From 24fbc08bce65ffbe0fab6f81d6dd1d0b672937d3 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Sun, 21 Jun 2026 01:13:41 -0500 Subject: [PATCH] fix(package): only zip sub-extensions listed in package manifest (#300) release_package.php was globbing ALL directories under packages/, including ones removed from the manifest (backup, license, dbip). Now parses pkg_*.xml to build allowlist and skips unlisted dirs. --- cli/release_package.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/cli/release_package.php b/cli/release_package.php index 724037a..100807a 100644 --- a/cli/release_package.php +++ b/cli/release_package.php @@ -224,9 +224,30 @@ class ReleasePackageCli extends CliFramework return 1; } + // Only zip sub-extensions listed in the package manifest + $manifestedSubs = []; + $pkgManifestFiles = glob("{$sourceDir}/pkg_*.xml") ?: []; + foreach ($pkgManifestFiles as $pmf) { + $pmXml = @simplexml_load_file($pmf); + if ($pmXml && isset($pmXml->files)) { + foreach ($pmXml->files->file as $fileNode) { + $zipName = pathinfo((string) $fileNode, PATHINFO_FILENAME); + if (!empty($zipName)) { + $manifestedSubs[$zipName] = true; + } + } + } + } + $packageDirs = glob("{$sourceDir}/packages/*", GLOB_ONLYDIR) ?: []; foreach ($packageDirs as $pkgDir) { $subName = basename($pkgDir); + + // Skip directories not listed in the package manifest + if (!empty($manifestedSubs) && !isset($manifestedSubs[$subName])) { + echo " Skipping {$subName} (not in package manifest)\n"; + continue; + } $subZipPath = "{$outputDir}/{$subName}.zip"; // If sub-package is a full repo checkout (e.g. git submodule),