From f74808484df0cced7f025cf320b8ef39f2104bd0 Mon Sep 17 00:00:00 2001 From: Jonathan Miller <230051081+jmiller-moko@users.noreply.github.com> Date: Tue, 7 Apr 2026 14:33:10 -0500 Subject: [PATCH] ci: sync workflows from main Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/auto-dev-issue.yml | 2 +- .github/workflows/auto-release.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/deploy-demo.yml | 37 +++++++--------- .github/workflows/deploy-dev.yml | 44 +++++++++---------- .github/workflows/deploy-rs.yml | 37 +++++++--------- .../workflows/enterprise-firewall-setup.yml | 2 +- .github/workflows/release_from_version.yml | 10 ++--- .github/workflows/repo_health.yml | 2 +- .github/workflows/repository-cleanup.yml | 2 +- .github/workflows/standards-compliance.yml | 6 ++- .github/workflows/sync-version-on-merge.yml | 2 +- .github/workflows/updateserver.yml | 8 ++-- 13 files changed, 76 insertions(+), 80 deletions(-) diff --git a/.github/workflows/auto-dev-issue.yml b/.github/workflows/auto-dev-issue.yml index de57e61c..c1670000 100644 --- a/.github/workflows/auto-dev-issue.yml +++ b/.github/workflows/auto-dev-issue.yml @@ -9,7 +9,7 @@ # INGROUP: MokoStandards.Automation # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/auto-dev-issue.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: Auto-create tracking issue when a dev/** or rc/** branch is pushed # NOTE: Synced via bulk-repo-sync to .github/workflows/auto-dev-issue.yml in all governed repos. diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 89415ef2..5462926c 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -7,7 +7,7 @@ # INGROUP: MokoStandards.Release # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/auto-release.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: Unified build & release pipeline — version branch, platform version, badges, tag, release # # ╔════════════════════════════════════════════════════════════════════════╗ diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 534559c5..3abfb025 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -9,7 +9,7 @@ # INGROUP: MokoStandards.Security # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/generic/codeql-analysis.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: CodeQL security scanning workflow (generic — all repo types) # NOTE: Deployed to .github/workflows/codeql-analysis.yml in governed repos. # CodeQL does not support PHP directly; JavaScript scans JSON/YAML/shell. diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index ba54edbb..7f785bfa 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -22,7 +22,7 @@ # INGROUP: MokoStandards.Deploy # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/deploy-demo.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: SFTP deployment workflow for demo server — synced to all governed repos # NOTE: Synced via bulk-repo-sync to .github/workflows/deploy-demo.yml in all governed repos. # Port is resolved in order: DEMO_FTP_PORT variable → :port suffix in DEMO_FTP_HOST → 22. @@ -36,10 +36,9 @@ name: Deploy to Demo Server (SFTP) # Optional org-level variable: DEMO_FTP_PORT (auto-detected from host or defaults to 22) # Optional org/repo variable: DEMO_FTP_SUFFIX — when set, appended to DEMO_FTP_PATH to form the # full remote destination: DEMO_FTP_PATH/DEMO_FTP_SUFFIX -# Ignore rules: Place a .ftp_ignore file in the repository root. Each non-empty, -# non-comment line is a regex pattern tested against the relative path -# of each file (e.g. "subdir/file.txt"). The .gitignore is also -# respected automatically. +# Ignore rules: Place a .ftpignore file in the repository root. Each non-empty, +# non-comment line is a glob pattern tested against the relative path +# of each file (e.g. "subdir/file.txt"). The .gitignore is NOT used. # Required org-level secret: DEMO_FTP_KEY (preferred) or DEMO_FTP_PASSWORD # # Access control: only users with admin or maintain role on the repository may deploy. @@ -195,8 +194,8 @@ jobs: env: SOURCE_DIR: ${{ steps.source.outputs.dir }} run: | - # ── Convert a gitignore-style glob line to an ERE pattern ────────────── - ftp_ignore_to_regex() { + # ── Convert a ftpignore-style glob line to an ERE pattern ────────────── + ftpignore_to_regex() { local line="$1" local anchored=false # Strip inline comments and whitespace @@ -226,15 +225,15 @@ jobs: fi } - # ── Read .ftp_ignore (gitignore-style globs) ───────────────────────── + # ── Read .ftpignore (ftpignore-style globs) ───────────────────────── IGNORE_PATTERNS=() IGNORE_SOURCES=() - if [ -f ".ftp_ignore" ]; then + if [ -f ".ftpignore" ]; then while IFS= read -r line; do [[ "$line" =~ ^[[:space:]]*$ || "$line" =~ ^[[:space:]]*# ]] && continue - regex=$(ftp_ignore_to_regex "$line") + regex=$(ftpignore_to_regex "$line") [ -n "$regex" ] && IGNORE_PATTERNS+=("$regex") && IGNORE_SOURCES+=("$line") - done < ".ftp_ignore" + done < ".ftpignore" fi # ── Walk src/ and classify every file ──────────────────────────────── @@ -245,17 +244,11 @@ jobs: SKIP=false for i in "${!IGNORE_PATTERNS[@]}"; do if echo "$rel" | grep -qE "${IGNORE_PATTERNS[$i]}" 2>/dev/null; then - IGNORED_FILES+=("$rel | .ftp_ignore \`${IGNORE_SOURCES[$i]}\`") + IGNORED_FILES+=("$rel | .ftpignore \`${IGNORE_SOURCES[$i]}\`") SKIP=true; break fi done $SKIP && continue - if [ -f ".gitignore" ]; then - git check-ignore -q "$rel" 2>/dev/null && { - IGNORED_FILES+=("$rel | .gitignore") - continue - } || true - fi WILL_UPLOAD+=("$rel") done < <(find "$SOURCE_DIR" -type f -print0 | sort -z) @@ -637,8 +630,12 @@ jobs: DEPLOY_ARGS+=(--key-passphrase "$SFTP_PASSWORD") fi - php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" - # (deploy-sftp.php handles dotfile skipping and .ftp_ignore natively) + PLATFORM=$(php /tmp/mokostandards/api/cli/platform_detect.php --path . 2>/dev/null || true) + if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards/api/deploy/deploy-joomla.php" ]; then + php /tmp/mokostandards/api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}" + else + php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" + fi # Remove temp files that should never be left behind rm -f /tmp/deploy_key /tmp/sftp-config.json diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index bcc4b772..70196280 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -22,7 +22,7 @@ # INGROUP: MokoStandards.Deploy # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/deploy-dev.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: SFTP deployment workflow for development server — synced to all governed repos # NOTE: Synced via bulk-repo-sync to .github/workflows/deploy-dev.yml in all governed repos. # Port is resolved in order: DEV_FTP_PORT variable → :port suffix in DEV_FTP_HOST → 22. @@ -37,10 +37,9 @@ name: Deploy to Dev Server (SFTP) # Optional org-level variable: DEV_FTP_PORT (auto-detected from host or defaults to 22) # Optional org/repo variable: DEV_FTP_SUFFIX — when set, appended to DEV_FTP_PATH to form the # full remote destination: DEV_FTP_PATH/DEV_FTP_SUFFIX -# Ignore rules: Place a .ftp_ignore file in the repository root. Each non-empty, -# non-comment line is a regex pattern tested against the relative path -# of each file (e.g. "subdir/file.txt"). The .gitignore is also -# respected automatically. +# Ignore rules: Place a .ftpignore file in the repository root. Each non-empty, +# non-comment line is a glob pattern tested against the relative path +# of each file (e.g. "subdir/file.txt"). The .gitignore is NOT used. # Required org-level secret: DEV_FTP_KEY (preferred) or DEV_FTP_PASSWORD # # Access control: only users with admin or maintain role on the repository may deploy. @@ -200,8 +199,8 @@ jobs: env: SOURCE_DIR: ${{ steps.source.outputs.dir }} run: | - # ── Convert a gitignore-style glob line to an ERE pattern ────────────── - ftp_ignore_to_regex() { + # ── Convert a ftpignore-style glob line to an ERE pattern ────────────── + ftpignore_to_regex() { local line="$1" local anchored=false # Strip inline comments and whitespace @@ -231,15 +230,15 @@ jobs: fi } - # ── Read .ftp_ignore (gitignore-style globs) ───────────────────────── + # ── Read .ftpignore (ftpignore-style globs) ───────────────────────── IGNORE_PATTERNS=() IGNORE_SOURCES=() - if [ -f ".ftp_ignore" ]; then + if [ -f ".ftpignore" ]; then while IFS= read -r line; do [[ "$line" =~ ^[[:space:]]*$ || "$line" =~ ^[[:space:]]*# ]] && continue - regex=$(ftp_ignore_to_regex "$line") + regex=$(ftpignore_to_regex "$line") [ -n "$regex" ] && IGNORE_PATTERNS+=("$regex") && IGNORE_SOURCES+=("$line") - done < ".ftp_ignore" + done < ".ftpignore" fi # ── Walk src/ and classify every file ──────────────────────────────── @@ -250,17 +249,11 @@ jobs: SKIP=false for i in "${!IGNORE_PATTERNS[@]}"; do if echo "$rel" | grep -qE "${IGNORE_PATTERNS[$i]}" 2>/dev/null; then - IGNORED_FILES+=("$rel | .ftp_ignore \`${IGNORE_SOURCES[$i]}\`") + IGNORED_FILES+=("$rel | .ftpignore \`${IGNORE_SOURCES[$i]}\`") SKIP=true; break fi done $SKIP && continue - if [ -f ".gitignore" ]; then - git check-ignore -q "$rel" 2>/dev/null && { - IGNORED_FILES+=("$rel | .gitignore") - continue - } || true - fi WILL_UPLOAD+=("$rel") done < <(find "$SOURCE_DIR" -type f -print0 | sort -z) @@ -583,8 +576,8 @@ jobs: fi # Dev deploys skip minified files — use unminified sources for debugging - echo "*.min.js" >> .ftp_ignore - echo "*.min.css" >> .ftp_ignore + echo "*.min.js" >> .ftpignore + echo "*.min.css" >> .ftpignore # ── Run deploy-sftp.php from MokoStandards ──────────────────────────── DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json) @@ -666,8 +659,15 @@ jobs: fi fi - php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" - # (deploy-sftp.php handles dotfile skipping and .ftp_ignore natively) + # Use Joomla-aware deploy for waas-component (routes files to correct Joomla dirs) + # Use standard SFTP deploy for everything else + PLATFORM=$(php /tmp/mokostandards/api/cli/platform_detect.php --path . 2>/dev/null || true) + if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards/api/deploy/deploy-joomla.php" ]; then + php /tmp/mokostandards/api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}" + else + php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" + fi + # (both scripts handle dotfile skipping and .ftpignore natively) # Remove temp files that should never be left behind rm -f /tmp/deploy_key /tmp/sftp-config.json diff --git a/.github/workflows/deploy-rs.yml b/.github/workflows/deploy-rs.yml index 79f1010c..bf9a7793 100644 --- a/.github/workflows/deploy-rs.yml +++ b/.github/workflows/deploy-rs.yml @@ -22,7 +22,7 @@ # INGROUP: MokoStandards.Deploy # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/deploy-rs.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: SFTP deployment workflow for release staging server — synced to all governed repos # NOTE: Synced via bulk-repo-sync to .github/workflows/deploy-rs.yml in all governed repos. # Port is resolved in order: RS_FTP_PORT variable → :port suffix in RS_FTP_HOST → 22. @@ -36,10 +36,9 @@ name: Deploy to RS Server (SFTP) # Optional org-level variable: RS_FTP_PORT (auto-detected from host or defaults to 22) # Optional org/repo variable: RS_FTP_SUFFIX — when set, appended to RS_FTP_PATH to form the # full remote destination: RS_FTP_PATH/RS_FTP_SUFFIX -# Ignore rules: Place a .ftp_ignore file in the repository root. Each non-empty, -# non-comment line is a regex pattern tested against the relative path -# of each file (e.g. "subdir/file.txt"). The .gitignore is also -# respected automatically. +# Ignore rules: Place a .ftpignore file in the repository root. Each non-empty, +# non-comment line is a glob pattern tested against the relative path +# of each file (e.g. "subdir/file.txt"). The .gitignore is NOT used. # Required org-level secret: RS_FTP_KEY (preferred) or RS_FTP_PASSWORD # # Access control: only users with admin or maintain role on the repository may deploy. @@ -195,8 +194,8 @@ jobs: env: SOURCE_DIR: ${{ steps.source.outputs.dir }} run: | - # ── Convert a gitignore-style glob line to an ERE pattern ────────────── - ftp_ignore_to_regex() { + # ── Convert a ftpignore-style glob line to an ERE pattern ────────────── + ftpignore_to_regex() { local line="$1" local anchored=false # Strip inline comments and whitespace @@ -226,15 +225,15 @@ jobs: fi } - # ── Read .ftp_ignore (gitignore-style globs) ───────────────────────── + # ── Read .ftpignore (ftpignore-style globs) ───────────────────────── IGNORE_PATTERNS=() IGNORE_SOURCES=() - if [ -f ".ftp_ignore" ]; then + if [ -f ".ftpignore" ]; then while IFS= read -r line; do [[ "$line" =~ ^[[:space:]]*$ || "$line" =~ ^[[:space:]]*# ]] && continue - regex=$(ftp_ignore_to_regex "$line") + regex=$(ftpignore_to_regex "$line") [ -n "$regex" ] && IGNORE_PATTERNS+=("$regex") && IGNORE_SOURCES+=("$line") - done < ".ftp_ignore" + done < ".ftpignore" fi # ── Walk src/ and classify every file ──────────────────────────────── @@ -245,17 +244,11 @@ jobs: SKIP=false for i in "${!IGNORE_PATTERNS[@]}"; do if echo "$rel" | grep -qE "${IGNORE_PATTERNS[$i]}" 2>/dev/null; then - IGNORED_FILES+=("$rel | .ftp_ignore \`${IGNORE_SOURCES[$i]}\`") + IGNORED_FILES+=("$rel | .ftpignore \`${IGNORE_SOURCES[$i]}\`") SKIP=true; break fi done $SKIP && continue - if [ -f ".gitignore" ]; then - git check-ignore -q "$rel" 2>/dev/null && { - IGNORED_FILES+=("$rel | .gitignore") - continue - } || true - fi WILL_UPLOAD+=("$rel") done < <(find "$SOURCE_DIR" -type f -print0 | sort -z) @@ -564,8 +557,12 @@ jobs: DEPLOY_ARGS+=(--key-passphrase "$SFTP_PASSWORD") fi - php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" - # (deploy-sftp.php handles dotfile skipping and .ftp_ignore natively) + PLATFORM=$(php /tmp/mokostandards/api/cli/platform_detect.php --path . 2>/dev/null || true) + if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards/api/deploy/deploy-joomla.php" ]; then + php /tmp/mokostandards/api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}" + else + php /tmp/mokostandards/api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}" + fi # Remove temp files that should never be left behind rm -f /tmp/deploy_key /tmp/sftp-config.json diff --git a/.github/workflows/enterprise-firewall-setup.yml b/.github/workflows/enterprise-firewall-setup.yml index c8485c26..89791079 100644 --- a/.github/workflows/enterprise-firewall-setup.yml +++ b/.github/workflows/enterprise-firewall-setup.yml @@ -22,7 +22,7 @@ # INGROUP: MokoStandards.Firewall # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/enterprise-firewall-setup.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: Enterprise firewall configuration — generates outbound allow-rules including SFTP deployment server # NOTE: Reads DEV_FTP_HOST / DEV_FTP_PORT variables to include SFTP egress rules alongside HTTPS rules. diff --git a/.github/workflows/release_from_version.yml b/.github/workflows/release_from_version.yml index dc90a0e8..b6f3a3af 100644 --- a/.github/workflows/release_from_version.yml +++ b/.github/workflows/release_from_version.yml @@ -337,14 +337,14 @@ jobs: return elem # Update all fields - set_element(update, "name", "MokoWaaS") - set_element(update, "description", "MokoWaaS system plugin for Joomla") - set_element(update, "element", "mokowaas") + set_element(update, "name", "MokoWaaS-Brand") + set_element(update, "description", "MokoWaaS-Brand system plugin for Joomla") + set_element(update, "element", "mokowaasbrand") set_element(update, "type", "plugin") set_element(update, "folder", "system") set_element(update, "client", "site") set_element(update, "version", version) - set_element(update, "infourl", "https://github.com/mokoconsulting-tech/mokowaas", {"title": "MokoWaaS"}) + set_element(update, "infourl", "https://github.com/mokoconsulting-tech/mokowaasbrand", {"title": "MokoWaaS-Brand"}) # Update downloads section downloads = update.find("downloads") @@ -367,7 +367,7 @@ jobs: if targetplatform is None: targetplatform = ET.SubElement(update, "targetplatform", {"name": "joomla", "version": "5\\.[0-9]"}) - set_element(update, "category", "MokoWaaS") + set_element(update, "category", "MokoWaaS-Brand") # Write the updated XML with proper formatting ET.indent(tree, space=" ", level=0) diff --git a/.github/workflows/repo_health.yml b/.github/workflows/repo_health.yml index b3bff8ff..09206e7e 100644 --- a/.github/workflows/repo_health.yml +++ b/.github/workflows/repo_health.yml @@ -10,7 +10,7 @@ # INGROUP: MokoStandards.Validation # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /.github/workflows/repo_health.yml -# VERSION: 02.00.00 +# VERSION: 04.04.01 # BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts. # NOTE: Field is user-managed. # ============================================================================ diff --git a/.github/workflows/repository-cleanup.yml b/.github/workflows/repository-cleanup.yml index 84bfd559..e77c2796 100644 --- a/.github/workflows/repository-cleanup.yml +++ b/.github/workflows/repository-cleanup.yml @@ -9,7 +9,7 @@ # INGROUP: MokoStandards.Maintenance # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /templates/workflows/shared/repository-cleanup.yml.template -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: Recurring repository maintenance — labels, branches, workflows, logs, doc indexes # NOTE: Synced via bulk-repo-sync to .github/workflows/repository-cleanup.yml in all governed repos. # Runs on the 1st and 15th of each month at 6:00 AM UTC, and on manual dispatch. diff --git a/.github/workflows/standards-compliance.yml b/.github/workflows/standards-compliance.yml index faaa4b6e..df8413c5 100644 --- a/.github/workflows/standards-compliance.yml +++ b/.github/workflows/standards-compliance.yml @@ -5,7 +5,7 @@ # INGROUP: MokoStandards.Compliance # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /.github/workflows/standards-compliance.yml -# VERSION: 02.00.00 +# VERSION: 04.05.00 # BRIEF: MokoStandards compliance validation workflow # NOTE: Validates repository structure, documentation, and coding standards @@ -165,7 +165,9 @@ jobs: grep -v -E '(test|example|sample|getenv|getString|getArgument|config\[|/\.\*/|^\s*//|^\s*\*|CREDENTIAL_PATTERNS|SecurityValidator|SECRET_PATTERN|===|!==|ApiClient|str_contains|gen_wrappers)' | \ grep -v "= ''" | grep -v '= ""' | grep -v '\$this->config' | \ grep -v 'type="password"' | grep -v 'type="text"' | grep -v 'name="password"' | grep -v 'name="secretkey"' | \ - grep -v '