MokoConsulting/Template-Joomla
Template
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

Compare commits

base: MokoConsulting/Template-Joomla:development
Branches Tags
MokoConsulting/Template-Joomla:main MokoConsulting/Template-Joomla:dev MokoConsulting/Template-Joomla:rc MokoConsulting/Template-Joomla:feature/21-feat-add-joomla-metadata-validation-step
MokoConsulting/Template-Joomla:development MokoConsulting/Template-Joomla:release-candidate MokoConsulting/Template-Joomla:stable
...
compare: MokoConsulting/Template-Joomla:main
Branches Tags
MokoConsulting/Template-Joomla:main MokoConsulting/Template-Joomla:dev MokoConsulting/Template-Joomla:rc MokoConsulting/Template-Joomla:feature/21-feat-add-joomla-metadata-validation-step
MokoConsulting/Template-Joomla:development MokoConsulting/Template-Joomla:release-candidate MokoConsulting/Template-Joomla:stable

6 Commits
development ... main

Author SHA1 Message Date
jmiller 3d8ec08abd Merge pull request 'fix: use metadata API for source-aware bumps instead of manifest.xml' (#32) from fix/metadata-api-source-check into main 2026-06-23 22:25:56 +00:00
Jonathan Miller db2899b3b3 fix: use first-class metadata API instead of manifest.xml for source checks
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 4s
Details
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 3s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 5s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 9s
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 16s
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 42s
Details 
Replaces manifest.xml file parsing with the MokoGitea /manifest API
endpoint which stores platform and entry_point as database fields.

Authored-by: Moko Consulting
 2026-06-23 17:25:17 -05:00
jmiller b41ed2caa5 Merge pull request 'feat: source-aware version bumps and pre-releases' (#31) from feat/source-aware-bumps into main 2026-06-23 22:13:59 +00:00
Jonathan Miller 66da3fa30c feat: make version bumps and pre-releases source-aware
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 6s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 6s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 11s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 37s
Details
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 32s
Details 
Reads .mokogitea/manifest.xml to detect platform and source directory.
Skips bumps and pre-releases when only workflows, docs, or config
files change — no more empty version increments.

- auto-bump: skips if no source files changed in last commit
- pre-release: skips build if push didn't touch source (dispatch always runs)
- Falls back to always-bump for generic repos without a manifest

Authored-by: Moko Consulting
 2026-06-23 17:13:02 -05:00
jmiller 36015389a4 Merge pull request 'fix: increase component search depth for package repos' (#30) from fix/ci-component-depth into main 2026-06-23 21:55:30 +00:00
jmiller f243386d8d chore: remove security-audit.yml -- handled by MokoGitea 2026-06-23 18:27:37 +00:00
3 changed files with 100 additions and 84 deletions
Expand all files Collapse all files
.mokogitea/workflows/auto-bump.yml
+47 -1
View File
@@ -41,9 +41,54 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
token: ${{ secrets.MOKOGITEA_TOKEN }} token: ${{ secrets.MOKOGITEA_TOKEN }}
fetch-depth: 1 fetch-depth: 2
- name: Check for source changes
id: source-check
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
REPO="${{ github.repository }}"
# Fetch platform and entry_point from first-class repo metadata API
METADATA=$(curl -sf -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${GITEA_URL}/api/v1/repos/${REPO}/manifest" 2>/dev/null || echo "{}")
PLATFORM=$(echo "$METADATA" | grep -oP '"platform"\s*:\s*"\K[^"]+' || true)
SOURCE_DIR=$(echo "$METADATA" | grep -oP '"entry_point"\s*:\s*"\K[^"]+' || true)
# Default source dirs by platform if entry_point not set
if [ -z "$SOURCE_DIR" ]; then
case "$PLATFORM" in
joomla) SOURCE_DIR="src/ source/ htdocs/" ;;
dolibarr) SOURCE_DIR="src/ htdocs/" ;;
*) SOURCE_DIR="" ;;
esac
fi
# If no platform or source dir, always bump (generic repos)
if [ -z "$SOURCE_DIR" ]; then
echo "has_source_changes=true" >> "$GITHUB_OUTPUT"
echo "No platform metadata — defaulting to bump"
exit 0
fi
# Check if the last commit touched any source files
CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || true)
HAS_CHANGES=false
for DIR in $SOURCE_DIR; do
DIR="${DIR%/}"
if echo "$CHANGED" | grep -q "^${DIR}/"; then
HAS_CHANGES=true
break
fi
done
echo "has_source_changes=$HAS_CHANGES" >> "$GITHUB_OUTPUT"
echo "Platform: ${PLATFORM:-generic}, Source: ${SOURCE_DIR}, Changes: ${HAS_CHANGES}"
- name: Setup mokocli tools - name: Setup mokocli tools
if: steps.source-check.outputs.has_source_changes == 'true'
run: | run: |
if ! command -v composer &> /dev/null; then if ! command -v composer &> /dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1 sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
@@ -59,6 +104,7 @@ jobs:
fi fi
- name: Bump version - name: Bump version
if: steps.source-check.outputs.has_source_changes == 'true'
run: | run: |
php ${MOKO_CLI}/version_auto_bump.php \ php ${MOKO_CLI}/version_auto_bump.php \
--path . --branch "${GITHUB_REF_NAME}" \ --path . --branch "${GITHUB_REF_NAME}" \
.mokogitea/workflows/pre-release.yml
+53 -1
View File
@@ -55,11 +55,57 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 2
token: ${{ secrets.MOKOGITEA_TOKEN }} token: ${{ secrets.MOKOGITEA_TOKEN }}
ref: ${{ github.ref_name }} ref: ${{ github.ref_name }}
- name: Check for source changes
id: source-check
if: github.event_name == 'push'
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
REPO="${{ github.repository }}"
# Fetch platform and entry_point from first-class repo metadata API
METADATA=$(curl -sf -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${GITEA_URL}/api/v1/repos/${REPO}/manifest" 2>/dev/null || echo "{}")
PLATFORM=$(echo "$METADATA" | grep -oP '"platform"\s*:\s*"\K[^"]+' || true)
SOURCE_DIR=$(echo "$METADATA" | grep -oP '"entry_point"\s*:\s*"\K[^"]+' || true)
# Default source dirs by platform if entry_point not set
if [ -z "$SOURCE_DIR" ]; then
case "$PLATFORM" in
joomla) SOURCE_DIR="src/ source/ htdocs/" ;;
dolibarr) SOURCE_DIR="src/ htdocs/" ;;
*) SOURCE_DIR="" ;;
esac
fi
# If no platform or source dir, always build (generic repos)
if [ -z "$SOURCE_DIR" ]; then
echo "has_source_changes=true" >> "$GITHUB_OUTPUT"
echo "No platform metadata — defaulting to build"
exit 0
fi
# Check if the last commit touched any source files
CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || true)
HAS_CHANGES=false
for DIR in $SOURCE_DIR; do
DIR="${DIR%/}"
if echo "$CHANGED" | grep -q "^${DIR}/"; then
HAS_CHANGES=true
break
fi
done
echo "has_source_changes=$HAS_CHANGES" >> "$GITHUB_OUTPUT"
echo "Platform: ${PLATFORM:-generic}, Source: ${SOURCE_DIR}, Changes: ${HAS_CHANGES}"
- name: Setup mokocli tools - name: Setup mokocli tools
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
env: env:
MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }} MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
@@ -81,6 +127,7 @@ jobs:
fi fi
- name: Detect platform - name: Detect platform
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
id: platform id: platform
run: | run: |
# Auto-detect and update platform if not set in manifest # Auto-detect and update platform if not set in manifest
@@ -88,6 +135,7 @@ jobs:
php ${MOKO_CLI}/manifest_read.php --path . --github-output php ${MOKO_CLI}/manifest_read.php --path . --github-output
- name: Resolve metadata and bump version - name: Resolve metadata and bump version
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
id: meta id: meta
run: | run: |
# Auto-detect stability from branch name on push, or use input on dispatch # Auto-detect stability from branch name on push, or use input on dispatch
@@ -164,6 +212,7 @@ jobs:
echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ===" echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
- name: Create release - name: Create release
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
id: release id: release
run: | run: |
TAG="${{ steps.meta.outputs.tag }}" TAG="${{ steps.meta.outputs.tag }}"
@@ -175,6 +224,7 @@ jobs:
--repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease --repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
- name: Update release notes from CHANGELOG.md - name: Update release notes from CHANGELOG.md
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
run: | run: |
TAG="${{ steps.meta.outputs.tag }}" TAG="${{ steps.meta.outputs.tag }}"
VERSION="${{ steps.meta.outputs.version }}" VERSION="${{ steps.meta.outputs.version }}"
@@ -210,6 +260,7 @@ jobs:
fi fi
- name: Build package and upload - name: Build package and upload
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
id: package id: package
run: | run: |
VERSION="${{ steps.meta.outputs.version }}" VERSION="${{ steps.meta.outputs.version }}"
@@ -224,6 +275,7 @@ jobs:
# No need to build, commit, or sync updates.xml from workflows # No need to build, commit, or sync updates.xml from workflows
- name: "Delete lesser pre-release channels (cascade)" - name: "Delete lesser pre-release channels (cascade)"
if: github.event_name == 'workflow_dispatch' || steps.source-check.outputs.has_source_changes == 'true'
continue-on-error: true continue-on-error: true
run: | run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
.mokogitea/workflows/security-audit.yml
-82
View File
@@ -1,82 +0,0 @@
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# INGROUP: MokoStandards.Security
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
# PATH: /.gitea/workflows/security-audit.yml
# VERSION: 01.00.00
# BRIEF: Dependency vulnerability scanning for composer and npm packages
name: "Universal: Security Audit"
on:
schedule:
- cron: '0 6 * * 1' # Weekly on Monday at 06:00 UTC
pull_request:
branches:
- main
paths:
- 'composer.json'
- 'composer.lock'
- 'package.json'
- 'package-lock.json'
workflow_dispatch:
permissions:
contents: read
env:
NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
jobs:
audit:
name: Dependency Audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Composer audit
if: hashFiles('composer.lock') != ''
run: |
echo "=== Composer Security Audit ==="
if ! command -v composer &> /dev/null; then
sudo apt-get update -qq
sudo apt-get install -y -qq php-cli composer >/dev/null 2>&1
fi
composer audit --format=plain 2>&1 | tee /tmp/composer-audit.txt
RESULT=$?
if [ $RESULT -ne 0 ]; then
echo "::warning::Composer vulnerabilities found"
echo "composer_vulnerable=true" >> "$GITHUB_ENV"
else
echo "No known vulnerabilities in composer dependencies"
fi
- name: NPM audit
if: hashFiles('package-lock.json') != ''
run: |
echo "=== NPM Security Audit ==="
npm audit --production 2>&1 | tee /tmp/npm-audit.txt || true
if npm audit --production 2>&1 | grep -q "found 0 vulnerabilities"; then
echo "No known vulnerabilities in npm dependencies"
else
echo "::warning::NPM vulnerabilities found"
echo "npm_vulnerable=true" >> "$GITHUB_ENV"
fi
- name: Notify on vulnerabilities
if: env.composer_vulnerable == 'true' || env.npm_vulnerable == 'true'
run: |
REPO="${{ github.event.repository.name }}"
curl -sS \
-H "Title: ${REPO} has vulnerable dependencies" \
-H "Tags: lock,warning" \
-H "Priority: high" \
-d "Security audit found vulnerabilities. Review dependency updates." \
"${NTFY_URL}/${NTFY_TOPIC}" || true