pull-from-dev.yml.template:
- Downloads files from dev server via rsync/SSH into repo src/
- Configurable via DEV_SSH_HOST, DEV_SSH_USERNAME, DEV_PULL_PATH vars
- Auth via DEV_SSH_KEY secret
- Dry-run mode, branch selection, diff preview
export-mysql.yml.template:
- Exports MySQL database from dev or demo server
- Supports both Joomla and Dolibarr environments
- Sanitizes PII: passwords (bcrypt), emails, sessions, API keys, tokens
- Preserves admin/moko emails, strips everything else
- Dolibarr-specific: clears api_key, pass_crypted, ldap_pass, oauth secrets
- Saves as artifact (30d retention) or commits to sql/exports/
- Configurable per environment (dev/demo) via org or repo variables
Required variables (org or repo):
- DEV_SSH_HOST, DEV_SSH_PORT, DEV_SSH_USERNAME
- DEV_MYSQL_DATABASE, DEV_MYSQL_USER
- Secrets: DEV_SSH_KEY, DEV_MYSQL_PASSWORD
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
branch-freeze, repository-cleanup, manage-repo-templates converted
from gh CLI flags to curl/jq equivalents.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PHP is pre-installed in custom runner image (moko/runner-image:latest).
shivammathur/setup-php is incompatible with Gitea act_runner DinD.
25 workflow templates updated.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- All remaining github-actions[bot] → gitea-actions[bot]
- All remaining gh api calls in non-mirror steps → Gitea API curl
- COMPOSER_AUTH uses GA_TOKEN for Gitea composer registry
- 7 docs updated with correct bot identity and token refs
- gh release create/edit only remains in GitHub mirror sections
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- gh release view/create/edit/upload → Gitea API curl
- gh api → Gitea API curl with GA_TOKEN
- Download URLs point to Gitea as primary
- GitHub mirror steps preserved with continue-on-error for stable/rc
Affects: 11 workflow templates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- All Gitea API calls use secrets.GA_TOKEN (org-level Gitea PAT)
- secrets.GITHUB_TOKEN → secrets.GA_TOKEN across all templates
- secrets.GH_TOKEN reserved for GitHub mirror operations only
- Bot identity: gitea-actions[bot]@mokoconsulting.tech
- gh CLI commands kept only in GitHub mirror steps (continue-on-error)
- gh api calls in auto-assign/auto-dev-issue converted to curl
Affects: 20 workflow templates + 2 standalone yml files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add GA_TOKEN to token fallback chain across all 25 workflow templates
(secrets.GA_TOKEN || secrets.GH_TOKEN || github.token)
- Replace hardcoded MokoStandards clone URLs with platform-detecting
MOKO_CLONE_TOKEN/MOKO_CLONE_HOST env vars in 11 templates
- Replace actions/github-script@v7 with shell-based API calls in
repo_health (Joomla + Dolibarr) and validate-joomla-project
- Replace hardcoded ApiClient('api.github.com') with PlatformAdapterFactory
in health-check.yml and integration-tests.yml
- Add TODO markers for terraform github-script blocks (complex logic)
- Update publish-to-mokodolimods token references
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>