No versions in Wordpress plugin repo

[Floppy]

DISCLAIMER: I'm not 100% sure where the root cause of this problem is - I think it's here, but it might not be.

We use composer to manage our Wordpress plugins, including Auth0. We are using it via wpackagist in order to do so. The plugin is listed here: https://wpackagist.org/search?q=auth0&type=any&search=

Our composer lockfile specifies 3.5.2 - we'll upgrade to 3.6.0 in time, but when we've tested it properly with our setup.

The composer lockfile specifies this:

        {
            "name": "wpackagist-plugin/auth0",
            "version": "3.5.2",
            "source": {
                "type": "svn",
                "url": "https://plugins.svn.wordpress.org/auth0/",
                "reference": "trunk"
            },
            "dist": {
                "type": "zip",
                "url": "https://downloads.wordpress.org/plugin/auth0.zip?timestamp=1523639413",
                "reference": null,
                "shasum": null
            },
            "require": {
                "composer/installers": "~1.0"
            },
            "type": "wordpress-plugin",
            "homepage": "https://wordpress.org/plugins/auth0/"
        },

As you can see, while the lock mentions 3.5.2, the actual URLs don't include any version information. If I use the dist URL, I get 3.6.0, not 3.5.2. The timestamp has no effect.

wpackagist builds its packages from the information at https://plugins.svn.wordpress.org/. The auth0 plugin release in there just includes trunk, no tag information.

This means that it's impossible to download older versions of the plugin, either from Wordpress itself or via wpackagist.

Would it be possible to push release tags into the wordpress plugins svn repo so that versions can be properly managed through it?

This is pretty critical for us; currently we cannot deploy our service as we can't rely on which version of the auth0 plugin we are going to get.

[Floppy]

I've resolved this in our case by referencing the git repository directly in my composer.json, but this will still affect anyone trying to use it via the official plugin repository.

[joshcanhelp]

@Floppy - Thanks for bringing this up. I noticed a while back that the WP.org repo listing doesn't have older versions listed and have it on my list to check that. We use a Jenkins script to deploy from master on this repo and we should be able to adjust that to push the release tag as well. I have a fixit release that needs to come out here soon so I'll see if I can add tags to the deployment process before that happens.

[joshcanhelp]

This didn't require any changes to the plugin code at all. I just pushed all 3.x tags to the WP.org SVN repo and you can now see them listed here:

https://wordpress.org/plugins/auth0/advanced/

One-liner bash script if anyone else out there wants to do the same:

https://gist.github.com/joshcanhelp/2120f1b7abf5e170fb7d1a001ed73dd8

[Floppy]

Great stuff! It was a bit of a surprise, certainly made my day more interesting :)