WPackagist Changelog Action with Stable Version Warnings

We’ve released a new GitHub Action that brings transparency to your WordPress plugin updates in Composer-based projects.

What it does

The WPackagist Changelog Action automatically comments on pull requests whenever your WordPress plugin dependencies change. It fetches changelogs directly from the WordPress.org API and displays them in an organized, collapsible format right in your PR.

The stable tag warning feature

One challenge with WPackagist is that it sometimes serves newer plugin versions than what’s marked as “stable” in the WordPress.org repository. This can lead to accidentally installing unstable releases in production.

Our action now compares the version being installed against the plugin’s official stable tag. If there’s a mismatch, you’ll see a clear warning:

This helps teams catch potential stability issues before they reach production.

How to use it

Create a new workflow file (.github/workflows/wpackagist-changelog.yml):

name: WPackagist Changelog

on:
  pull_request:
    paths:
      - 'composer.lock'
      - 'composer.json'

jobs:
  changelog:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Comment changelogs on PR
        uses: roots/wpackagist-changelog-action@v1

The action will now monitor your PRs and comment whenever WPackagist plugins change.

Why we built this

Working with WordPress plugins via Composer is powerful, but finding the release notes for new versions takes a little effort. You don’t always know what changed between versions or whether you’re installing a stable release. This action brings that visibility directly into your PRs.

Get started

The action is available now on the GitHub Marketplace. Take a look at the roots/wpackagist-changelog-action repo.