diff --git a/.mokogitea/workflows/ci-generic.yml b/.mokogitea/workflows/ci-generic.yml index 18ae768..92d2685 100644 --- a/.mokogitea/workflows/ci-generic.yml +++ b/.mokogitea/workflows/ci-generic.yml @@ -13,6 +13,12 @@ name: "Generic: Project CI" on: + pull_request: + branches: + - main + - dev + - dev/** + - rc/** workflow_dispatch: permissions: diff --git a/.mokogitea/workflows/pr-metadata-check.yml b/.mokogitea/workflows/pr-metadata-check.yml index 68b7589..b4c9cbd 100644 --- a/.mokogitea/workflows/pr-metadata-check.yml +++ b/.mokogitea/workflows/pr-metadata-check.yml @@ -20,7 +20,7 @@ permissions: contents: read env: - GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }} + MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }} GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }} GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }} @@ -55,14 +55,14 @@ jobs: - name: Validate metadata against Joomla manifest env: - GITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }} + MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }} run: | php ${MOKO_CLI}/joomla_metadata_validate.php \ --path . \ - --token "${GITEA_TOKEN}" \ + --token "${MOKOGITEA_TOKEN}" \ --org "${GITEA_ORG}" \ --repo "${GITEA_REPO}" \ - --api-base "${GITEA_URL}/api/v1" \ + --api-base "${MOKOGITEA_URL}/api/v1" \ --ci if [ $? -ne 0 ]; then diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f0b7cd5..809e983 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -6,82 +6,41 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License (./LICENSE.md). + You should have received a copy of the GNU General Public License (./LICENSE). # FILE INFORMATION - DEFGROUP: - INGROUP: Project.Documentation - REPO: - VERSION: 01.00.35 - PATH: ./CODE_OF_CONDUCT.md - BRIEF: Reference + packaging repo for Moko Consulting Developer GPT Other Default + DEFGROUP: Template-Joomla + INGROUP: Template-Joomla.Documentation + REPO: https://github.com/mokoconsulting-tech/Template-Joomla/ + VERSION: 01.01.00 + PATH: ./CODE_OF_CONDUCT.md + BRIEF: Community expectations and enforcement guidelines + NOTE: Adapted with attribution from the Contributor Covenant v2.1 --> -# Code of Conduct -## 1. Purpose +# Contributor Covenant Code of Conduct -The purpose of this Code of Conduct is to ensure a safe, inclusive, and respectful environment for all contributors and participants in Moko Consulting projects. This applies to all interactions, whether in repositories, issue trackers, documentation, meetings, or community spaces. +## Our Pledge +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. -## 2. Our Standards +## Our Standards +- Be empathetic and kind +- Be respectful of differing opinions +- Accept constructive feedback +- Own mistakes and learn from them -Participants are expected to uphold behaviors that strengthen our community, including: +Unacceptable behavior includes sexualized language/imagery, trolling, harassment, doxing, and other inappropriate conduct. - Demonstrating empathy and respect toward others. - Being inclusive of diverse viewpoints and backgrounds. - Gracefully accepting constructive feedback. - Prioritizing collaboration over conflict. - Showing professionalism in all interactions. +## Enforcement +Report incidents to **hello@mokoconsulting.tech** or through GitHub Discussions if you prefer a community-visible approach. Private complaints will be reviewed promptly and fairly. -### Unacceptable behavior includes: +## Enforcement Guidelines +1. **Correction** — Private warning +2. **Warning** — Formal warning and limited interaction +3. **Temporary Ban** — Time-boxed exclusion +4. **Permanent Ban** — Removal from the community - Harassment, discrimination, or derogatory comments. - Threatening or violent language or actions. - Disruptive, aggressive, or intentionally harmful behavior. - Publishing others’ private information without permission. - Any behavior that violates applicable laws. - -## 3. Responsibilities of Maintainers - -Maintainers are responsible for: - - Clarifying acceptable behavior. - Taking appropriate corrective action when unacceptable behavior occurs. - Removing, editing, or rejecting contributions that violate this Code. - Temporarily or permanently banning contributors who engage in repeated or severe violations. - -## 4. Scope - -This Code applies to: - - All Moko Consulting repositories. - All documentation and collaboration platforms. - Public and private communication related to project activities. - Any representation of Moko Consulting in online or offline spaces. - -## 5. Enforcement - -Instances of misconduct may be reported to: -**[hello@mokoconsulting.tech](mailto:hello@mokoconsulting.tech)** - -All reports will be reviewed and investigated promptly and fairly. Maintainers are obligated to maintain confidentiality where possible. - -Consequences may include: - - A warning. - Required training or mediation. - Temporary or permanent bans. - Escalation to legal authorities when required. - -## 6. Acknowledgements - -This Code of Conduct is inspired by widely adopted community guidelines, including the Contributor Covenant and major open-source collaboration standards. - -## 7. Related Documents - - [Governance Guide](./docs-governance.md) - [Contributor Guide](./docs-contributing.md) - [Documentation Index](./docs-index.md) - -This Code of Conduct is a living document and may be updated following the established Change Management process. +## Attribution +Adapted from the Contributor Covenant v2.1. diff --git a/GOVERNANCE.md b/GOVERNANCE.md index bad8ed0..47fa254 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -1 +1,119 @@ -PCEtLQogQ29weXJpZ2h0IChDKSAyMDI2IE1va28gQ29uc3VsdGluZyA8aGVsbG9AbW9rb2NvbnN1bHRpbmcudGVjaD4KCiBUaGlzIGZpbGUgaXMgcGFydCBvZiBhIE1va28gQ29uc3VsdGluZyBwcm9qZWN0LgoKIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBHUEwtMy4wLW9yLWxhdGVyCgogVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2RpZnkgaXQgdW5kZXIgdGhlIHRlcm1zIG9mCiB0aGUgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5IHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb247IGVpdGhlciB2ZXJzaW9uIDMKIG9mIHRoZSBMaWNlbnNlLCBvciAoYXQgeW91ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgoKIFRoaXMgcHJvZ3JhbSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVsLCBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7CiB3aXRob3V0IGV2ZW4gdGhlIGltcGxpZWQgd2FycmFudHkgb2YgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFLgogU2VlIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgoKIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlICguL0xJQ0VOU0UpLgoKIEZJTEUgSU5GT1JNQVRJT04KIERFRkdST1VQOiBtb2tvY29uc3VsdGluZy10ZWNoLlRlbXBsYXRlLUpvb21sYQogSU5HUk9VUDogTW9rb1N0YW5kYXJkcy5Hb3Zlcm5hbmNlCiBSRVBPOiBodHRwczovL2dpdGh1Yi5jb20vbW9rb2NvbnN1bHRpbmctdGVjaC9UZW1wbGF0ZS1Kb29tbGEKIFZFUlNJT046IDAxLjAxLjAwCiBQQVRIOiAvR09WRVJOQU5DRS5tZAogQlJJRUY6IFByb2plY3QgZ292ZXJuYW5jZSBydWxlcywgcm9sZXMsIGFuZCBkZWNpc2lvbiBwcm9jZXNzIGZvciBUZW1wbGF0ZS1Kb29tbGEKLS0+CgpbIVtNb2tvU3RhbmRhcmRzXShodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL01va29TdGFuZGFyZHMtMDQuMDAuMDQtYmx1ZSldKGh0dHBzOi8vZ2l0aHViLmNvbS9tb2tvY29uc3VsdGluZy10ZWNoL01va29TdGFuZGFyZHMpCgojIFByb2plY3QgR292ZXJuYW5jZQoKIyMgT3ZlcnZpZXcKClRoaXMgZG9jdW1lbnQgZGVmaW5lcyB0aGUgZ292ZXJuYW5jZSBtb2RlbCBmb3IgdGhlIGBUZW1wbGF0ZS1Kb29tbGFgIHJlcG9zaXRvcnkgd2l0aGluIHRoZQpgbW9rb2NvbnN1bHRpbmctdGVjaGAgb3JnYW5pemF0aW9uLiBJdCBpcyBhdXRvbWF0aWNhbGx5IG1haW50YWluZWQgYnkKW01va29TdGFuZGFyZHNdKGh0dHBzOi8vZ2l0aHViLmNvbS9tb2tvY29uc3VsdGluZy10ZWNoL01va29TdGFuZGFyZHMpIHYwNC4wMC4wNC4KCkZ1bGwgZ292ZXJuYW5jZSBwb2xpY3kgaXMgZGVmaW5lZCBpbiB0aGUgTW9rb1N0YW5kYXJkcyBzb3VyY2UgcmVwb3NpdG9yeToKW2RvY3MvcG9saWN5L0dPVkVSTkFOQ0UubWRdKGh0dHBzOi8vZ2l0aHViLmNvbS9tb2tvY29uc3VsdGluZy10ZWNoL01va29TdGFuZGFyZHMvYmxvYi9tYWluL2RvY3MvcG9saWN5L0dPVkVSTkFOQ0UubWQpCgotLS0KCiMjIFJvbGVzIGFuZCBSZXNwb25zaWJpbGl0aWVzCgojIyMgTWFpbnRhaW5lcgoKKipHaXRIdWIqKjogQG1va29jb25zdWx0aW5nLXRlY2gKCioqQXV0aG9yaXR5Kio6IEZpbmFsIGRlY2lzaW9uLW1ha2luZyBhdXRob3JpdHkgb24gYWxsIG1hdHRlcnMgZm9yIHRoaXMgcmVwb3NpdG9yeS4KCioqUmVzcG9uc2liaWxpdGllcyoqOgotIFJldmlldyBhbmQgbWVyZ2UgcHVsbCByZXF1ZXN0cwotIE1haW50YWluIGNvZGUgcXVhbGl0eSBhbmQgc3RhbmRhcmRzIGNvbXBsaWFuY2UKLSBNYW5hZ2UgcmVsZWFzZXMgYW5kIHZlcnNpb25pbmcKLSBSZXNwb25kIHRvIGlzc3VlcyBhbmQgc2VjdXJpdHkgcmVwb3J0cwoKIyMjIENvbnRyaWJ1dG9ycwoKKipBdXRob3JpdHkqKjogU3VibWl0IGNoYW5nZXMgdmlhIHB1bGwgcmVxdWVzdHMuCgoqKlJlcXVpcmVtZW50cyoqOgotIFJlYWQgYW5kIGFjY2VwdCBgQ09ERV9PRl9DT05EVUNULm1kYAotIEZvbGxvdyBgQ09OVFJJQlVUSU5HLm1kYCBndWlkZWxpbmVzCgotLS0KCiMjIERlY2lzaW9uLU1ha2luZwoKQWxsIGNoYW5nZXMgbXVzdCBiZSBzdWJtaXR0ZWQgYXMgcHVsbCByZXF1ZXN0cy4gVGhlIG1haW50YWluZXIgKEBtb2tvY29uc3VsdGluZy10ZWNoKQpyZXZpZXdzIGFuZCBhcHByb3ZlcyBhbGwgY2hhbmdlcyBiZWZvcmUgdGhleSBhcmUgbWVyZ2VkLgoKIyMjIFNvbGUgT3BlcmF0b3IgUG9saWN5CgpUaGlzIG9yZ2FuaXphdGlvbiBvcGVyYXRlcyB1bmRlciBhICoqc29sZSBvcGVyYXRvcioqIG1vZGVsLiBUaGUgbWFpbnRhaW5lciAoQG1va29jb25zdWx0aW5nLXRlY2gpCmlzIHRoZSBzb2xlIGVtcGxveWVlIGFuZCBvd25lciBhbmQgbWF5IHNlbGYtYXBwcm92ZSBwdWxsIHJlcXVlc3RzIHdoZW4gbm8gc2Vjb25kIHJldmlld2VyIGlzCmF2YWlsYWJsZS4gVGhlIGZvbGxvd2luZyByZXF1aXJlbWVudHMgcmVtYWluIG1hbmRhdG9yeSByZWdhcmRsZXNzOgoKMS4gKipQdWxsIFJlcXVlc3RzIFJlcXVpcmVkKiog4oCUIGFsbCBjaGFuZ2VzIHRvIHByb3RlY3RlZCBicmFuY2hlcyBnbyB0aHJvdWdoIGEgUFIuCjIuICoqQXV0b21hdGVkIENoZWNrcyoqIOKAlCBhbGwgQ0kgY2hlY2tzIG11c3QgcGFzcyBiZWZvcmUgbWVyZ2luZy4KMy4gKipBdWRpdCBUcmFpbCoqIOKAlCBpc3N1ZXMsIHB1bGwgcmVxdWVzdHMsIGFuZCBjb21taXQgaGlzdG9yeSBhcmUgcHJlc2VydmVkLgo0LiAqKkRvY3VtZW50YXRpb24qKiDigJQgY2hhbmdlcyBhcmUgZG9jdW1lbnRlZCBpbiBgQ0hBTkdFTE9HLm1kYC4KClNlZSB0aGUgZnVsbCBwb2xpY3k6CltTb2xlIE9wZXJhdG9yIFBvbGljeV0oaHR0cHM6Ly9naXRodWIuY29tL21va29jb25zdWx0aW5nLXRlY2gvTW9rb1N0YW5kYXJkcy9ibG9iL21haW4vZG9jcy9wb2xpY3kvR09WRVJOQU5DRS5tZCNzb2xlLW9wZXJhdG9yLXBvbGljeSkKCi0tLQoKIyMgQ2hhbmdlIE1hbmFnZW1lbnQKCnwgQ2hhbmdlIFR5cGUgfCBBcHByb3ZhbCB8IFByb2Nlc3MgfAp8LS0tLS0tLS0tLS0tLXwtLS0tLS0tLS0tfC0tLS0tLS0tLXwKfCBSb3V0aW5lIChkb2NzLCBidWcgZml4ZXMpIHwgTWFpbnRhaW5lciB8IFBSIOKGkiBDSSBwYXNzIOKGkiBtZXJnZSB8CnwgU2lnbmlmaWNhbnQgKG5ldyBmZWF0dXJlcykgfCBNYWludGFpbmVyIHwgUFIgd2l0aCBkZXNjcmlwdGlvbiDihpIgQ0kgcGFzcyDihpIgbWVyZ2UgfAp8IE1ham9yIChicmVha2luZywgYXJjaGl0ZWN0dXJlKSB8IE1haW50YWluZXIgfCBJc3N1ZSBkaXNjdXNzaW9uIOKGkiBQUiDihpIgQ0kgcGFzcyDihpIgbWVyZ2UgfAp8IEVtZXJnZW5jeSAoc2VjdXJpdHkpIHwgTWFpbnRhaW5lciB8IExhYmVsbGVkIGBFTUVSR0VOQ1lgIOKGkiBpbW1lZGlhdGUgbWVyZ2Ug4oaSIHBvc3QtbW9ydGVtIHwKCi0tLQoKIyMgUmVwb3J0aW5nIElzc3VlcwoKLSAqKkJ1Z3MgLyBGZWF0dXJlcyoqOiBPcGVuIGEgW0dpdEh1YiBJc3N1ZV0oaHR0cHM6Ly9naXRodWIuY29tL21va29jb25zdWx0aW5nLXRlY2gvVGVtcGxhdGUtSm9vbWxhL2lzc3VlcykKLSAqKlNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcyoqOiBTZWUgW1NFQ1VSSVRZLm1kXSguL1NFQ1VSSVRZLm1kKQotICoqQ29kZSBvZiBDb25kdWN0Kio6IFNlZSBbQ09ERV9PRl9DT05EVUNULm1kXSguL0NPREVfT0ZfQ09ORFVDVC5tZCkKLSAqKkNvbnRhY3QqKjogZGV2QG1va29jb25zdWx0aW5nLnRlY2gKCi0tLQoKIyMgTWV0YWRhdGEKCnwgRmllbGQgICAgICAgICB8IFZhbHVlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKfCAtLS0tLS0tLS0tLS0tIHwgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gfAp8IERvY3VtZW50IFR5cGUgfCBQb2xpY3kgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8CnwgRG9tYWluICAgICAgICB8IEdvdmVybmFuY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKfCBBcHBsaWVzIFRvICAgIHwgbW9rb2NvbnN1bHRpbmctdGVjaC9UZW1wbGF0ZS1Kb29tbGEgICAgICAgICAgICAgICAgICAgICAgICAgICB8CnwgSnVyaXNkaWN0aW9uICB8IFRlbm5lc3NlZSwgVVNBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKfCBNYWludGFpbmVyICAgIHwgQG1va29jb25zdWx0aW5nLXRlY2ggICAgICAgICAgICAgICAgICAgICAgICAgICAgfAp8IFN0YW5kYXJkcyAgICAgfCBNb2tvU3RhbmRhcmRzIHYwNC4wMC4wNCAgICAgICAgICAgIHwKfCBSZXBvICAgICAgICAgIHwgaHR0cHM6Ly9naXRodWIuY29tL21va29jb25zdWx0aW5nLXRlY2gvVGVtcGxhdGUtSm9vbWxhICAgICAgICB8CnwgUGF0aCAgICAgICAgICB8IC9HT1ZFUk5BTkNFLm1kICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKfCBTdGF0dXMgICAgICAgIHwgQWN0aXZlIOKAlCBhdXRvLW1haW50YWluZWQgYnkgTW9rb1N0YW5kYXJkcyAgICAgICB8Cg== \ No newline at end of file + + +[![MokoStandards](https://img.shields.io/badge/MokoStandards-04.00.04-blue)](https://github.com/mokoconsulting-tech/MokoStandards) + +# Project Governance + +## Overview + +This document defines the governance model for the `Template-Joomla` repository within the +`mokoconsulting-tech` organization. It is automatically maintained by +[MokoStandards](https://github.com/mokoconsulting-tech/MokoStandards) v04.00.04. + +Full governance policy is defined in the MokoStandards source repository: +[docs/policy/GOVERNANCE.md](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/GOVERNANCE.md) + +--- + +## Roles and Responsibilities + +### Maintainer + +**GitHub**: @mokoconsulting-tech + +**Authority**: Final decision-making authority on all matters for this repository. + +**Responsibilities**: +- Review and merge pull requests +- Maintain code quality and standards compliance +- Manage releases and versioning +- Respond to issues and security reports + +### Contributors + +**Authority**: Submit changes via pull requests. + +**Requirements**: +- Read and accept `CODE_OF_CONDUCT.md` +- Follow `CONTRIBUTING.md` guidelines + +--- + +## Decision-Making + +All changes must be submitted as pull requests. The maintainer (@mokoconsulting-tech) +reviews and approves all changes before they are merged. + +### Sole Operator Policy + +This organization operates under a **sole operator** model. The maintainer (@mokoconsulting-tech) +is the sole employee and owner and may self-approve pull requests when no second reviewer is +available. The following requirements remain mandatory regardless: + +1. **Pull Requests Required** — all changes to protected branches go through a PR. +2. **Automated Checks** — all CI checks must pass before merging. +3. **Audit Trail** — issues, pull requests, and commit history are preserved. +4. **Documentation** — changes are documented in `CHANGELOG.md`. + +See the full policy: +[Sole Operator Policy](https://github.com/mokoconsulting-tech/MokoStandards/blob/main/docs/policy/GOVERNANCE.md#sole-operator-policy) + +--- + +## Change Management + +| Change Type | Approval | Process | +|-------------|----------|---------| +| Routine (docs, bug fixes) | Maintainer | PR → CI pass → merge | +| Significant (new features) | Maintainer | PR with description → CI pass → merge | +| Major (breaking, architecture) | Maintainer | Issue discussion → PR → CI pass → merge | +| Emergency (security) | Maintainer | Labelled `EMERGENCY` → immediate merge → post-mortem | + +--- + +## Reporting Issues + +- **Bugs / Features**: Open a [GitHub Issue](https://github.com/mokoconsulting-tech/Template-Joomla/issues) +- **Security vulnerabilities**: See [SECURITY.md](./SECURITY.md) +- **Code of Conduct**: See [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md) +- **Contact**: dev@mokoconsulting.tech + +--- + +## Metadata + +| Field | Value | +| ------------- | ----------------------------------------------- | +| Document Type | Policy | +| Domain | Governance | +| Applies To | mokoconsulting-tech/Template-Joomla | +| Jurisdiction | Tennessee, USA | +| Maintainer | @mokoconsulting-tech | +| Standards | MokoStandards v04.00.04 | +| Repo | https://github.com/mokoconsulting-tech/Template-Joomla | +| Path | /GOVERNANCE.md | +| Status | Active — auto-maintained by MokoStandards | diff --git a/SECURITY.md b/SECURITY.md index 419242b..86b35ed 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,11 +19,11 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . # FILE INFORMATION -DEFGROUP: [PROJECT_NAME] -INGROUP: [PROJECT_NAME].Documentation -REPO: [REPOSITORY_URL] +DEFGROUP: Template-Joomla +INGROUP: Template-Joomla.Documentation +REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla PATH: /SECURITY.md -VERSION: 01.00.35 +VERSION: 01.01.00 BRIEF: Security vulnerability reporting and handling policy --> @@ -31,7 +31,7 @@ BRIEF: Security vulnerability reporting and handling policy ## Purpose and Scope -This document defines the security vulnerability reporting, response, and disclosure policy for [PROJECT_NAME] and all repositories governed by these standards. It establishes the authoritative process for responsible disclosure, assessment, remediation, and communication of security issues. +This document defines the security vulnerability reporting, response, and disclosure policy for this Joomla Plugin template repository. It establishes the authoritative process for responsible disclosure, assessment, remediation, and communication of security issues. ## Supported Versions @@ -39,8 +39,8 @@ Security updates are provided for the following versions: | Version | Supported | | ------- | ------------------ | -| [X.x.x] | :white_check_mark: | -| < [X.0] | :x: | +| 01.x.x | :white_check_mark: | +| < 01.0 | :x: | Only the current major version receives security updates. Users should upgrade to the latest supported version to receive security patches. @@ -52,9 +52,9 @@ Only the current major version receives security updates. Users should upgrade t Report security vulnerabilities privately to: -**Email**: `security@[DOMAIN]` +**Email**: `security@mokoconsulting.tech` -**Subject Line**: `[SECURITY] Brief Description` +**Subject Line**: `[SECURITY] Template-Joomla - Brief Description` ### What to Include @@ -118,7 +118,7 @@ Security advisories are published via: * GitHub Security Advisories * Release notes and CHANGELOG.md -* Security mailing list (when established) +* Email notification to project users (if mailing list is established) Advisories include: @@ -131,7 +131,7 @@ Advisories include: ## Security Best Practices -For repositories adopting MokoStandards: +For projects using this template: ### Required Controls @@ -141,7 +141,17 @@ For repositories adopting MokoStandards: * Enforce signed commits (recommended) * Use secrets management (never commit credentials) * Maintain security documentation -* Follow secure coding standards defined in `/docs/policy/` +* Follow secure coding standards defined in MokoStandards + +### Joomla Plugin Security + +* Follow Joomla security best practices +* Validate and sanitize all user input +* Use Joomla's database API to prevent SQL injection +* Properly escape output to prevent XSS +* Implement proper access control checks +* Use Joomla's session and authentication APIs +* Keep Joomla and dependencies up to date ### CI/CD Security @@ -154,10 +164,10 @@ For repositories adopting MokoStandards: #### Automated Security Scanning -All repositories MUST implement: +All repositories SHOULD implement: **CodeQL Analysis**: -* Enabled for all supported languages (Python, JavaScript, TypeScript, Java, C/C++, C#, Go, Ruby) +* Enabled for PHP and other supported languages * Runs on: push to main, pull requests, weekly schedule * Query sets: `security-extended` and `security-and-quality` * Configuration: `.github/workflows/codeql-analysis.yml` @@ -170,14 +180,6 @@ All repositories MUST implement: **Secret Scanning**: * Enabled by default with push protection * Prevents accidental credential commits -* Partner patterns enabled - -**Dependency Review**: -* Required for all pull requests -* Blocks introduction of known vulnerable dependencies -* Automatic license compliance checking - -See [Security Scanning Policy](docs/policy/security-scanning.md) for detailed requirements. ### Dependency Management @@ -189,7 +191,7 @@ See [Security Scanning Policy](docs/policy/security-scanning.md) for detailed re ## Compliance and Governance -This security policy is binding for all repositories governed by MokoStandards. Deviations require documented justification and approval from the Security Owner. +This security policy is aligned with MokoStandards. Deviations require documented justification. Security policies are reviewed and updated at least annually or following significant security incidents. @@ -203,8 +205,8 @@ We acknowledge and appreciate responsible disclosure. With your permission, we w ## Contact and Escalation -* **Security Team**: security@[DOMAIN] -* **Primary Contact**: [CONTACT_EMAIL] +* **Security Team**: security@mokoconsulting.tech +* **Primary Contact**: hello@mokoconsulting.tech * **Escalation**: For urgent matters requiring immediate attention, contact the maintainer directly via GitHub ## Out of Scope @@ -222,19 +224,18 @@ The following are explicitly out of scope: ## Metadata -| Field | Value | -| ------------ | ----------------------------------------------- | -| Document | Security Policy | -| Path | /SECURITY.md | -| Repository | [REPOSITORY_URL] | -| Owner | [OWNER_NAME] | -| Scope | Security vulnerability handling | -| Applies To | All repositories governed by MokoStandards | -| Status | Active | -| Effective | [YYYY-MM-DD] | +| Field | Value | +| ------------ | ------------------------------------------------------------------------------------------------------------ | +| Document | Security Policy | +| Path | /SECURITY.md | +| Repository | [https://github.com/mokoconsulting-tech/Template-Joomla](https://github.com/mokoconsulting-tech/Template-Joomla) | +| Owner | Moko Consulting | +| Scope | Security vulnerability handling | +| Status | Active | +| Effective | 2026-01-16 | ## Revision History | Date | Change Description | Author | | ---------- | ------------------------------------------------- | --------------- | -| [YYYY-MM-DD] | Initial creation | [AUTHOR_NAME] | +| 2026-01-16 | Initial creation for template repository | Moko Consulting | diff --git a/composer.json b/composer.json index c8f4704..10afe3a 100644 --- a/composer.json +++ b/composer.json @@ -1,9 +1,27 @@ { - "name": "mokoconsulting/mokojoomstorelocator", - "description": "Joomla store locator listing package with component and modules", - "type": "joomla-package", - "license": "GPL-3.0-or-later", - "require": { - "php": ">=8.1" - } + "name": "mokoconsulting/mokojoomgallery", + "description": "Photo gallery management for Joomla — galleries, images, thumbnails, lightbox, and frontend display", + "type": "joomla-package", + "version": "01.00.00", + "license": "GPL-3.0-or-later", + "authors": [ + { + "name": "Moko Consulting", + "email": "hello@mokoconsulting.tech", + "homepage": "https://mokoconsulting.tech" + } + ], + "require": { + "php": ">=8.1" + }, + "require-dev": { + "squizlabs/php_codesniffer": "^3.7", + "phpstan/phpstan": "^1.10", + "joomla/coding-standards": "3.0.x-dev" + }, + "minimum-stability": "dev", + "prefer-stable": true, + "config": { + "sort-packages": true + } }