chore: remove security-audit.yml -- handled by MokoGitea

Merge pull request 'fix: exclude chore branches from pre-release and enforce branch protection' (#29 ) from fix/chore-branch-policy into main
fix: exclude chore branches from pre-release workflow
2026-06-23 18:27:37 +00:00 · 2026-06-23 17:42:18 +00:00 · 2026-06-23 12:41:10 -05:00 · 2026-06-23 17:31:12 +00:00
2 changed files with 0 additions and 83 deletions
@@ -20,7 +20,6 @@ on:
      - 'patch/**'
      - 'hotfix/**'
      - 'bugfix/**'
      - 'chore/**'
      - alpha
      - beta
      - rc
@@ -1,82 +0,0 @@
 # Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: MokoStandards.Security
 # REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
 # PATH: /.gitea/workflows/security-audit.yml
 # VERSION: 01.00.00
 # BRIEF: Dependency vulnerability scanning for composer and npm packages
 name: "Universal: Security Audit"
 on:
  schedule:
    - cron: '0 6 * * 1'  # Weekly on Monday at 06:00 UTC
  pull_request:
    branches:
      - main
    paths:
      - 'composer.json'
      - 'composer.lock'
      - 'package.json'
      - 'package-lock.json'
  workflow_dispatch:
 permissions:
  contents: read
 env:
  NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
  NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
 jobs:
  audit:
    name: Dependency Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Composer audit
        if: hashFiles('composer.lock') != ''
        run: |
          echo "=== Composer Security Audit ==="
          if ! command -v composer &> /dev/null; then
            sudo apt-get update -qq
            sudo apt-get install -y -qq php-cli composer >/dev/null 2>&1
          fi
          composer audit --format=plain 2>&1 | tee /tmp/composer-audit.txt
          RESULT=$?
          if [ $RESULT -ne 0 ]; then
            echo "::warning::Composer vulnerabilities found"
            echo "composer_vulnerable=true" >> "$GITHUB_ENV"
          else
            echo "No known vulnerabilities in composer dependencies"
          fi
      - name: NPM audit
        if: hashFiles('package-lock.json') != ''
        run: |
          echo "=== NPM Security Audit ==="
          npm audit --production 2>&1 | tee /tmp/npm-audit.txt || true
          if npm audit --production 2>&1 | grep -q "found 0 vulnerabilities"; then
            echo "No known vulnerabilities in npm dependencies"
          else
            echo "::warning::NPM vulnerabilities found"
            echo "npm_vulnerable=true" >> "$GITHUB_ENV"
          fi
      - name: Notify on vulnerabilities
        if: env.composer_vulnerable == 'true' || env.npm_vulnerable == 'true'
        run: |
          REPO="${{ github.event.repository.name }}"
          curl -sS \
            -H "Title: ${REPO} has vulnerable dependencies" \
            -H "Tags: lock,warning" \
            -H "Priority: high" \
            -d "Security audit found vulnerabilities. Review dependency updates." \
            "${NTFY_URL}/${NTFY_TOPIC}" || true
Author	SHA1	Message	Date
jmiller	f243386d8d	chore: remove security-audit.yml -- handled by MokoGitea	2026-06-23 18:27:37 +00:00
jmiller	14a3216995	Merge pull request 'fix: exclude chore branches from pre-release and enforce branch protection' (#29 ) from fix/chore-branch-policy into main	2026-06-23 17:42:18 +00:00
Jonathan Miller	f40094f757	fix: exclude chore branches from pre-release workflow Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions Details Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions Details Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions Details Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Universal: PR Check / Branch Policy (pull_request) Failing after 1s Details Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 6s Details Universal: PR Check / Secret Scan (pull_request) Successful in 7s Details Universal: PR Check / Validate PR (pull_request) Failing after 8s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Generic: Repo Health / Access control (pull_request) Successful in 3s Details Joomla: Extension CI / Lint & Validate (pull_request) Failing after 14s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped Details Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 46s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| github.ref_name }}) (push) Failing after 3s Details Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Successful in 48s Details Chore branches should only touch workflows and README — they should not trigger version bumps, pre-releases, or releases. Authored-by: Moko Consulting	2026-06-23 12:41:10 -05:00
jmiller	4340e3a811	Merge pull request 'fix: add missing PHP setup to workflow-sync-trigger' (#28 ) from fix/sync-missing-php into main	2026-06-23 17:31:12 +00:00