trim();
+              
+              if ( line.startsWith(`${delimiter}${version}`) ) {
+                found = true;
+                continue;
+              }
+              
+              if (!found) continue;
+              if ( line.startsWith(delimiter) )  break;
+
+              description.push(line);
+            }
+
+            if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
+
+            core.setOutput('description', description.join('\n') );
+
+
+      # cleanup files that are not needed for the release
+      # but keep the .git folder, because we need it for the next step
+      - name: Cleanup files
+        run: |
+          rm -f composer.lock || true
+          rm -rf tests || true
+          rm -rf vendor/composer/installers || true
+          find ./ -name '.git*' -not -path './.git' -type f -delete || true
+          find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
+          find ./vendor -name .svn -exec rm -rf {} \; || true
+
+      # cleanup files, specific to Google API PHP library
+      - name: Cleanup files for Google API library
+        run: |
+          rm -f lib/Google/phpstan.neon.dist || true
+          rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
+          find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
+          find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
+
+      # commit changes to temporary release branch and create a new tag
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: Cleanup files for release
+          new_branch: ${{ env.BRANCH }}
+          tag: ${{ env.TAG }}
+
+      # generate SBOM that will be attached to a release as an artifact
+      - name: Create SBOM
+        id: sbom
+        uses: anchore/sbom-action@v0
+        with:
+          path: .
+          output-file: sbom.spdx.json
+          format: spdx-json
+
+      # create a draft release with the version changelog as a description
+      - name: Create Draft Release
+        id: draft_release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: "Release ${{ env.TAG }}"
+          body: "${{ steps.changelog.outputs.description }}"
+          tag_name: ${{ env.TAG }}
+          draft: true
+          prerelease: false
+        
+      # attach SBOM to release
+      - name: Upload SBOM to release
+        uses: actions/upload-release-asset@v1.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.draft_release.outputs.upload_url }}
+          asset_path: ./sbom.spdx.json
+          asset_name: sbom.spdx.json
+          asset_content_type: application/json
+
+      # publish release using an ID from the 'draft_release' step
+      - name: Publish Release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.draft_release.outputs.id }}
+
+      # delete temporary release branch
+      - name: Delete temporary release branch
+        run: |
+          git push origin --delete ${{ env.BRANCH }}
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 0000000..5f54c71
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,25 @@
+name: Security Scan
+run-name: Security Scan
+
+on: 
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  code-scanning:
+    name: Code Scanning (grype)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run Security Check
+        id: test
+        uses: anchore/scan-action@v3
+        with:
+          path: .
+          output-format: table
+
+
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 076dde0..153a3ce 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,9 +2,7 @@ name: Tests
 
 on:
   push:
-    branches: [main]
   pull_request:
-    branches: [main]
 
 jobs:
   build:
diff --git a/README.md b/README.md
index 15012ef..1dbf309 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Provides compatibility between the [BuddyBoss Platform](https://www.buddyboss.co
 
 ### Notes
 
-* Tested with BuddyBoss Platform plugin version 2.4.71
+* Tested with BuddyBoss Platform plugin version 2.5.30
 
 ### Support, Feedback, & Contribute
 
diff --git a/SECURITY.md b/SECURITY.md
index 62a15b9..4715aa6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -18,6 +18,6 @@ Security updates are provided for the latest stable release. Please ensure that
 
 ## Contact Information
 
-For security-related matters, please contact our security team at [security@udx.io](mailto:security@udx.io). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless/issues).
+For security-related matters, please contact our security team at [security@udx.io](mailto:security@udx.io). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless-buddyboss-addon/issues).
 
 Thank you for helping us ensure the security of WP-Stateless - BuddyBoss Platform Addon. Your contributions are greatly appreciated.
diff --git a/class-buddyboss.php b/class-buddyboss.php
index ea36513..ae20629 100644
--- a/class-buddyboss.php
+++ b/class-buddyboss.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace WPSL\BuddyBoss;
+namespace SLCA\BuddyBoss;
 
 use wpCloud\StatelessMedia\Compatibility;
 use wpCloud\StatelessMedia\Utility;
diff --git a/readme.txt b/readme.txt
index 027f3fb..5e68a46 100644
--- a/readme.txt
+++ b/readme.txt
@@ -20,7 +20,7 @@ Provides compatibility between the [BuddyBoss Platform](https://www.buddyboss.co
 
 = Notes =
 
-* Tested with BuddyBoss Platform: 2.4.71
+* Tested with BuddyBoss Platform plugin version 2.5.30
 
 = Support, Feedback, & Contribute =
 
diff --git a/tests/ClassBuddyBossTest.php b/tests/ClassBuddyBossTest.php
index 0cac4c8..fa84f45 100644
--- a/tests/ClassBuddyBossTest.php
+++ b/tests/ClassBuddyBossTest.php
@@ -1,12 +1,11 @@
 <?php
 
-namespace WPSL\BuddyBoss;
+namespace SLCA\BuddyBoss;
 
 use PHPUnit\Framework\TestCase;
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
 use Brain\Monkey;
 use Brain\Monkey\Functions;
-use WPSL\BuddyBoss\BuddyBoss;
 
 /**
  * Class ClassBuddyBossTest
diff --git a/vendor/bin/.phpunit.result.cache b/vendor/bin/.phpunit.result.cache
index 61711cf..ffbdf5b 100644
--- a/vendor/bin/.phpunit.result.cache
+++ b/vendor/bin/.phpunit.result.cache
@@ -1 +1 @@
-{"version":1,"defects":{"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitHooks":4,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldSkipCacheBusting":4,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldNotSkipCacheBusting":4},"times":{"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitModule":0.007,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldSkipCacheBusting":0.001,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitHooks":0.066,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldNotSkipCacheBusting":0}}
\ No newline at end of file
+{"version":1,"defects":{"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitHooks":4,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldSkipCacheBusting":4,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldNotSkipCacheBusting":4},"times":{"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitModule":0.007,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldSkipCacheBusting":0.001,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldInitHooks":0.066,"WPSL\\BuddyBoss\\ClassBuddyBossTest::testShouldNotSkipCacheBusting":0,"SLCA\\BuddyBoss\\ClassBuddyBossTest::testShouldInitHooks":0.091,"SLCA\\BuddyBoss\\ClassBuddyBossTest::testShouldSkipCacheBusting":0.002,"SLCA\\BuddyBoss\\ClassBuddyBossTest::testShouldNotSkipCacheBusting":0}}
\ No newline at end of file
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 3c55f7d..9991329 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -1,9 +1,9 @@
 <?php return array(
     'root' => array(
         'name' => 'udx/wp-stateless-buddyboss-addon',
-        'pretty_version' => 'dev-main',
-        'version' => 'dev-main',
-        'reference' => '1b767ed5c537e8a2d29ad84efdc4ea9b6407ebfd',
+        'pretty_version' => 'dev-latest',
+        'version' => 'dev-latest',
+        'reference' => '3d31039596cdf2f586673377800300880e74e451',
         'type' => 'wordpress-plugin',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -11,9 +11,9 @@
     ),
     'versions' => array(
         'udx/wp-stateless-buddyboss-addon' => array(
-            'pretty_version' => 'dev-main',
-            'version' => 'dev-main',
-            'reference' => '1b767ed5c537e8a2d29ad84efdc4ea9b6407ebfd',
+            'pretty_version' => 'dev-latest',
+            'version' => 'dev-latest',
+            'reference' => '3d31039596cdf2f586673377800300880e74e451',
             'type' => 'wordpress-plugin',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
diff --git a/wp-stateless-buddyboss-addon.php b/wp-stateless-buddyboss-addon.php
index cd10064..c4ebd48 100644
--- a/wp-stateless-buddyboss-addon.php
+++ b/wp-stateless-buddyboss-addon.php
@@ -6,14 +6,14 @@
  * Description: Provides compatibility between the BuddyBoss Platform and the WP-Stateless plugin.
  * Author: UDX
  * Version: 0.0.1
- * Text Domain: wpsbbp
+ * Text Domain: slcabbp
  * Author URI: https://udx.io
  * License: MIT
  * 
  * Copyright 2024 UDX (email: info@udx.io)
  */
 
-namespace WPSL\BuddyBoss;
+namespace SLCA\BuddyBoss;
 
 add_action('plugins_loaded', function () {
   if (class_exists('wpCloud\StatelessMedia\Compatibility')) {
@@ -24,7 +24,7 @@
 
   add_filter('plugin_row_meta', function ($plugin_meta, $plugin_file, $_, $__) {
     if ($plugin_file !== join(DIRECTORY_SEPARATOR, [basename(__DIR__), basename(__FILE__)])) return $plugin_meta;
-    $plugin_meta[] = sprintf('<span style="color:red;">%s</span>', __('This plugin requires WP-Stateless plugin version 4.0.0 or greater to be installed and active.'));
+    $plugin_meta[] = sprintf('<span style="color:red;">%s</span>', __('This plugin requires WP-Stateless plugin version 3.4.0 or greater to be installed and active.'));
     return $plugin_meta;
   }, 10, 4);
 });