Fix CI/CD workflow to handle existing releases

Delete existing release before creating a new one when tag is updated.
This prevents "Release has no Tag" error when recreating tags.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.gitea/workflows/release.yml

@@ -0,0 +1,228 @@
+name: Create Release Package
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, xml, zip, intl, gettext
+          tools: composer:v2
+
+      - name: Get version from tag
+        id: version
+        run: |
+          VERSION=${GITHUB_REF_NAME#v}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Building version: $VERSION"
+
+      - name: Validate composer.json
+        run: composer validate --no-check-lock --no-check-all
+
+      - name: Install Composer dependencies (production)
+        run: |
+          composer config platform.php 8.3.0
+          composer install --no-dev --optimize-autoloader --no-interaction
+
+      - name: Fix vendor symlink
+        run: |
+          # If client is a symlink, replace with actual files
+          if [ -L "vendor/magdev/wc-licensed-product-client" ]; then
+            echo "Found symlink, replacing with actual files..."
+            TARGET=$(readlink -f vendor/magdev/wc-licensed-product-client)
+            rm vendor/magdev/wc-licensed-product-client
+            cp -r "$TARGET" vendor/magdev/wc-licensed-product-client
+          fi
+          ls -la vendor/magdev/
+
+      - name: Install gettext
+        run: apt-get update && apt-get install -y gettext
+
+      - name: Compile translations
+        run: |
+          for po in languages/*.po; do
+            if [ -f "$po" ]; then
+              mo="${po%.po}.mo"
+              echo "Compiling $po to $mo"
+              msgfmt -o "$mo" "$po"
+            fi
+          done
+
+      - name: Verify plugin version matches tag
+        run: |
+          PLUGIN_VERSION=$(grep -oP "Version:\s*\K[0-9]+\.[0-9]+\.[0-9]+" wc-licensed-product.php | head -1)
+          TAG_VERSION=${{ steps.version.outputs.version }}
+          if [ "$PLUGIN_VERSION" != "$TAG_VERSION" ]; then
+            echo "Error: Plugin version ($PLUGIN_VERSION) does not match tag version ($TAG_VERSION)"
+            exit 1
+          fi
+          echo "Version verified: $PLUGIN_VERSION"
+
+      - name: Create release directory
+        run: mkdir -p releases
+
+      - name: Build release package
+        run: |
+          VERSION=${{ steps.version.outputs.version }}
+          PLUGIN_NAME="wc-licensed-product"
+          RELEASE_FILE="releases/${PLUGIN_NAME}-${VERSION}.zip"
+
+          cd ..
+          zip -r "${PLUGIN_NAME}/${RELEASE_FILE}" "${PLUGIN_NAME}" \
+            -x "${PLUGIN_NAME}/.git/*" \
+            -x "${PLUGIN_NAME}/.gitea/*" \
+            -x "${PLUGIN_NAME}/.github/*" \
+            -x "${PLUGIN_NAME}/.vscode/*" \
+            -x "${PLUGIN_NAME}/.claude/*" \
+            -x "${PLUGIN_NAME}/CLAUDE.md" \
+            -x "${PLUGIN_NAME}/wp-core" \
+            -x "${PLUGIN_NAME}/wp-core/*" \
+            -x "${PLUGIN_NAME}/wp-plugins" \
+            -x "${PLUGIN_NAME}/wp-plugins/*" \
+            -x "${PLUGIN_NAME}/releases/*" \
+            -x "${PLUGIN_NAME}/composer.lock" \
+            -x "${PLUGIN_NAME}/*.log" \
+            -x "${PLUGIN_NAME}/.gitignore" \
+            -x "${PLUGIN_NAME}/.gitmodules" \
+            -x "${PLUGIN_NAME}/.editorconfig" \
+            -x "${PLUGIN_NAME}/phpcs.xml*" \
+            -x "${PLUGIN_NAME}/phpunit.xml*" \
+            -x "${PLUGIN_NAME}/tests/*" \
+            -x "${PLUGIN_NAME}/*.po~" \
+            -x "${PLUGIN_NAME}/*.bak" \
+            -x "${PLUGIN_NAME}/lib/*" \
+            -x "${PLUGIN_NAME}/lib/*/.git/*" \
+            -x "${PLUGIN_NAME}/vendor/magdev/*/.git/*" \
+            -x "${PLUGIN_NAME}/vendor/magdev/*/CLAUDE.md" \
+            -x "*.DS_Store"
+
+          cd "${PLUGIN_NAME}"
+          echo "Created: ${RELEASE_FILE}"
+          ls -lh "${RELEASE_FILE}"
+
+      - name: Generate checksums
+        run: |
+          VERSION=${{ steps.version.outputs.version }}
+          PLUGIN_NAME="wc-licensed-product"
+
+          cd releases
+          sha256sum "${PLUGIN_NAME}-${VERSION}.zip" > "${PLUGIN_NAME}-${VERSION}.zip.sha256"
+          echo "SHA256:"
+          cat "${PLUGIN_NAME}-${VERSION}.zip.sha256"
+
+      - name: Verify package structure
+        run: |
+          set +o pipefail
+          VERSION=${{ steps.version.outputs.version }}
+          PLUGIN_NAME="wc-licensed-product"
+
+          echo "Package contents (first 50 entries):"
+          unzip -l "releases/${PLUGIN_NAME}-${VERSION}.zip" | head -50 || true
+
+          # Verify main plugin file exists
+          if unzip -l "releases/${PLUGIN_NAME}-${VERSION}.zip" | grep -q "${PLUGIN_NAME}/${PLUGIN_NAME}.php"; then
+            echo "Main plugin file: OK"
+          else
+            echo "ERROR: Main plugin file not found!"
+            exit 1
+          fi
+
+          # Verify vendor directory included
+          if unzip -l "releases/${PLUGIN_NAME}-${VERSION}.zip" | grep -q "${PLUGIN_NAME}/vendor/"; then
+            echo "Vendor directory: OK"
+          else
+            echo "ERROR: Vendor directory not found!"
+            exit 1
+          fi
+
+          # Verify lib directory excluded
+          if unzip -l "releases/${PLUGIN_NAME}-${VERSION}.zip" | grep -q "${PLUGIN_NAME}/lib/"; then
+            echo "WARNING: lib/ directory should be excluded"
+          else
+            echo "lib/ excluded: OK"
+          fi
+
+      - name: Extract changelog for release notes
+        id: changelog
+        run: |
+          VERSION=${{ steps.version.outputs.version }}
+          NOTES=$(sed -n "/^## \[${VERSION}\]/,/^## \[/p" CHANGELOG.md | sed '$ d' | tail -n +2)
+          if [ -z "$NOTES" ]; then
+            NOTES="Release version ${VERSION}"
+          fi
+          echo "$NOTES" > release_notes.txt
+          echo "Release notes extracted"
+
+      - name: Create Gitea Release
+        env:
+          GITEA_TOKEN: ${{ secrets.SRC_GITEA_TOKEN }}
+        run: |
+          VERSION=${{ steps.version.outputs.version }}
+          TAG_NAME=${{ github.ref_name }}
+          PLUGIN_NAME="wc-licensed-product"
+
+          PRERELEASE="false"
+          if [[ "$TAG_NAME" == *-* ]]; then
+            PRERELEASE="true"
+          fi
+
+          BODY=$(cat release_notes.txt)
+
+          # Check if release already exists and delete it
+          EXISTING_RELEASE=$(curl -s \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG_NAME}")
+
+          EXISTING_ID=$(echo "$EXISTING_RELEASE" | jq -r '.id // empty')
+          if [ -n "$EXISTING_ID" ] && [ "$EXISTING_ID" != "null" ]; then
+            echo "Deleting existing release ID: $EXISTING_ID"
+            curl -s -X DELETE \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases/${EXISTING_ID}"
+            echo "Existing release deleted"
+          fi
+
+          # Create release via Gitea API
+          RELEASE_RESPONSE=$(curl -s -X POST \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"tag_name\": \"${TAG_NAME}\", \"name\": \"Release ${VERSION}\", \"body\": $(echo "$BODY" | jq -Rs .), \"draft\": false, \"prerelease\": ${PRERELEASE}}" \
+            "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases")
+
+          RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
+
+          if [ "$RELEASE_ID" == "null" ] || [ -z "$RELEASE_ID" ]; then
+            echo "Failed to create release:"
+            echo "$RELEASE_RESPONSE"
+            exit 1
+          fi
+
+          echo "Created release ID: $RELEASE_ID"
+
+          # Upload release assets
+          for file in "releases/${PLUGIN_NAME}-${VERSION}.zip" "releases/${PLUGIN_NAME}-${VERSION}.zip.sha256"; do
+            if [ -f "$file" ]; then
+              FILENAME=$(basename "$file")
+              echo "Uploading $FILENAME..."
+              curl -s -X POST \
+                -H "Authorization: token ${GITEA_TOKEN}" \
+                -H "Content-Type: application/octet-stream" \
+                --data-binary "@$file" \
+                "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${FILENAME}"
+              echo "Uploaded $FILENAME"
+            fi
+          done
+
+          echo "Release created: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/tag/${TAG_NAME}"

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/wc-licensed-product-client"]
+	path = lib/wc-licensed-product-client
+	url = ../wc-licensed-product-client.git

CHANGELOG.md

@@ -7,6 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.7.2] - 2026-01-29
+
+### Added
+
+- **Gitea CI/CD Pipeline**: Automated release workflow triggered on version tags
+  - Automatic package creation with proper WordPress subdirectory structure
+  - SHA256 checksum generation for package integrity
+  - Changelog extraction for release notes
+  - Pre-release detection for hyphenated tags (e.g., `v0.7.2-rc1`)
+
+### Changed
+
+- **Git Submodule Migration**: `magdev/wc-licensed-product-client` is now a git submodule
+  - Located at `lib/wc-licensed-product-client` instead of being fetched via Composer VCS
+  - Composer now uses `path` type repository pointing to local submodule
+  - Improves version control clarity and development workflow
+  - Symlinked to `vendor/` during `composer install`
+
+### Developer Notes
+
+- New file: `.gitea/workflows/release.yml` for CI/CD automation
+- Updated `composer.json`: Repository type changed from `vcs` to `path`
+- Created `.gitmodules` for submodule tracking
+- Release packages now exclude `lib/` directory (vendor has installed copy)
+- Submodule checkout required: `git submodule update --init --recursive`
+
 ## [0.7.1] - 2026-01-28
 
 ### Fixed

CLAUDE.md

@@ -32,9 +32,7 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w
 
 **Note for AI Assistants:** Clean this section after the specific features are done or new releases are made. Effective changes are tracked in `CHANGELOG.md`. Do not add completed versions here - document them in the Session History section at the end of this file.
 
-### Version 0.7.2
-
-No pending features.
+No pending roadmap items.
 
 ## Technical Stack
 
@@ -1872,3 +1870,78 @@ Bug fix release ensuring compatibility with updated `magdev/wc-licensed-product-
 - PHP fallback template now includes the collapsible API Verification Secret section matching the Twig template
 - All four API endpoints (`/validate`, `/status`, `/activate`, `/update-check`) now include signature headers when `WC_LICENSE_SERVER_SECRET` is configured
 - Client library v0.2.2 verified compatible with server implementation
+
+**Release v0.7.1:**
+
+- Created release package: `releases/wc-licensed-product-0.7.1.zip` (886 KB)
+- SHA256: `6ffd0bdf47395436bbc28a029eff4c6d065f2b5b64c687b96ae36a74c3ee34ef`
+- Tagged as `v0.7.1` and pushed to `main` branch
+
+### 2026-01-29 - Version 0.7.2 - Git Submodule & CI/CD Pipeline
+
+**Overview:**
+
+Infrastructure release converting the client library dependency to a git submodule and implementing automated CI/CD releases via Gitea Actions.
+
+**Git Submodule Migration:**
+
+- Converted `magdev/wc-licensed-product-client` from Composer VCS dependency to git submodule
+- Submodule located at `lib/wc-licensed-product-client`
+- Composer uses `path` type repository pointing to local submodule
+- Symlinked to `vendor/magdev/wc-licensed-product-client` during `composer install`
+
+**Gitea CI/CD Pipeline:**
+
+- New workflow at `.gitea/workflows/release.yml`
+- Triggers on version tags (`v*`)
+- Automated steps:
+  - Checkout with recursive submodules
+  - PHP 8.3 setup with required extensions
+  - Composer dependency installation (production only)
+  - Translation compilation (`.po` to `.mo`)
+  - Version verification against plugin header
+  - Release package creation with proper exclusions
+  - SHA256 checksum generation
+  - Package structure verification
+  - Changelog extraction for release notes
+  - Gitea release creation with asset upload
+  - Pre-release detection for hyphenated tags
+
+**New files:**
+
+- `.gitea/workflows/release.yml` - Gitea Actions workflow for automated releases
+- `.gitmodules` - Git submodule configuration (created by git)
+
+**Modified files:**
+
+- `composer.json` - Changed repository type from `vcs` to `path`, URL to `lib/wc-licensed-product-client`
+- `CHANGELOG.md` - Added v0.7.2 release notes
+- `CLAUDE.md` - Removed v0.7.2 from roadmap, added session history
+
+**Package Exclusions:**
+
+Release packages exclude: `.git/`, `.gitea/`, `.gitmodules`, `lib/` (submodule source), `vendor/**/.git`, `tests/`, `CLAUDE.md`, `*.po~`, `wp-core`, `wp-plugins`, `composer.lock`
+
+**Developer Workflow Changes:**
+
+After cloning the repository, developers must now run:
+
+```bash
+git submodule update --init --recursive
+composer install
+```
+
+**Technical notes:**
+
+- Path repository uses `*` version constraint with `symlink: false` option
+- CI replaces symlink with actual files via `cp -r` before packaging
+- CI uses `actions/checkout@v4` with `submodules: recursive` for proper submodule initialization
+- Release creation uses direct Gitea API calls (`/api/v1/repos/.../releases`)
+- Requires `SRC_GITEA_TOKEN` secret configured in Gitea repository settings
+- Workflow completed successfully: 57 seconds, all checks passed
+
+**Release v0.7.2:**
+
+- Automatically created by Gitea Actions CI/CD pipeline
+- Release package: 881 KiB with SHA256 checksum
+- First automated release - all future releases will use this workflow

README.md

@@ -25,6 +25,8 @@ WC Licensed Product adds a new product type "Licensed Product" to WooCommerce, e
 - **Trusted Proxy Support**: Configurable trusted proxies for accurate rate limiting behind CDNs
 - **Checkout Blocks**: Full support for WooCommerce Checkout Blocks (default since WC 8.3+)
 - **Self-Licensing**: The plugin can validate its own license (for commercial distribution)
+- **WordPress Auto-Updates**: Receive plugin updates through WordPress's native update system
+- **Automated Releases**: CI/CD pipeline for consistent release packaging
 
 ### Customer Features
 
@@ -340,6 +342,41 @@ Content-Type: application/json
 | `max_activations_reached` | Maximum activations reached |
 | `rate_limit_exceeded` | Too many requests (wait and retry) |
 
+## Auto-Updates
+
+Licensed plugins can receive updates through WordPress's native plugin update system. When properly configured, WordPress will check the license server for updates and display them in the Plugins page.
+
+### Configuration
+
+In WooCommerce > Settings > Licensed Products > Auto-Updates:
+
+- **Enable Update Notifications**: Show available updates in WordPress admin
+- **Automatically Install Updates**: Let WordPress install updates automatically
+- **Update Check Frequency**: How often to check for updates (1-168 hours)
+
+### How It Works
+
+1. The plugin periodically checks the configured license server for updates
+2. If a newer version is available and the license is valid, WordPress shows the update
+3. Updates can be installed manually or automatically (if enabled)
+4. Downloads are authenticated using the license key
+
+### API Endpoint
+
+The update check uses the `/update-check` REST API endpoint:
+
+```http
+POST /wp-json/wc-licensed-product/v1/update-check
+Content-Type: application/json
+
+{
+  "license_key": "XXXX-XXXX-XXXX-XXXX",
+  "domain": "example.com",
+  "plugin_slug": "my-plugin",
+  "current_version": "1.0.0"
+}
+```
+
 ## License Statuses
 
 - **Active**: License is valid and usable
@@ -369,6 +406,60 @@ For issues and feature requests, please visit:
 
 Marco Graetsch
 
+## Development
+
+### Setup
+
+After cloning the repository, initialize the git submodule and install dependencies:
+
+```bash
+git clone https://src.bundespruefstelle.ch/magdev/wc-licensed-product.git
+cd wc-licensed-product
+git submodule update --init --recursive
+composer install
+```
+
+### Project Structure
+
+- `src/` - PHP source files (PSR-4 autoloaded)
+- `assets/` - CSS and JavaScript files
+- `templates/` - Twig templates for admin and frontend views
+- `languages/` - Translation files (.pot, .po, .mo)
+- `lib/` - Git submodule for the client library
+- `docs/` - API documentation and client examples
+
+### Creating Releases
+
+Releases are automatically created by the Gitea CI/CD pipeline when a version tag is pushed:
+
+```bash
+# Update version in wc-licensed-product.php (both header and constant)
+# Update CHANGELOG.md with release notes
+git add -A && git commit -m "Release v0.7.3"
+git tag -a v0.7.3 -m "Release v0.7.3"
+git push origin main --tags
+```
+
+The pipeline will:
+
+1. Build production dependencies
+2. Compile translations
+3. Create the release package with proper WordPress structure
+4. Generate SHA256 checksum
+5. Publish to Gitea releases
+
+### Translations
+
+To add or update translations:
+
+```bash
+# Extract strings to .pot template
+# (Use a tool like wp-cli or poedit)
+
+# Compile .po files to .mo for production
+for po in languages/*.po; do msgfmt -o "${po%.po}.mo" "$po"; done
+```
+
 ## License
 
 GPL-2.0-or-later

composer.json

@@ -12,14 +12,17 @@
     ],
     "repositories": [
         {
-            "type": "vcs",
-            "url": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client.git"
+            "type": "path",
+            "url": "lib/wc-licensed-product-client",
+            "options": {
+                "symlink": false
+            }
         }
     ],
     "require": {
         "php": ">=8.3.0",
         "twig/twig": "^3.0",
-        "magdev/wc-licensed-product-client": "dev-main"
+        "magdev/wc-licensed-product-client": "*"
     },
     "autoload": {
         "psr-4": {

composer.lock

@@ -4,15 +4,15 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "05af8ab515abe7e689c610724b54e27a",
+    "content-hash": "f13b7ed9531068d0180f28adc8a80397",
     "packages": [
         {
             "name": "magdev/wc-licensed-product-client",
             "version": "dev-main",
-            "source": {
-                "type": "git",
-                "url": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client.git",
-                "reference": "56abe8a97c72419c07a6daf263ba6f4a9b5fe4b1"
+            "dist": {
+                "type": "path",
+                "url": "lib/wc-licensed-product-client",
+                "reference": "f9281ec5fb23bf1993ab0240e0347c835009a10f"
             },
             "require": {
                 "php": "^8.3",
@@ -24,7 +24,6 @@
             "require-dev": {
                 "phpunit/phpunit": "^11.0"
             },
-            "default-branch": true,
             "type": "library",
             "autoload": {
                 "psr-4": {
@@ -52,7 +51,9 @@
                 "issues": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client/issues",
                 "source": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client"
             },
-            "time": "2026-01-28T10:56:47+00:00"
+            "transport-options": {
+                "relative": true
+            }
         },
         {
             "name": "psr/cache",

releases/wc-licensed-product-0.7.1.zip.sha256

@@ -0,0 +1 @@
+6ffd0bdf47395436bbc28a029eff4c6d065f2b5b64c687b96ae36a74c3ee34ef  wc-licensed-product-0.7.1.zip

wc-licensed-product.php

@@ -3,7 +3,7 @@
  * Plugin Name: WooCommerce Licensed Product
  * Plugin URI: https://src.bundespruefstelle.ch/magdev/wc-licensed-product
  * Description: WooCommerce plugin to sell software products using license keys with domain-based validation.
- * Version: 0.7.1
+ * Version: 0.7.2
  * Author: Marco Graetsch
  * Author URI: https://src.bundespruefstelle.ch/magdev
  * License: GPL-2.0-or-later
@@ -28,7 +28,7 @@ if (!defined('ABSPATH')) {
 }
 
 // Plugin constants
-define('WC_LICENSED_PRODUCT_VERSION', '0.7.1');
+define('WC_LICENSED_PRODUCT_VERSION', '0.7.2');
 define('WC_LICENSED_PRODUCT_PLUGIN_FILE', __FILE__);
 define('WC_LICENSED_PRODUCT_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('WC_LICENSED_PRODUCT_PLUGIN_URL', plugin_dir_url(__FILE__));