Template
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7b73b20e52 |
@@ -1,110 +0,0 @@
|
|||||||
---
|
|
||||||
name: Architecture Decision Record (ADR)
|
|
||||||
about: Propose or document an architectural decision
|
|
||||||
title: '[ADR] '
|
|
||||||
labels: 'architecture, decision'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## ADR Number
|
|
||||||
ADR-XXXX
|
|
||||||
|
|
||||||
## Status
|
|
||||||
- [ ] Proposed
|
|
||||||
- [ ] Accepted
|
|
||||||
- [ ] Deprecated
|
|
||||||
- [ ] Superseded by ADR-XXXX
|
|
||||||
|
|
||||||
## Context
|
|
||||||
Describe the issue or problem that motivates this decision.
|
|
||||||
|
|
||||||
## Decision
|
|
||||||
State the architecture decision and provide rationale.
|
|
||||||
|
|
||||||
## Consequences
|
|
||||||
### Positive
|
|
||||||
- List positive consequences
|
|
||||||
|
|
||||||
### Negative
|
|
||||||
- List negative consequences or trade-offs
|
|
||||||
|
|
||||||
### Neutral
|
|
||||||
- List neutral aspects
|
|
||||||
|
|
||||||
## Alternatives Considered
|
|
||||||
### Alternative 1
|
|
||||||
- Description
|
|
||||||
- Pros
|
|
||||||
- Cons
|
|
||||||
- Why not chosen
|
|
||||||
|
|
||||||
### Alternative 2
|
|
||||||
- Description
|
|
||||||
- Pros
|
|
||||||
- Cons
|
|
||||||
- Why not chosen
|
|
||||||
|
|
||||||
## Implementation Plan
|
|
||||||
1. Step 1
|
|
||||||
2. Step 2
|
|
||||||
3. Step 3
|
|
||||||
|
|
||||||
## Stakeholders
|
|
||||||
- **Decision Makers**: @user1, @user2
|
|
||||||
- **Consulted**: @user3, @user4
|
|
||||||
- **Informed**: team-name
|
|
||||||
|
|
||||||
## Technical Details
|
|
||||||
### Architecture Diagram
|
|
||||||
```
|
|
||||||
[Add diagram or link]
|
|
||||||
```
|
|
||||||
|
|
||||||
### Dependencies
|
|
||||||
- Dependency 1
|
|
||||||
- Dependency 2
|
|
||||||
|
|
||||||
### Impact Analysis
|
|
||||||
- **Performance**: [Impact description]
|
|
||||||
- **Security**: [Impact description]
|
|
||||||
- **Scalability**: [Impact description]
|
|
||||||
- **Maintainability**: [Impact description]
|
|
||||||
|
|
||||||
## Testing Strategy
|
|
||||||
- [ ] Unit tests
|
|
||||||
- [ ] Integration tests
|
|
||||||
- [ ] Performance tests
|
|
||||||
- [ ] Security tests
|
|
||||||
|
|
||||||
## Documentation
|
|
||||||
- [ ] Architecture documentation updated
|
|
||||||
- [ ] API documentation updated
|
|
||||||
- [ ] Developer guide updated
|
|
||||||
- [ ] Runbook created
|
|
||||||
|
|
||||||
## Migration Path
|
|
||||||
Describe how to migrate from current state to new architecture.
|
|
||||||
|
|
||||||
## Rollback Plan
|
|
||||||
Describe how to rollback if issues occur.
|
|
||||||
|
|
||||||
## Timeline
|
|
||||||
- **Proposal Date**:
|
|
||||||
- **Decision Date**:
|
|
||||||
- **Implementation Start**:
|
|
||||||
- **Expected Completion**:
|
|
||||||
|
|
||||||
## References
|
|
||||||
- Related ADRs:
|
|
||||||
- External resources:
|
|
||||||
- RFCs:
|
|
||||||
|
|
||||||
## Review Checklist
|
|
||||||
- [ ] Aligns with enterprise architecture principles
|
|
||||||
- [ ] Security implications reviewed
|
|
||||||
- [ ] Performance implications reviewed
|
|
||||||
- [ ] Cost implications reviewed
|
|
||||||
- [ ] Compliance requirements met
|
|
||||||
- [ ] Team consensus achieved
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
name: Bug Report
|
|
||||||
about: Report a bug or issue with the project
|
|
||||||
title: '[BUG] '
|
|
||||||
labels: 'bug'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## Bug Description
|
|
||||||
A clear and concise description of what the bug is.
|
|
||||||
|
|
||||||
## Steps to Reproduce
|
|
||||||
1. Go to '...'
|
|
||||||
2. Click on '...'
|
|
||||||
3. Scroll down to '...'
|
|
||||||
4. See error
|
|
||||||
|
|
||||||
## Expected Behavior
|
|
||||||
A clear and concise description of what you expected to happen.
|
|
||||||
|
|
||||||
## Actual Behavior
|
|
||||||
A clear and concise description of what actually happened.
|
|
||||||
|
|
||||||
## Screenshots
|
|
||||||
If applicable, add screenshots to help explain your problem.
|
|
||||||
|
|
||||||
## Environment
|
|
||||||
- **Project**: [e.g., MokoDoliTools, moko-cassiopeia]
|
|
||||||
- **Version**: [e.g., 1.2.3]
|
|
||||||
- **Platform**: [e.g., Dolibarr 18.0, Joomla 5.0]
|
|
||||||
- **PHP Version**: [e.g., 8.1]
|
|
||||||
- **Database**: [e.g., MySQL 8.0, PostgreSQL 14]
|
|
||||||
- **Browser** (if applicable): [e.g., Chrome 120, Firefox 121]
|
|
||||||
- **OS**: [e.g., Ubuntu 22.04, Windows 11]
|
|
||||||
|
|
||||||
## Additional Context
|
|
||||||
Add any other context about the problem here.
|
|
||||||
|
|
||||||
## Possible Solution
|
|
||||||
If you have suggestions on how to fix the issue, please describe them here.
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
- [ ] I have searched for similar issues before creating this one
|
|
||||||
- [ ] I have provided all the requested information
|
|
||||||
- [ ] I have tested this on the latest stable version
|
|
||||||
- [ ] I have checked the documentation and couldn't find a solution
|
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
---
|
|
||||||
blank_issues_enabled: true
|
|
||||||
contact_links:
|
|
||||||
- name: 💼 Enterprise Support
|
|
||||||
url: https://mokoconsulting.tech/enterprise
|
|
||||||
about: Enterprise-level support and consultation services
|
|
||||||
- name: 💬 Ask a Question
|
|
||||||
url: https://mokoconsulting.tech/
|
|
||||||
about: Get help or ask questions through our website
|
|
||||||
- name: 📚 MokoStandards Documentation
|
|
||||||
url: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
about: View our coding standards and best practices
|
|
||||||
- name: 🔒 Report a Security Vulnerability
|
|
||||||
url: https://git.mokoconsulting.tech/MokoConsulting/.github-private/security/advisories/new
|
|
||||||
about: Report security vulnerabilities privately (for critical issues)
|
|
||||||
- name: 💡 Community Discussions
|
|
||||||
url: https://github.com/orgs/mokoconsulting-tech/discussions
|
|
||||||
about: Join community discussions and Q&A
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
---
|
|
||||||
name: Documentation Issue
|
|
||||||
about: Report an issue with documentation
|
|
||||||
title: '[DOCS] '
|
|
||||||
labels: 'documentation'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## Documentation Issue
|
|
||||||
|
|
||||||
**Location**:
|
|
||||||
<!-- Specify the file, page, or section with the issue -->
|
|
||||||
|
|
||||||
## Issue Type
|
|
||||||
<!-- Mark the relevant option with an "x" -->
|
|
||||||
- [ ] Typo or grammar error
|
|
||||||
- [ ] Outdated information
|
|
||||||
- [ ] Missing documentation
|
|
||||||
- [ ] Unclear explanation
|
|
||||||
- [ ] Broken links
|
|
||||||
- [ ] Missing examples
|
|
||||||
- [ ] Other (specify below)
|
|
||||||
|
|
||||||
## Description
|
|
||||||
<!-- Clearly describe the documentation issue -->
|
|
||||||
|
|
||||||
## Current Content
|
|
||||||
<!-- Quote or describe the current documentation (if applicable) -->
|
|
||||||
```
|
|
||||||
Current text here
|
|
||||||
```
|
|
||||||
|
|
||||||
## Suggested Improvement
|
|
||||||
<!-- Provide your suggestion for how to improve the documentation -->
|
|
||||||
```
|
|
||||||
Suggested text here
|
|
||||||
```
|
|
||||||
|
|
||||||
## Additional Context
|
|
||||||
<!-- Add any other context, screenshots, or references -->
|
|
||||||
|
|
||||||
## Standards Alignment
|
|
||||||
- [ ] Follows MokoStandards documentation guidelines
|
|
||||||
- [ ] Uses en_US/en_GB localization
|
|
||||||
- [ ] Includes proper SPDX headers where applicable
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
- [ ] I have searched for similar documentation issues
|
|
||||||
- [ ] I have provided a clear description
|
|
||||||
- [ ] I have suggested an improvement (if applicable)
|
|
||||||
@@ -1,51 +0,0 @@
|
|||||||
---
|
|
||||||
name: Feature Request
|
|
||||||
about: Suggest a new feature or enhancement
|
|
||||||
title: '[FEATURE] '
|
|
||||||
labels: 'enhancement'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## Feature Description
|
|
||||||
A clear and concise description of the feature you'd like to see.
|
|
||||||
|
|
||||||
## Problem or Use Case
|
|
||||||
Describe the problem this feature would solve or the use case it addresses.
|
|
||||||
Ex. I'm always frustrated when [...]
|
|
||||||
|
|
||||||
## Proposed Solution
|
|
||||||
A clear and concise description of what you want to happen.
|
|
||||||
|
|
||||||
## Alternative Solutions
|
|
||||||
A clear and concise description of any alternative solutions or features you've considered.
|
|
||||||
|
|
||||||
## Benefits
|
|
||||||
Describe how this feature would benefit users:
|
|
||||||
- Who would use this feature?
|
|
||||||
- What problems does it solve?
|
|
||||||
- What value does it add?
|
|
||||||
|
|
||||||
## Implementation Details (Optional)
|
|
||||||
If you have ideas about how this could be implemented, share them here:
|
|
||||||
- Technical approach
|
|
||||||
- Files/components that might need changes
|
|
||||||
- Any concerns or challenges you foresee
|
|
||||||
|
|
||||||
## Additional Context
|
|
||||||
Add any other context, mockups, or screenshots about the feature request here.
|
|
||||||
|
|
||||||
## Relevant Standards
|
|
||||||
Does this relate to any standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
|
|
||||||
- [ ] Accessibility (WCAG 2.1 AA)
|
|
||||||
- [ ] Localization (en_US/en_GB)
|
|
||||||
- [ ] Security best practices
|
|
||||||
- [ ] Code quality standards
|
|
||||||
- [ ] Other: [specify]
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
- [ ] I have searched for similar feature requests before creating this one
|
|
||||||
- [ ] I have clearly described the use case and benefits
|
|
||||||
- [ ] I have considered alternative solutions
|
|
||||||
- [ ] This feature aligns with the project's goals and scope
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
name: API Integration Request
|
|
||||||
about: Request integration with a new REST API or service
|
|
||||||
title: '[API] '
|
|
||||||
labels: 'enhancement, api-integration'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## API Integration Request
|
|
||||||
|
|
||||||
### Target API
|
|
||||||
- **Service Name**: [e.g., Akeeba Backup, Joomla Web Services]
|
|
||||||
- **API Documentation**: [URL to API docs]
|
|
||||||
- **API Type**: [REST / GraphQL / SOAP]
|
|
||||||
- **Authentication**: [API Key / OAuth / Bearer Token / Basic Auth]
|
|
||||||
|
|
||||||
### Proposed Tools
|
|
||||||
List the MCP tools this integration would provide:
|
|
||||||
|
|
||||||
| Tool Name | HTTP Method | Endpoint | Description |
|
|
||||||
|---|---|---|---|
|
|
||||||
| `service_list` | GET | `/api/items` | List all items |
|
|
||||||
| `service_get` | GET | `/api/items/{id}` | Get single item |
|
|
||||||
| `service_create` | POST | `/api/items` | Create item |
|
|
||||||
|
|
||||||
### Multi-Connection
|
|
||||||
- [ ] Single instance only
|
|
||||||
- [ ] Multiple instances (production, staging, dev)
|
|
||||||
- [ ] Multi-tenant (one connection per client)
|
|
||||||
|
|
||||||
### Use Case
|
|
||||||
Describe the workflow this integration enables for AI assistants.
|
|
||||||
|
|
||||||
### Priority
|
|
||||||
- [ ] Critical — blocking current work
|
|
||||||
- [ ] High — needed soon
|
|
||||||
- [ ] Medium — would improve workflow
|
|
||||||
- [ ] Low — nice to have
|
|
||||||
|
|
||||||
### Existing Alternatives
|
|
||||||
Are there other ways to accomplish this today? If so, why is an MCP integration better?
|
|
||||||
|
|
||||||
### Checklist
|
|
||||||
- [ ] API documentation is available and accessible
|
|
||||||
- [ ] API supports the required authentication method
|
|
||||||
- [ ] I have tested the API endpoints manually
|
|
||||||
- [ ] The integration follows the Template-MCP architecture pattern
|
|
||||||
@@ -1,67 +0,0 @@
|
|||||||
---
|
|
||||||
name: MCP Connection Issue
|
|
||||||
about: Report a connection, authentication, or API communication issue
|
|
||||||
title: '[CONNECTION] '
|
|
||||||
labels: 'bug, mcp-connection'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Connection Issue
|
|
||||||
|
|
||||||
### Issue Type
|
|
||||||
- [ ] Authentication failure (401/403)
|
|
||||||
- [ ] Connection refused / timeout
|
|
||||||
- [ ] TLS / SSL certificate error
|
|
||||||
- [ ] Wrong connection used (wrong environment)
|
|
||||||
- [ ] Config file not found / parse error
|
|
||||||
- [ ] API response error (4xx / 5xx)
|
|
||||||
|
|
||||||
### MCP Server
|
|
||||||
- **Server Name**: [e.g., mcp_mokowaas]
|
|
||||||
- **Server Version**: [e.g., 1.0.0]
|
|
||||||
- **Node.js Version**: [e.g., 20.x]
|
|
||||||
|
|
||||||
### Connection Details
|
|
||||||
- **Connection Name**: [e.g., production, staging, default]
|
|
||||||
- **API Base URL**: [e.g., https://api.example.com] *(do not include API keys)*
|
|
||||||
- **Insecure Mode**: [Yes / No]
|
|
||||||
|
|
||||||
### Error Message
|
|
||||||
```
|
|
||||||
Paste the exact error message here
|
|
||||||
```
|
|
||||||
|
|
||||||
### Steps to Reproduce
|
|
||||||
1. Configure connection with `npm run setup`
|
|
||||||
2. Call tool `...` with parameters `...`
|
|
||||||
3. See error
|
|
||||||
|
|
||||||
### Expected Behavior
|
|
||||||
What should have happened.
|
|
||||||
|
|
||||||
### Debugging Attempted
|
|
||||||
- [ ] Tested API directly with curl
|
|
||||||
- [ ] Verified API key is valid
|
|
||||||
- [ ] Checked config file exists and is valid JSON
|
|
||||||
- [ ] Tested with `list_connections` tool
|
|
||||||
- [ ] Ran server manually: `node dist/index.js 2> debug.log`
|
|
||||||
|
|
||||||
### Config File
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"defaultConnection": "...",
|
|
||||||
"connections": {
|
|
||||||
"connection_name": {
|
|
||||||
"baseUrl": "https://...",
|
|
||||||
"apiKey": "REDACTED"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
*(Redact all API keys and tokens)*
|
|
||||||
|
|
||||||
### Environment
|
|
||||||
- **OS**: [e.g., macOS 14, Ubuntu 22.04, Windows 11]
|
|
||||||
- **Claude Code Version**: [e.g., latest]
|
|
||||||
- **Registration**: [.mcp.json / ~/.claude.json]
|
|
||||||
@@ -1,49 +0,0 @@
|
|||||||
---
|
|
||||||
name: New MCP Tool Request
|
|
||||||
about: Request a new tool to be added to this MCP server
|
|
||||||
title: '[TOOL] '
|
|
||||||
labels: 'enhancement, mcp-tool'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Tool Request
|
|
||||||
|
|
||||||
### Tool Name
|
|
||||||
Proposed tool name (snake_case): `resource_action`
|
|
||||||
|
|
||||||
### Description
|
|
||||||
What should this tool do? What API endpoint(s) does it map to?
|
|
||||||
|
|
||||||
### API Endpoint(s)
|
|
||||||
- **Method**: [GET / POST / PUT / PATCH / DELETE]
|
|
||||||
- **Endpoint**: `/api/v1/...`
|
|
||||||
- **Auth**: [API Key / Token / None]
|
|
||||||
|
|
||||||
### Parameters
|
|
||||||
|
|
||||||
| Parameter | Type | Required | Description |
|
|
||||||
|---|---|---|---|
|
|
||||||
| `id` | number | Yes | Resource ID |
|
|
||||||
| `search` | string | No | Search filter |
|
|
||||||
|
|
||||||
### Expected Response
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"id": 1,
|
|
||||||
"name": "Example"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Use Case
|
|
||||||
Describe when and why someone would use this tool from Claude or another AI assistant.
|
|
||||||
|
|
||||||
### Connection Scope
|
|
||||||
- [ ] Works with all connections
|
|
||||||
- [ ] Specific to certain API versions
|
|
||||||
- [ ] Requires additional permissions
|
|
||||||
|
|
||||||
### Checklist
|
|
||||||
- [ ] I have checked this tool does not already exist
|
|
||||||
- [ ] I have verified the API endpoint exists and is documented
|
|
||||||
- [ ] The proposed name follows the `resource_action` convention
|
|
||||||
@@ -1,82 +0,0 @@
|
|||||||
---
|
|
||||||
name: Question
|
|
||||||
about: Ask a question about usage, features, or best practices
|
|
||||||
title: '[QUESTION] '
|
|
||||||
labels: ['question']
|
|
||||||
assignees: ['jmiller']
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## Question
|
|
||||||
|
|
||||||
**Your question:**
|
|
||||||
|
|
||||||
|
|
||||||
## Context
|
|
||||||
|
|
||||||
**What are you trying to accomplish?**
|
|
||||||
|
|
||||||
|
|
||||||
**What have you already tried?**
|
|
||||||
|
|
||||||
|
|
||||||
**Category**:
|
|
||||||
- [ ] Script usage
|
|
||||||
- [ ] Configuration
|
|
||||||
- [ ] Workflow setup
|
|
||||||
- [ ] Documentation interpretation
|
|
||||||
- [ ] Best practices
|
|
||||||
- [ ] Integration
|
|
||||||
- [ ] Other: __________
|
|
||||||
|
|
||||||
## Environment (if relevant)
|
|
||||||
|
|
||||||
**Your setup**:
|
|
||||||
- Operating System:
|
|
||||||
- Version:
|
|
||||||
|
|
||||||
## What You've Researched
|
|
||||||
|
|
||||||
**Documentation reviewed**:
|
|
||||||
- [ ] README.md
|
|
||||||
- [ ] Project documentation
|
|
||||||
- [ ] Other (specify): __________
|
|
||||||
|
|
||||||
**Similar issues/questions found**:
|
|
||||||
- #
|
|
||||||
- #
|
|
||||||
|
|
||||||
## Expected Outcome
|
|
||||||
|
|
||||||
**What result are you hoping for?**
|
|
||||||
|
|
||||||
|
|
||||||
## Code/Configuration Samples
|
|
||||||
|
|
||||||
**Relevant code or configuration** (if applicable):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Your code here
|
|
||||||
```
|
|
||||||
|
|
||||||
## Additional Context
|
|
||||||
|
|
||||||
**Any other relevant information:**
|
|
||||||
|
|
||||||
|
|
||||||
**Screenshots** (if helpful):
|
|
||||||
|
|
||||||
|
|
||||||
## Urgency
|
|
||||||
|
|
||||||
- [ ] Urgent (blocking work)
|
|
||||||
- [ ] Normal (can work on other things meanwhile)
|
|
||||||
- [ ] Low priority (just curious)
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
|
|
||||||
- [ ] I have searched existing issues and discussions
|
|
||||||
- [ ] I have reviewed relevant documentation
|
|
||||||
- [ ] I have provided sufficient context
|
|
||||||
- [ ] I have included code/configuration samples if relevant
|
|
||||||
- [ ] This is a genuine question (not a bug report or feature request)
|
|
||||||
@@ -1,126 +0,0 @@
|
|||||||
---
|
|
||||||
name: Request for Comments (RFC)
|
|
||||||
about: Propose a significant change for community discussion
|
|
||||||
title: '[RFC] '
|
|
||||||
labels: 'rfc, discussion'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## RFC Summary
|
|
||||||
One-paragraph summary of the proposal.
|
|
||||||
|
|
||||||
## Motivation
|
|
||||||
Why are we doing this? What use cases does it support? What is the expected outcome?
|
|
||||||
|
|
||||||
## Detailed Design
|
|
||||||
### Overview
|
|
||||||
Provide a detailed explanation of the proposed change.
|
|
||||||
|
|
||||||
### API Changes (if applicable)
|
|
||||||
```php
|
|
||||||
// Before
|
|
||||||
function oldApi($param1) { }
|
|
||||||
|
|
||||||
// After
|
|
||||||
function newApi($param1, $param2) { }
|
|
||||||
```
|
|
||||||
|
|
||||||
### User Experience Changes
|
|
||||||
Describe how users will interact with this change.
|
|
||||||
|
|
||||||
### Implementation Approach
|
|
||||||
High-level implementation strategy.
|
|
||||||
|
|
||||||
## Drawbacks
|
|
||||||
Why should we *not* do this?
|
|
||||||
|
|
||||||
## Alternatives
|
|
||||||
What other designs have been considered? What is the impact of not doing this?
|
|
||||||
|
|
||||||
### Alternative 1
|
|
||||||
- Description
|
|
||||||
- Trade-offs
|
|
||||||
|
|
||||||
### Alternative 2
|
|
||||||
- Description
|
|
||||||
- Trade-offs
|
|
||||||
|
|
||||||
## Adoption Strategy
|
|
||||||
How will existing users adopt this? Is this a breaking change?
|
|
||||||
|
|
||||||
### Migration Guide
|
|
||||||
```bash
|
|
||||||
# Steps to migrate
|
|
||||||
```
|
|
||||||
|
|
||||||
### Deprecation Timeline
|
|
||||||
- **Announcement**:
|
|
||||||
- **Deprecation**:
|
|
||||||
- **Removal**:
|
|
||||||
|
|
||||||
## Unresolved Questions
|
|
||||||
- Question 1
|
|
||||||
- Question 2
|
|
||||||
|
|
||||||
## Future Possibilities
|
|
||||||
What future work does this enable?
|
|
||||||
|
|
||||||
## Impact Assessment
|
|
||||||
### Performance
|
|
||||||
Expected performance impact.
|
|
||||||
|
|
||||||
### Security
|
|
||||||
Security considerations and implications.
|
|
||||||
|
|
||||||
### Compatibility
|
|
||||||
- **Backward Compatible**: [Yes / No]
|
|
||||||
- **Breaking Changes**: [List]
|
|
||||||
|
|
||||||
### Maintenance
|
|
||||||
Long-term maintenance considerations.
|
|
||||||
|
|
||||||
## Community Input
|
|
||||||
### Stakeholders
|
|
||||||
- [ ] Core team
|
|
||||||
- [ ] Module developers
|
|
||||||
- [ ] End users
|
|
||||||
- [ ] Enterprise customers
|
|
||||||
|
|
||||||
### Feedback Period
|
|
||||||
**Duration**: [e.g., 2 weeks]
|
|
||||||
**Deadline**: [date]
|
|
||||||
|
|
||||||
## Implementation Timeline
|
|
||||||
### Phase 1: Design
|
|
||||||
- [ ] RFC discussion
|
|
||||||
- [ ] Design finalization
|
|
||||||
- [ ] Approval
|
|
||||||
|
|
||||||
### Phase 2: Implementation
|
|
||||||
- [ ] Core implementation
|
|
||||||
- [ ] Tests
|
|
||||||
- [ ] Documentation
|
|
||||||
|
|
||||||
### Phase 3: Release
|
|
||||||
- [ ] Beta release
|
|
||||||
- [ ] Feedback collection
|
|
||||||
- [ ] Stable release
|
|
||||||
|
|
||||||
## Success Metrics
|
|
||||||
How will we measure success?
|
|
||||||
- Metric 1
|
|
||||||
- Metric 2
|
|
||||||
|
|
||||||
## References
|
|
||||||
- Related RFCs:
|
|
||||||
- External documentation:
|
|
||||||
- Prior art:
|
|
||||||
|
|
||||||
## Open Questions for Community
|
|
||||||
1. Question 1?
|
|
||||||
2. Question 2?
|
|
||||||
|
|
||||||
---
|
|
||||||
**Note**: This RFC is open for community discussion. Please provide feedback in the comments below.
|
|
||||||
@@ -1,51 +0,0 @@
|
|||||||
---
|
|
||||||
name: Security Vulnerability Report
|
|
||||||
about: Report a security vulnerability (use only for non-critical issues)
|
|
||||||
title: '[SECURITY] '
|
|
||||||
labels: 'security'
|
|
||||||
assignees: ''
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
## ⚠️ IMPORTANT: Private Disclosure Required
|
|
||||||
|
|
||||||
**For critical security vulnerabilities, DO NOT use this template.**
|
|
||||||
Follow the process in [SECURITY.md](../SECURITY.md) for responsible disclosure.
|
|
||||||
|
|
||||||
Use this template only for:
|
|
||||||
- Security improvements
|
|
||||||
- Non-critical security suggestions
|
|
||||||
- Security documentation updates
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Security Issue
|
|
||||||
|
|
||||||
**Severity**:
|
|
||||||
<!-- Low, Medium, or informational only -->
|
|
||||||
|
|
||||||
## Description
|
|
||||||
<!-- Describe the security concern or improvement suggestion -->
|
|
||||||
|
|
||||||
## Affected Components
|
|
||||||
<!-- List the affected files, features, or components -->
|
|
||||||
|
|
||||||
## Suggested Mitigation
|
|
||||||
<!-- Describe how this could be addressed -->
|
|
||||||
|
|
||||||
## Standards Reference
|
|
||||||
Does this relate to security standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
|
|
||||||
- [ ] SPDX license identifiers
|
|
||||||
- [ ] Secret management
|
|
||||||
- [ ] Dependency security
|
|
||||||
- [ ] Access control
|
|
||||||
- [ ] Other: [specify]
|
|
||||||
|
|
||||||
## Additional Context
|
|
||||||
<!-- Add any other context about the security concern -->
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
- [ ] This is NOT a critical vulnerability requiring private disclosure
|
|
||||||
- [ ] I have reviewed the SECURITY.md policy
|
|
||||||
- [ ] I have provided sufficient detail for evaluation
|
|
||||||
@@ -1,24 +0,0 @@
|
|||||||
---
|
|
||||||
name: Version Bump
|
|
||||||
about: Request or track a version change
|
|
||||||
title: '[VERSION] '
|
|
||||||
labels: 'version, type: version'
|
|
||||||
assignees: 'jmiller'
|
|
||||||
---
|
|
||||||
|
|
||||||
## Version Change
|
|
||||||
|
|
||||||
**Current version**: <!-- e.g., 01.02.03 -->
|
|
||||||
**Requested version**: <!-- e.g., 01.03.00 -->
|
|
||||||
**Change type**: <!-- patch / minor / major -->
|
|
||||||
|
|
||||||
## Reason
|
|
||||||
|
|
||||||
<!-- Why is this version bump needed? -->
|
|
||||||
|
|
||||||
## Checklist
|
|
||||||
|
|
||||||
- [ ] README.md `VERSION:` field updated
|
|
||||||
- [ ] CHANGELOG.md entry added
|
|
||||||
- [ ] Module descriptor version updated (Dolibarr: `$this->version`, Joomla: `<version>`)
|
|
||||||
- [ ] All file headers will be auto-propagated by `sync-version-on-merge` workflow
|
|
||||||
@@ -1,251 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Automation
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.gitea/workflows/branch-protection.yml
|
|
||||||
# BRIEF: Apply standardised branch protection rules to all governed repositories
|
|
||||||
#
|
|
||||||
# +========================================================================+
|
|
||||||
# | BRANCH PROTECTION SETUP |
|
|
||||||
# +========================================================================+
|
|
||||||
# | |
|
|
||||||
# | Applies protection rules for: main, dev, rc, beta, alpha |
|
|
||||||
# | |
|
|
||||||
# | main — Require PR, block rejected reviews, no force push |
|
|
||||||
# | dev — Allow push, no force push, no delete |
|
|
||||||
# | rc — Allow push, no force push, no delete |
|
|
||||||
# | beta — Allow push, no force push, no delete |
|
|
||||||
# | alpha — Allow push, no force push, no delete |
|
|
||||||
# | |
|
|
||||||
# | jmiller has override authority on all branches. |
|
|
||||||
# | |
|
|
||||||
# +========================================================================+
|
|
||||||
|
|
||||||
name: Branch Protection Setup
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 2 * * 1' # Weekly Monday 02:00 UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
dry_run:
|
|
||||||
description: 'Preview mode (no changes)'
|
|
||||||
required: false
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
repos:
|
|
||||||
description: 'Comma-separated repo names (empty = all governed repos)'
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
default: ''
|
|
||||||
|
|
||||||
env:
|
|
||||||
GITEA_URL: https://git.mokoconsulting.tech
|
|
||||||
GITEA_ORG: MokoConsulting
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
protect:
|
|
||||||
name: Apply Branch Protection Rules
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Determine target repos
|
|
||||||
id: repos
|
|
||||||
env:
|
|
||||||
GA_TOKEN: ${{ secrets.GA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
API="${GITEA_URL}/api/v1"
|
|
||||||
|
|
||||||
# Platform/standards/infra repos to exclude
|
|
||||||
EXCLUDE="gitea-org-config org-profile gitea-private .mokogitea-private MokoStandards mokocli MokoTesting"
|
|
||||||
EXCLUDE="$EXCLUDE MokoStandards-Template-Client MokoStandards-Template-Dolibarr MokoStandards-Template-Generic MokoStandards-Template-Joomla MokoDoliProjTemplate"
|
|
||||||
|
|
||||||
if [ -n "${{ inputs.repos }}" ]; then
|
|
||||||
# User-specified repos
|
|
||||||
REPOS=$(echo "${{ inputs.repos }}" | tr ',' ' ')
|
|
||||||
else
|
|
||||||
# Fetch all org repos
|
|
||||||
PAGE=1
|
|
||||||
REPOS=""
|
|
||||||
while true; do
|
|
||||||
BATCH=$(curl -sS \
|
|
||||||
-H "Authorization: token ${GA_TOKEN}" \
|
|
||||||
"${API}/orgs/${GITEA_ORG}/repos?page=${PAGE}&limit=50" \
|
|
||||||
| jq -r '.[].name // empty')
|
|
||||||
[ -z "$BATCH" ] && break
|
|
||||||
REPOS="$REPOS $BATCH"
|
|
||||||
PAGE=$((PAGE + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
# Filter out excluded repos
|
|
||||||
FILTERED=""
|
|
||||||
for REPO in $REPOS; do
|
|
||||||
SKIP=false
|
|
||||||
for EX in $EXCLUDE; do
|
|
||||||
if [ "$REPO" = "$EX" ]; then
|
|
||||||
SKIP=true
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
if [ "$SKIP" = "false" ]; then
|
|
||||||
FILTERED="$FILTERED $REPO"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
REPOS="$FILTERED"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "repos=$REPOS" >> "$GITHUB_OUTPUT"
|
|
||||||
COUNT=$(echo "$REPOS" | wc -w)
|
|
||||||
echo "📋 Target repos (${COUNT}): $REPOS"
|
|
||||||
|
|
||||||
- name: Apply protection rules
|
|
||||||
env:
|
|
||||||
GA_TOKEN: ${{ secrets.GA_TOKEN }}
|
|
||||||
DRY_RUN: ${{ inputs.dry_run || 'false' }}
|
|
||||||
run: |
|
|
||||||
API="${GITEA_URL}/api/v1"
|
|
||||||
REPOS="${{ steps.repos.outputs.repos }}"
|
|
||||||
|
|
||||||
SUCCESS=0
|
|
||||||
FAILED=0
|
|
||||||
SKIPPED=0
|
|
||||||
|
|
||||||
# ── Rule definitions ──────────────────────────────────────
|
|
||||||
# Only the CI bot (jmiller token) can push directly.
|
|
||||||
# All human contributors must use PRs.
|
|
||||||
# Force push disabled on all branches.
|
|
||||||
|
|
||||||
RULE_MAIN='{
|
|
||||||
"rule_name": "main",
|
|
||||||
"enable_push": true,
|
|
||||||
"enable_push_whitelist": true,
|
|
||||||
"push_whitelist_usernames": ["jmiller"],
|
|
||||||
"enable_force_push": false,
|
|
||||||
"enable_force_push_allowlist": false,
|
|
||||||
"force_push_allowlist_usernames": [],
|
|
||||||
"enable_merge_whitelist": false,
|
|
||||||
"required_approvals": 0,
|
|
||||||
"dismiss_stale_approvals": true,
|
|
||||||
"block_on_rejected_reviews": true,
|
|
||||||
"block_on_outdated_branch": false,
|
|
||||||
"priority": 1
|
|
||||||
}'
|
|
||||||
|
|
||||||
RULE_DEV='{
|
|
||||||
"rule_name": "dev",
|
|
||||||
"enable_push": true,
|
|
||||||
"enable_push_whitelist": true,
|
|
||||||
"push_whitelist_usernames": ["jmiller"],
|
|
||||||
"enable_force_push": false,
|
|
||||||
"enable_force_push_allowlist": false,
|
|
||||||
"force_push_allowlist_usernames": [],
|
|
||||||
"enable_merge_whitelist": false,
|
|
||||||
"required_approvals": 0,
|
|
||||||
"block_on_rejected_reviews": false,
|
|
||||||
"priority": 2
|
|
||||||
}'
|
|
||||||
|
|
||||||
RULE_RC='{
|
|
||||||
"rule_name": "rc",
|
|
||||||
"enable_push": true,
|
|
||||||
"enable_push_whitelist": true,
|
|
||||||
"push_whitelist_usernames": ["jmiller"],
|
|
||||||
"enable_force_push": false,
|
|
||||||
"enable_force_push_allowlist": false,
|
|
||||||
"force_push_allowlist_usernames": [],
|
|
||||||
"enable_merge_whitelist": false,
|
|
||||||
"required_approvals": 0,
|
|
||||||
"block_on_rejected_reviews": false,
|
|
||||||
"priority": 3
|
|
||||||
}'
|
|
||||||
|
|
||||||
RULE_BETA='{
|
|
||||||
"rule_name": "beta",
|
|
||||||
"enable_push": true,
|
|
||||||
"enable_push_whitelist": true,
|
|
||||||
"push_whitelist_usernames": ["jmiller"],
|
|
||||||
"enable_force_push": false,
|
|
||||||
"enable_force_push_allowlist": false,
|
|
||||||
"force_push_allowlist_usernames": [],
|
|
||||||
"enable_merge_whitelist": false,
|
|
||||||
"required_approvals": 0,
|
|
||||||
"block_on_rejected_reviews": false,
|
|
||||||
"priority": 4
|
|
||||||
}'
|
|
||||||
|
|
||||||
RULE_ALPHA='{
|
|
||||||
"rule_name": "alpha",
|
|
||||||
"enable_push": true,
|
|
||||||
"enable_push_whitelist": true,
|
|
||||||
"push_whitelist_usernames": ["jmiller"],
|
|
||||||
"enable_force_push": false,
|
|
||||||
"enable_force_push_allowlist": false,
|
|
||||||
"force_push_allowlist_usernames": [],
|
|
||||||
"enable_merge_whitelist": false,
|
|
||||||
"required_approvals": 0,
|
|
||||||
"block_on_rejected_reviews": false,
|
|
||||||
"priority": 5
|
|
||||||
}'
|
|
||||||
|
|
||||||
RULES=("$RULE_MAIN" "$RULE_DEV" "$RULE_RC" "$RULE_BETA" "$RULE_ALPHA")
|
|
||||||
RULE_NAMES=("main" "dev" "rc" "beta" "alpha")
|
|
||||||
|
|
||||||
# ── Apply rules to each repo ──────────────────────────────
|
|
||||||
for REPO in $REPOS; do
|
|
||||||
echo ""
|
|
||||||
echo "═══ ${REPO} ═══"
|
|
||||||
|
|
||||||
for i in "${!RULES[@]}"; do
|
|
||||||
RULE="${RULES[$i]}"
|
|
||||||
NAME="${RULE_NAMES[$i]}"
|
|
||||||
|
|
||||||
if [ "$DRY_RUN" = "true" ]; then
|
|
||||||
echo " [DRY RUN] Would apply rule: ${NAME}"
|
|
||||||
SKIPPED=$((SKIPPED + 1))
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Delete existing rule if present (idempotent recreate)
|
|
||||||
ENCODED_NAME=$(echo "$NAME" | sed 's|/|%2F|g')
|
|
||||||
curl -sS -o /dev/null -w "" \
|
|
||||||
-X DELETE \
|
|
||||||
-H "Authorization: token ${GA_TOKEN}" \
|
|
||||||
"${API}/repos/${GITEA_ORG}/${REPO}/branch_protections/${ENCODED_NAME}" 2>/dev/null || true
|
|
||||||
|
|
||||||
# Create rule
|
|
||||||
RESPONSE=$(curl -sS -w "\n%{http_code}" \
|
|
||||||
-X POST \
|
|
||||||
-H "Authorization: token ${GA_TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "$RULE" \
|
|
||||||
"${API}/repos/${GITEA_ORG}/${REPO}/branch_protections")
|
|
||||||
|
|
||||||
HTTP=$(echo "$RESPONSE" | tail -1)
|
|
||||||
BODY=$(echo "$RESPONSE" | sed '$d')
|
|
||||||
|
|
||||||
if [ "$HTTP" = "201" ]; then
|
|
||||||
echo " ✅ ${NAME}"
|
|
||||||
SUCCESS=$((SUCCESS + 1))
|
|
||||||
else
|
|
||||||
echo " ❌ ${NAME} (HTTP ${HTTP}): $(echo "$BODY" | jq -r '.message // .' 2>/dev/null | head -1)"
|
|
||||||
FAILED=$((FAILED + 1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
# ── Summary ───────────────────────────────────────────────
|
|
||||||
echo ""
|
|
||||||
echo "════════════════════════════════════════"
|
|
||||||
echo " ✅ Success: ${SUCCESS}"
|
|
||||||
echo " ❌ Failed: ${FAILED}"
|
|
||||||
echo " ⏭️ Skipped: ${SKIPPED}"
|
|
||||||
echo "════════════════════════════════════════"
|
|
||||||
|
|
||||||
if [ "$FAILED" -gt 0 ]; then
|
|
||||||
echo "::warning::${FAILED} rule(s) failed to apply"
|
|
||||||
fi
|
|
||||||
@@ -1,66 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Release
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.mokogitea/workflows/auto-bump.yml
|
|
||||||
# VERSION: 09.02.00
|
|
||||||
# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
|
|
||||||
|
|
||||||
name: "Universal: Auto Version Bump"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- dev
|
|
||||||
- rc
|
|
||||||
- 'feature/**'
|
|
||||||
- 'patch/**'
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
bump:
|
|
||||||
name: Version Bump
|
|
||||||
runs-on: release
|
|
||||||
if: >-
|
|
||||||
!contains(github.event.head_commit.message, '[skip ci]') &&
|
|
||||||
!contains(github.event.head_commit.message, '[skip bump]') &&
|
|
||||||
!startsWith(github.event.head_commit.message, 'Merge pull request')
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
fetch-depth: 1
|
|
||||||
|
|
||||||
- name: Setup mokocli tools
|
|
||||||
run: |
|
|
||||||
if ! command -v composer &> /dev/null; then
|
|
||||||
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
if [ -d "/opt/mokocli/cli" ]; then
|
|
||||||
echo "MOKO_CLI=/opt/mokocli/cli" >> "$GITHUB_ENV"
|
|
||||||
else
|
|
||||||
git clone --depth 1 --branch main --quiet \
|
|
||||||
"https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/MokoCLI.git" \
|
|
||||||
/tmp/mokocli
|
|
||||||
cd /tmp/mokocli && composer install --no-dev --no-interaction --quiet
|
|
||||||
echo "MOKO_CLI=/tmp/mokocli/cli" >> "$GITHUB_ENV"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Bump version
|
|
||||||
run: |
|
|
||||||
php ${MOKO_CLI}/version_auto_bump.php \
|
|
||||||
--path . --branch "${GITHUB_REF_NAME}" \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" \
|
|
||||||
--repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
|
|
||||||
@@ -1,207 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# This file is part of a Moko Consulting project.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: GitHub.Workflow
|
|
||||||
# INGROUP: MokoStandards.Automation
|
|
||||||
# REPO: https://github.com/mokoconsulting-tech/MokoStandards
|
|
||||||
# PATH: /templates/workflows/shared/auto-dev-issue.yml.template
|
|
||||||
# VERSION: 04.06.00
|
|
||||||
# BRIEF: Auto-create tracking issue with sub-issues for dev/rc branch workflow
|
|
||||||
# NOTE: Synced via bulk-repo-sync to .mokogitea/workflows/auto-dev-issue.yml in all governed repos.
|
|
||||||
|
|
||||||
name: "Universal: Dev/RC Branch Issue"
|
|
||||||
|
|
||||||
on:
|
|
||||||
# Auto-create on RC branch creation
|
|
||||||
create:
|
|
||||||
# Manual trigger for dev branches
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
branch:
|
|
||||||
description: 'Branch name (e.g., dev/my-feature or dev/04.06)'
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
issues: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
create-issue:
|
|
||||||
name: Create version tracking issue
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
(github.event_name == 'workflow_dispatch') ||
|
|
||||||
(github.event.ref_type == 'branch' &&
|
|
||||||
(startsWith(github.event.ref, 'rc/') ||
|
|
||||||
startsWith(github.event.ref, 'alpha/') ||
|
|
||||||
startsWith(github.event.ref, 'beta/')))
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Create tracking issue and sub-issues
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_TOKEN || github.token }}
|
|
||||||
run: |
|
|
||||||
# For manual dispatch, use input; for auto, use event ref
|
|
||||||
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
||||||
BRANCH="${{ inputs.branch }}"
|
|
||||||
else
|
|
||||||
BRANCH="${{ github.event.ref }}"
|
|
||||||
fi
|
|
||||||
REPO="${{ github.repository }}"
|
|
||||||
ACTOR="${{ github.actor }}"
|
|
||||||
NOW=$(date -u '+%Y-%m-%d %H:%M UTC')
|
|
||||||
|
|
||||||
# Determine branch type and version
|
|
||||||
if [[ "$BRANCH" == rc/* ]]; then
|
|
||||||
VERSION="${BRANCH#rc/}"
|
|
||||||
BRANCH_TYPE="Release Candidate"
|
|
||||||
LABEL_TYPE="type: release"
|
|
||||||
TITLE_PREFIX="rc"
|
|
||||||
elif [[ "$BRANCH" == beta/* ]]; then
|
|
||||||
VERSION="${BRANCH#beta/}"
|
|
||||||
BRANCH_TYPE="Beta"
|
|
||||||
LABEL_TYPE="type: release"
|
|
||||||
TITLE_PREFIX="beta"
|
|
||||||
elif [[ "$BRANCH" == alpha/* ]]; then
|
|
||||||
VERSION="${BRANCH#alpha/}"
|
|
||||||
BRANCH_TYPE="Alpha"
|
|
||||||
LABEL_TYPE="type: release"
|
|
||||||
TITLE_PREFIX="alpha"
|
|
||||||
else
|
|
||||||
VERSION="${BRANCH#dev/}"
|
|
||||||
BRANCH_TYPE="Development"
|
|
||||||
LABEL_TYPE="type: feature"
|
|
||||||
TITLE_PREFIX="feat"
|
|
||||||
fi
|
|
||||||
|
|
||||||
TITLE="${TITLE_PREFIX}(${VERSION}): ${BRANCH_TYPE} tracking for ${BRANCH}"
|
|
||||||
|
|
||||||
# Check for existing issue with same title prefix
|
|
||||||
EXISTING=$(gh api "repos/${REPO}/issues?state=open&per_page=10" \
|
|
||||||
--jq ".[] | select(.title | startswith(\"${TITLE_PREFIX}(${VERSION})\")) | .number" 2>/dev/null | head -1)
|
|
||||||
|
|
||||||
if [ -n "$EXISTING" ]; then
|
|
||||||
echo "ℹ️ Issue #${EXISTING} already exists for ${VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Define sub-issues for the workflow ─────────────────────────
|
|
||||||
if [[ "$BRANCH" == rc/* ]]; then
|
|
||||||
SUB_ISSUES=(
|
|
||||||
"RC Testing|Verify all features work on rc branch|type: test,release-candidate"
|
|
||||||
"Regression Testing|Run full regression suite before merge|type: test,release-candidate"
|
|
||||||
"Version Bump|Bump version in README.md and all headers|type: version,release-candidate"
|
|
||||||
"Changelog Update|Update CHANGELOG.md with release notes|documentation,release-candidate"
|
|
||||||
"Merge to Version Branch|Create PR to version/XX|type: release,needs-review"
|
|
||||||
)
|
|
||||||
elif [[ "$BRANCH" == alpha/* ]] || [[ "$BRANCH" == beta/* ]]; then
|
|
||||||
SUB_ISSUES=(
|
|
||||||
"Testing|Verify features on ${BRANCH_TYPE} branch|type: test,status: in-progress"
|
|
||||||
"Bug Fixes|Fix issues found during ${BRANCH_TYPE} testing|type: bug,status: pending"
|
|
||||||
"Promote to Next Stage|Create PR to promote to next release stage|type: release,needs-review"
|
|
||||||
)
|
|
||||||
else
|
|
||||||
SUB_ISSUES=(
|
|
||||||
"Development|Implement feature/fix on dev branch|type: feature,status: in-progress"
|
|
||||||
"Unit Testing|Write and pass unit tests|type: test,status: pending"
|
|
||||||
"Code Review|Request and complete code review|needs-review,status: pending"
|
|
||||||
"Version Bump|Bump version in README.md and all headers|type: version,status: pending"
|
|
||||||
"Changelog Update|Update CHANGELOG.md with release notes|documentation,status: pending"
|
|
||||||
"Create RC Branch|Promote dev to rc branch for final testing|type: release,status: pending"
|
|
||||||
"Merge to Main|Create PR from rc/dev to main|type: release,needs-review,status: pending"
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Create sub-issues first ───────────────────────────────────────
|
|
||||||
SUB_LIST=""
|
|
||||||
SUB_NUMBERS=""
|
|
||||||
for SUB in "${SUB_ISSUES[@]}"; do
|
|
||||||
IFS='|' read -r SUB_TITLE SUB_DESC SUB_LABELS <<< "$SUB"
|
|
||||||
SUB_FULL_TITLE="${TITLE_PREFIX}(${VERSION}): ${SUB_TITLE}"
|
|
||||||
|
|
||||||
SUB_BODY=$(printf '### %s\n\n%s\n\n| Field | Value |\n|-------|-------|\n| **Parent Branch** | `%s` |\n| **Version** | `%s` |\n\n---\n*Sub-issue of the %s tracking issue for `%s`.*' \
|
|
||||||
"$SUB_TITLE" "$SUB_DESC" "$BRANCH" "$VERSION" "$BRANCH_TYPE" "$BRANCH")
|
|
||||||
|
|
||||||
SUB_URL=$(gh issue create \
|
|
||||||
--repo "$REPO" \
|
|
||||||
--title "$SUB_FULL_TITLE" \
|
|
||||||
--body "$SUB_BODY" \
|
|
||||||
--label "${SUB_LABELS}" \
|
|
||||||
--assignee "jmiller" 2>&1)
|
|
||||||
|
|
||||||
SUB_NUM=$(echo "$SUB_URL" | grep -oE '[0-9]+$')
|
|
||||||
if [ -n "$SUB_NUM" ]; then
|
|
||||||
SUB_LIST="${SUB_LIST}\n- [ ] ${SUB_TITLE} (#${SUB_NUM})"
|
|
||||||
SUB_NUMBERS="${SUB_NUMBERS} #${SUB_NUM}"
|
|
||||||
fi
|
|
||||||
sleep 0.3
|
|
||||||
done
|
|
||||||
|
|
||||||
# ── Create parent tracking issue ──────────────────────────────────
|
|
||||||
PARENT_BODY=$(printf '## %s Branch Created\n\n| Field | Value |\n|-------|-------|\n| **Branch** | `%s` |\n| **Version** | `%s` |\n| **Type** | %s |\n| **Created by** | @%s |\n| **Created at** | %s |\n| **Repository** | `%s` |\n\n## Workflow Sub-Issues\n\n%b\n\n---\n*Auto-created by [auto-dev-issue.yml](.github/workflows/auto-dev-issue.yml) on branch creation.*' \
|
|
||||||
"$BRANCH_TYPE" "$BRANCH" "$VERSION" "$BRANCH_TYPE" "$ACTOR" "$NOW" "$REPO" "$SUB_LIST")
|
|
||||||
|
|
||||||
PARENT_URL=$(gh issue create \
|
|
||||||
--repo "$REPO" \
|
|
||||||
--title "$TITLE" \
|
|
||||||
--body "$PARENT_BODY" \
|
|
||||||
--label "${LABEL_TYPE},version" \
|
|
||||||
--assignee "jmiller" 2>&1)
|
|
||||||
|
|
||||||
PARENT_NUM=$(echo "$PARENT_URL" | grep -oE '[0-9]+$')
|
|
||||||
|
|
||||||
# ── Link sub-issues back to parent ────────────────────────────────
|
|
||||||
if [ -n "$PARENT_NUM" ]; then
|
|
||||||
for SUB in "${SUB_ISSUES[@]}"; do
|
|
||||||
IFS='|' read -r SUB_TITLE _ _ <<< "$SUB"
|
|
||||||
SUB_FULL_TITLE="${TITLE_PREFIX}(${VERSION}): ${SUB_TITLE}"
|
|
||||||
SUB_NUM=$(gh api "repos/${REPO}/issues?state=open&per_page=20" \
|
|
||||||
--jq ".[] | select(.title == \"${SUB_FULL_TITLE}\") | .number" 2>/dev/null | head -1)
|
|
||||||
if [ -n "$SUB_NUM" ]; then
|
|
||||||
gh api "repos/${REPO}/issues/${SUB_NUM}" -X PATCH \
|
|
||||||
-f body="$(gh api "repos/${REPO}/issues/${SUB_NUM}" --jq '.body' 2>/dev/null)
|
|
||||||
|
|
||||||
> **Parent Issue:** #${PARENT_NUM}" --silent 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
sleep 0.2
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Create or update prerelease for alpha/beta/rc ────────────────
|
|
||||||
if [[ "$BRANCH" == rc/* ]] || [[ "$BRANCH" == alpha/* ]] || [[ "$BRANCH" == beta/* ]]; then
|
|
||||||
case "$BRANCH_TYPE" in
|
|
||||||
Alpha) RELEASE_TAG="alpha" ;;
|
|
||||||
Beta) RELEASE_TAG="beta" ;;
|
|
||||||
"Release Candidate") RELEASE_TAG="release-candidate" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
EXISTING=$(gh release view "$RELEASE_TAG" --json tagName -q .tagName 2>/dev/null || true)
|
|
||||||
if [ -z "$EXISTING" ]; then
|
|
||||||
gh release create "$RELEASE_TAG" \
|
|
||||||
--title "${RELEASE_TAG} (${VERSION})" \
|
|
||||||
--notes "## ${BRANCH_TYPE} ${VERSION}\n\nBranch: \`${BRANCH}\`\nTracking issue: ${PARENT_URL}" \
|
|
||||||
--prerelease \
|
|
||||||
--target main 2>/dev/null || true
|
|
||||||
echo "${BRANCH_TYPE} release created: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
gh release edit "$RELEASE_TAG" \
|
|
||||||
--title "${RELEASE_TAG} (${VERSION})" --prerelease 2>/dev/null || true
|
|
||||||
echo "${BRANCH_TYPE} release updated: ${RELEASE_TAG}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Summary ───────────────────────────────────────────────────────
|
|
||||||
echo "## Dev Workflow Issues Created" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Item | Issue |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "|------|-------|" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| **Parent** | ${PARENT_URL} |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| **Sub-issues** |${SUB_NUMBERS} |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
@@ -1,467 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Release
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /templates/workflows/universal/auto-release.yml.template
|
|
||||||
# VERSION: 05.00.00
|
|
||||||
# BRIEF: Universal build & release � detects platform from manifest.xml
|
|
||||||
#
|
|
||||||
# +=======================================================================+
|
|
||||||
# | UNIVERSAL BUILD & RELEASE PIPELINE |
|
|
||||||
# +=======================================================================+
|
|
||||||
# | |
|
|
||||||
# | Reads manifest.xml (joomla|dolibarr|generic) to branch logic. |
|
|
||||||
# | |
|
|
||||||
# | Platform-specific: |
|
|
||||||
# | joomla: XML manifest, type-prefixed packages |
|
|
||||||
# | dolibarr: mod*.class.php, update.txt, dev version reset |
|
|
||||||
# | generic: README-only, no update stream |
|
|
||||||
# | |
|
|
||||||
# +=======================================================================+
|
|
||||||
|
|
||||||
name: "Universal: Build & Release"
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [opened, synchronize, closed]
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
paths-ignore:
|
|
||||||
- '.mokogitea/workflows/**'
|
|
||||||
- '*.md'
|
|
||||||
- 'wiki/**'
|
|
||||||
- '.editorconfig'
|
|
||||||
- '.gitignore'
|
|
||||||
- '.gitattributes'
|
|
||||||
- '.gitmessage'
|
|
||||||
- 'LICENSE'
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
action:
|
|
||||||
description: 'Action to perform'
|
|
||||||
required: false
|
|
||||||
type: choice
|
|
||||||
default: release
|
|
||||||
options:
|
|
||||||
- release
|
|
||||||
- promote-rc
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
|
|
||||||
GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
# ── PR Opened → Rename branch to RC and build RC release ─────────────────────────
|
|
||||||
promote-rc:
|
|
||||||
name: Promote to RC
|
|
||||||
runs-on: release
|
|
||||||
if: >-
|
|
||||||
(github.event.action == 'opened' && github.event.pull_request.merged != true) ||
|
|
||||||
(github.event.action == 'synchronize' && github.event.pull_request.merged != true) ||
|
|
||||||
(github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
fetch-depth: 1
|
|
||||||
|
|
||||||
- name: Setup mokocli tools
|
|
||||||
env:
|
|
||||||
MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
|
|
||||||
run: |
|
|
||||||
if [ -f /opt/mokocli/cli/version_bump.php ] && [ -f /opt/mokocli/vendor/autoload.php ]; then
|
|
||||||
echo Using pre-installed /opt/mokocli
|
|
||||||
echo MOKO_CLI=/opt/mokocli/cli >> $GITHUB_ENV
|
|
||||||
else
|
|
||||||
echo Falling back to fresh clone
|
|
||||||
if ! command -v composer > /dev/null 2>&1; then
|
|
||||||
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
rm -rf /tmp/mokocli
|
|
||||||
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
|
|
||||||
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
|
|
||||||
cd /tmp/mokocli
|
|
||||||
composer install --no-dev --no-interaction --quiet
|
|
||||||
echo MOKO_CLI=/tmp/mokocli/cli >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Rename branch to rc
|
|
||||||
run: |
|
|
||||||
php ${MOKO_CLI}/branch_rename.php \
|
|
||||||
--from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" \
|
|
||||||
--api-base "${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
|
|
||||||
--pr "${{ github.event.pull_request.number }}"
|
|
||||||
|
|
||||||
- name: Checkout rc and configure git
|
|
||||||
run: |
|
|
||||||
git fetch origin rc
|
|
||||||
git checkout rc
|
|
||||||
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
|
|
||||||
git config --local user.name "gitea-actions[bot]"
|
|
||||||
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
|
|
||||||
|
|
||||||
- name: Publish RC release
|
|
||||||
run: |
|
|
||||||
php ${MOKO_CLI}/release_publish.php \
|
|
||||||
--path . --stability rc --bump minor --branch rc \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
- name: Update RC release notes from CHANGELOG.md
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
# Extract [Unreleased] section from changelog
|
|
||||||
NOTES=""
|
|
||||||
if [ -f "CHANGELOG.md" ]; then
|
|
||||||
NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
|
|
||||||
fi
|
|
||||||
[ -z "$NOTES" ] && NOTES="Release candidate"
|
|
||||||
|
|
||||||
# Find the RC release and update its body
|
|
||||||
RELEASE_ID=$(curl -sf -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/releases/tags/release-candidate" \
|
|
||||||
| python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
|
|
||||||
|
|
||||||
if [ -n "$RELEASE_ID" ]; then
|
|
||||||
python3 -c "
|
|
||||||
import json, urllib.request
|
|
||||||
body = open('/dev/stdin').read()
|
|
||||||
payload = json.dumps({'body': body}).encode()
|
|
||||||
req = urllib.request.Request(
|
|
||||||
'${API_BASE}/releases/${RELEASE_ID}',
|
|
||||||
data=payload, method='PATCH',
|
|
||||||
headers={
|
|
||||||
'Authorization': 'token ${TOKEN}',
|
|
||||||
'Content-Type': 'application/json'
|
|
||||||
})
|
|
||||||
urllib.request.urlopen(req)
|
|
||||||
" <<< "$NOTES"
|
|
||||||
echo "RC release notes updated from CHANGELOG.md"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Summary
|
|
||||||
if: always()
|
|
||||||
run: |
|
|
||||||
echo "## Promoted to Release Candidate" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Branch renamed to rc, minor bump, RC release built" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# ── Merged PR → Build & Release (or promote RC to stable) ─────────────────────────
|
|
||||||
release:
|
|
||||||
name: Build & Release Pipeline
|
|
||||||
runs-on: release
|
|
||||||
if: >-
|
|
||||||
github.event.pull_request.merged == true ||
|
|
||||||
(github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Configure git for bot pushes
|
|
||||||
run: |
|
|
||||||
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
|
|
||||||
git config --local user.name "gitea-actions[bot]"
|
|
||||||
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
|
|
||||||
|
|
||||||
- name: Check for merge conflict markers
|
|
||||||
run: |
|
|
||||||
CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
|
|
||||||
if [ -n "$CONFLICTS" ]; then
|
|
||||||
echo "::error::Merge conflict markers found — aborting release"
|
|
||||||
echo "## Release Blocked: Conflict Markers" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "No conflict markers found"
|
|
||||||
|
|
||||||
- name: Setup mokocli tools
|
|
||||||
env:
|
|
||||||
MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
|
|
||||||
COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN }}"}}'
|
|
||||||
run: |
|
|
||||||
if [ -f /opt/mokocli/cli/version_bump.php ] && [ -f /opt/mokocli/vendor/autoload.php ]; then
|
|
||||||
echo Using pre-installed /opt/mokocli
|
|
||||||
echo MOKO_CLI=/opt/mokocli/cli >> $GITHUB_ENV
|
|
||||||
else
|
|
||||||
echo Falling back to fresh clone
|
|
||||||
if ! command -v composer > /dev/null 2>&1; then
|
|
||||||
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
rm -rf /tmp/mokocli
|
|
||||||
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
|
|
||||||
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
|
|
||||||
cd /tmp/mokocli
|
|
||||||
composer install --no-dev --no-interaction --quiet
|
|
||||||
echo MOKO_CLI=/tmp/mokocli/cli >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: "Detect platform"
|
|
||||||
id: platform
|
|
||||||
run: |
|
|
||||||
php ${MOKO_CLI}/platform_detect.php --path . --github-output 2>/dev/null || true
|
|
||||||
php ${MOKO_CLI}/manifest_read.php --path . --github-output 2>/dev/null || true
|
|
||||||
|
|
||||||
- name: "Determine version bump level"
|
|
||||||
id: bump
|
|
||||||
run: |
|
|
||||||
# Fix/patch branches: version was already bumped by pre-release, just strip suffix
|
|
||||||
# Feature/dev branches: bump minor for the new stable release
|
|
||||||
HEAD_REF="${{ github.event.pull_request.head.ref || 'dev' }}"
|
|
||||||
case "$HEAD_REF" in
|
|
||||||
fix/*|patch/*|hotfix/*|bugfix/*) BUMP="none" ;;
|
|
||||||
*) BUMP="minor" ;;
|
|
||||||
esac
|
|
||||||
echo "level=${BUMP}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "Bump level: ${BUMP} (from branch: ${HEAD_REF})"
|
|
||||||
|
|
||||||
- name: "Publish stable release"
|
|
||||||
run: |
|
|
||||||
BUMP_FLAG=""
|
|
||||||
if [ "${{ steps.bump.outputs.level }}" != "none" ]; then
|
|
||||||
BUMP_FLAG="--bump ${{ steps.bump.outputs.level }}"
|
|
||||||
fi
|
|
||||||
php ${MOKO_CLI}/release_publish.php \
|
|
||||||
--path . --stability stable ${BUMP_FLAG} --branch main \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
- name: "Read published version"
|
|
||||||
id: version
|
|
||||||
run: |
|
|
||||||
VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "")
|
|
||||||
VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
|
|
||||||
[ -z "$VERSION" ] && VERSION="00.00.00" && echo "skip=true" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
if [[ "$PLATFORM" == joomla* ]]; then
|
|
||||||
echo "tag=stable" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "release_tag=stable" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "tag=v${VERSION}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "release_tag=v${VERSION}" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
echo "branch=main" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "Published version: ${VERSION}"
|
|
||||||
|
|
||||||
- name: "Create semver tag for non-Joomla repos"
|
|
||||||
id: semver
|
|
||||||
if: |
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
!startsWith(steps.platform.outputs.platform, 'joomla')
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
SEMVER_TAG="v${VERSION}"
|
|
||||||
|
|
||||||
echo "Creating semver tag: ${SEMVER_TAG}"
|
|
||||||
|
|
||||||
# Create the git tag via API
|
|
||||||
HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" \
|
|
||||||
-X POST -H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API_BASE}/tags" \
|
|
||||||
-d "{\"tag_name\":\"${SEMVER_TAG}\",\"target\":\"main\",\"message\":\"Release ${VERSION}\"}" 2>/dev/null || echo "000")
|
|
||||||
|
|
||||||
if [ "$HTTP_CODE" = "201" ] || [ "$HTTP_CODE" = "200" ]; then
|
|
||||||
echo "Created semver tag: ${SEMVER_TAG}"
|
|
||||||
elif [ "$HTTP_CODE" = "409" ]; then
|
|
||||||
echo "Semver tag ${SEMVER_TAG} already exists (skipped)"
|
|
||||||
else
|
|
||||||
echo "::warning::Failed to create semver tag ${SEMVER_TAG} (HTTP ${HTTP_CODE})"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "semver_tag=${SEMVER_TAG}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
- name: Update release notes and promote changelog
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
# Get the stable release info (version and ID)
|
|
||||||
RELEASE_JSON=$(curl -sf -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/releases/tags/stable" 2>/dev/null || echo '{}')
|
|
||||||
RELEASE_ID=$(python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" <<< "$RELEASE_JSON" 2>/dev/null || true)
|
|
||||||
# Extract version from release name (e.g. "06.17.00" or "v06.17.00")
|
|
||||||
VERSION=$(python3 -c "
|
|
||||||
import json, sys, re
|
|
||||||
r = json.load(sys.stdin)
|
|
||||||
name = r.get('name', '')
|
|
||||||
m = re.search(r'(\d+\.\d+\.\d+)', name)
|
|
||||||
print(m.group(1) if m else '')
|
|
||||||
" <<< "$RELEASE_JSON" 2>/dev/null || true)
|
|
||||||
|
|
||||||
# Extract [Unreleased] section from changelog
|
|
||||||
NOTES=""
|
|
||||||
if [ -f "CHANGELOG.md" ]; then
|
|
||||||
NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
|
|
||||||
fi
|
|
||||||
[ -z "$NOTES" ] && NOTES="Stable release"
|
|
||||||
|
|
||||||
# Update release body via API
|
|
||||||
if [ -n "$RELEASE_ID" ]; then
|
|
||||||
python3 -c "
|
|
||||||
import json, urllib.request
|
|
||||||
body = open('/dev/stdin').read()
|
|
||||||
payload = json.dumps({'body': body}).encode()
|
|
||||||
req = urllib.request.Request(
|
|
||||||
'${API_BASE}/releases/${RELEASE_ID}',
|
|
||||||
data=payload, method='PATCH',
|
|
||||||
headers={
|
|
||||||
'Authorization': 'token ${TOKEN}',
|
|
||||||
'Content-Type': 'application/json'
|
|
||||||
})
|
|
||||||
urllib.request.urlopen(req)
|
|
||||||
" <<< "$NOTES"
|
|
||||||
echo "Release notes updated from CHANGELOG.md"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Promote [Unreleased] → [version] in CHANGELOG.md and reset
|
|
||||||
if [ -n "$VERSION" ] && [ -f "CHANGELOG.md" ]; then
|
|
||||||
DATE=$(date +%Y-%m-%d)
|
|
||||||
python3 -c "
|
|
||||||
import sys
|
|
||||||
version, date = sys.argv[1], sys.argv[2]
|
|
||||||
content = open('CHANGELOG.md').read()
|
|
||||||
old = '## [Unreleased]'
|
|
||||||
new = f'## [Unreleased]\n\n## [{version}] --- {date}'
|
|
||||||
content = content.replace(old, new, 1)
|
|
||||||
open('CHANGELOG.md', 'w').write(content)
|
|
||||||
" "$VERSION" "$DATE"
|
|
||||||
git add CHANGELOG.md
|
|
||||||
git commit -m "chore: promote changelog [Unreleased] → [${VERSION}]" || true
|
|
||||||
git push origin main || true
|
|
||||||
echo "Changelog promoted: [Unreleased] → [${VERSION}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -- STEP 9: Mirror to GitHub (stable only) --------------------------------
|
|
||||||
- name: "Step 9: Mirror release to GitHub"
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
secrets.GH_MIRROR_TOKEN != ''
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
|
|
||||||
RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
|
|
||||||
GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
php ${MOKO_CLI}/release_mirror.php \
|
|
||||||
--version "$VERSION" --tag "$RELEASE_TAG" \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
|
|
||||||
--gh-token "${{ secrets.GH_MIRROR_TOKEN }}" --gh-repo "$GH_REPO" \
|
|
||||||
--branch main 2>&1 || true
|
|
||||||
echo "GitHub mirror updated" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# -- STEP 10: Sync main branch to GitHub mirror ----------------------------
|
|
||||||
- name: "Step 10: Push main to GitHub mirror"
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
secrets.GH_MIRROR_TOKEN != ''
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
|
|
||||||
GH_ORG=$(echo "$GH_REPO" | cut -d/ -f1)
|
|
||||||
GH_NAME=$(echo "$GH_REPO" | cut -d/ -f2)
|
|
||||||
git remote add github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git" 2>/dev/null || \
|
|
||||||
git remote set-url github "https://x-access-token:${{ secrets.GH_MIRROR_TOKEN }}@github.com/${GH_ORG}/${GH_NAME}.git"
|
|
||||||
git fetch origin main --depth=1
|
|
||||||
git push github origin/main:refs/heads/main --force 2>/dev/null \
|
|
||||||
&& echo "main branch pushed to GitHub mirror" \
|
|
||||||
|| echo "WARNING: GitHub mirror push failed"
|
|
||||||
|
|
||||||
- name: "Step 11: Delete rc branch and recreate dev from main"
|
|
||||||
if: steps.version.outputs.skip != 'true'
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
# Delete rc branch (ephemeral — created by promote-rc)
|
|
||||||
curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/branches/rc" 2>/dev/null \
|
|
||||||
&& echo "Deleted rc branch" || echo "rc branch not found"
|
|
||||||
|
|
||||||
# Delete dev branch
|
|
||||||
curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
|
|
||||||
|
|
||||||
# Recreate dev from main (now includes version bump + changelog promotion)
|
|
||||||
curl -sf -X POST -H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API_BASE}/branches" \
|
|
||||||
-d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
|
|
||||||
|
|
||||||
echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
- name: "Step 12: Create version branch from main"
|
|
||||||
if: steps.version.outputs.skip != 'true'
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
|
|
||||||
BRANCH_NAME="version/${VERSION}"
|
|
||||||
MAIN_SHA=$(git rev-parse HEAD)
|
|
||||||
|
|
||||||
# Delete old version branch if it exists (same version re-release)
|
|
||||||
curl -sf -X DELETE -H "Authorization: token ${TOKEN}" "${API_BASE}/branches/${BRANCH_NAME}" 2>/dev/null && echo "Deleted old ${BRANCH_NAME}"
|
|
||||||
|
|
||||||
# Create version/XX.YY.ZZ from main
|
|
||||||
curl -sf -X POST -H "Authorization: token ${TOKEN}" -H "Content-Type: application/json" "${API_BASE}/branches" -d "{\"new_branch_name\":\"${BRANCH_NAME}\",\"old_branch_name\":\"main\"}" 2>/dev/null && echo "Created ${BRANCH_NAME} from main (${MAIN_SHA})" || echo "WARNING: ${BRANCH_NAME} creation failed"
|
|
||||||
|
|
||||||
echo "Version branch created: ${BRANCH_NAME} (${MAIN_SHA})" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# -- Dolibarr post-release: Reset dev version -----------------------------
|
|
||||||
- name: "Post-release: Reset dev version"
|
|
||||||
if: steps.version.outputs.skip != 'true'
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
php ${MOKO_CLI}/version_reset_dev.php \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
|
|
||||||
--branch dev --path . 2>&1 || true
|
|
||||||
|
|
||||||
# -- Summary --------------------------------------------------------------
|
|
||||||
- name: Pipeline Summary
|
|
||||||
if: always()
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
|
|
||||||
echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "No VERSION in README.md" >> $GITHUB_STEP_SUMMARY
|
|
||||||
elif [ "${{ steps.check.outputs.already_released }}" = "true" ]; then
|
|
||||||
echo "## Already Released — ${VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "## Build & Release Complete (${PLATFORM})" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Step | Result |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "|------|--------|" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Platform | \`${PLATFORM}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Release | [View](${MOKOGITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: MokoStandards.Universal
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.mokogitea/workflows/branch-cleanup.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Delete feature branches after PR merge
|
|
||||||
|
|
||||||
name: "Branch Cleanup"
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [closed]
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
cleanup:
|
|
||||||
name: Delete merged branch
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
github.event.pull_request.merged == true &&
|
|
||||||
github.event.pull_request.head.ref != 'dev' &&
|
|
||||||
github.event.pull_request.head.ref != 'main'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Delete source branch
|
|
||||||
run: |
|
|
||||||
BRANCH="${{ github.event.pull_request.head.ref }}"
|
|
||||||
API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
|
|
||||||
ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
|
|
||||||
|
|
||||||
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
|
|
||||||
-H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
|
|
||||||
"${API}/${ENCODED}" 2>/dev/null || true)
|
|
||||||
|
|
||||||
if [ "$STATUS" = "204" ]; then
|
|
||||||
echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
elif [ "$STATUS" = "404" ]; then
|
|
||||||
echo "Branch already deleted: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "::warning::Failed to delete branch ${BRANCH} (HTTP ${STATUS})"
|
|
||||||
fi
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
# DISABLED — auto-release Step 11 recreates dev from main after every release.
|
|
||||||
# Cascade-dev is redundant and causes version conflicts when both main and dev
|
|
||||||
# have different version numbers in templateDetails.xml / manifest.xml.
|
|
||||||
name: "Cascade Main → Dev (DISABLED)"
|
|
||||||
on: workflow_dispatch
|
|
||||||
jobs:
|
|
||||||
noop:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- run: echo "Cascade disabled — auto-release handles dev recreation"
|
|
||||||
@@ -1,102 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# This file is part of a Moko Consulting project.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: GitHub.Workflow.Template
|
|
||||||
# INGROUP: MokoStandards.CI
|
|
||||||
# REPO: https://github.com/mokoconsulting-tech/MokoStandards
|
|
||||||
# PATH: /templates/workflows/shared/changelog-validation.yml.template
|
|
||||||
# VERSION: 04.06.00
|
|
||||||
# BRIEF: Validates CHANGELOG.md format and version consistency
|
|
||||||
# NOTE: Deployed to .mokogitea/workflows/changelog-validation.yml in governed repos.
|
|
||||||
|
|
||||||
name: "Universal: Changelog Validation"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
validate-changelog:
|
|
||||||
name: Validate CHANGELOG.md
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
|
|
||||||
- name: Check CHANGELOG.md exists
|
|
||||||
run: |
|
|
||||||
echo "### Changelog Validation" >> $GITHUB_STEP_SUMMARY
|
|
||||||
if [ ! -f "CHANGELOG.md" ]; then
|
|
||||||
echo "CHANGELOG.md not found in repository root." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "CHANGELOG.md exists." >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
- name: Check VERSION header matches README.md
|
|
||||||
run: |
|
|
||||||
# Extract version from README.md FILE INFORMATION block
|
|
||||||
README_VERSION=$(grep -oP '^\s*VERSION:\s*\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' README.md | head -1)
|
|
||||||
if [ -z "$README_VERSION" ]; then
|
|
||||||
echo "No VERSION found in README.md FILE INFORMATION block." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check that CHANGELOG.md has a matching version header
|
|
||||||
CHANGELOG_VERSION=$(grep -oP '^\#\#\s*\[\K[0-9]{2}\.[0-9]{2}\.[0-9]{2}' CHANGELOG.md | head -1)
|
|
||||||
if [ -z "$CHANGELOG_VERSION" ]; then
|
|
||||||
echo "No version header found in CHANGELOG.md (expected \`## [XX.YY.ZZ] - YYYY-MM-DD\`)." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$CHANGELOG_VERSION" != "$README_VERSION" ]; then
|
|
||||||
echo "CHANGELOG latest version \`${CHANGELOG_VERSION}\` does not match README VERSION \`${README_VERSION}\`." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "CHANGELOG version \`${CHANGELOG_VERSION}\` matches README VERSION." >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
- name: Validate conventional changelog format
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
|
|
||||||
# Check that version entries follow ## [XX.YY.ZZ] - YYYY-MM-DD format
|
|
||||||
while IFS= read -r LINE; do
|
|
||||||
if ! echo "$LINE" | grep -qP '^\#\#\s*\[[0-9]{2}\.[0-9]{2}\.[0-9]{2}\]\s*-\s*[0-9]{4}-[0-9]{2}-[0-9]{2}'; then
|
|
||||||
echo "Malformed version header: \`${LINE}\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo " Expected format: \`## [XX.YY.ZZ] - YYYY-MM-DD\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done < <(grep -P '^\#\#\s*\[' CHANGELOG.md)
|
|
||||||
|
|
||||||
ENTRY_COUNT=$(grep -cP '^\#\#\s*\[' CHANGELOG.md || echo "0")
|
|
||||||
if [ "$ENTRY_COUNT" -eq 0 ]; then
|
|
||||||
echo "No version entries found in CHANGELOG.md." >> $GITHUB_STEP_SUMMARY
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
else
|
|
||||||
echo "Found ${ENTRY_COUNT} version entr(ies) in CHANGELOG.md." >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
if [ "${ERRORS}" -gt 0 ]; then
|
|
||||||
echo "**${ERRORS} format issue(s) found.**" >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "**Changelog format validation passed.**" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
@@ -1,197 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: MokoStandards.CI
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
|
|
||||||
# PATH: /.gitea/workflows/ci-generic.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: CI pipeline — lint, validate, and test for generic projects (PHP + Node.js)
|
|
||||||
|
|
||||||
name: "Generic: Project CI"
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- dev
|
|
||||||
- dev/**
|
|
||||||
- rc/**
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
# ── Lint & Validate ───────────────────────────────────────────────────
|
|
||||||
lint:
|
|
||||||
name: Lint & Validate
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Detect toolchain
|
|
||||||
id: detect
|
|
||||||
run: |
|
|
||||||
HAS_PHP=false
|
|
||||||
HAS_NODE=false
|
|
||||||
[ -f "composer.json" ] && HAS_PHP=true
|
|
||||||
[ -f "package.json" ] && HAS_NODE=true
|
|
||||||
echo "has_php=$HAS_PHP" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "has_node=$HAS_NODE" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "Toolchain: PHP=$HAS_PHP Node=$HAS_NODE"
|
|
||||||
|
|
||||||
- name: Setup PHP
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
if ! command -v php &> /dev/null; then
|
|
||||||
sudo apt-get update -qq
|
|
||||||
sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
php -v
|
|
||||||
|
|
||||||
- name: Setup Node.js
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: '20'
|
|
||||||
|
|
||||||
- name: Install PHP dependencies
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "composer.json" ]; then
|
|
||||||
composer install --no-interaction --prefer-dist --quiet 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Install Node.js dependencies
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "package.json" ]; then
|
|
||||||
npm ci --quiet 2>/dev/null || npm install --quiet 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: PHP syntax check
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
while IFS= read -r -d '' file; do
|
|
||||||
if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
|
|
||||||
echo "::error file=${file}::PHP syntax error"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -not -path "./node_modules/*" -print0)
|
|
||||||
|
|
||||||
echo "## PHP Lint" >> $GITHUB_STEP_SUMMARY
|
|
||||||
if [ "$ERRORS" -eq 0 ]; then
|
|
||||||
echo "All PHP files passed syntax check." >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "${ERRORS} file(s) with syntax errors." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: TypeScript/JavaScript lint
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "node_modules/.bin/eslint" ]; then
|
|
||||||
npx eslint src/ --quiet 2>&1 || { echo "::error::ESLint errors found"; exit 1; }
|
|
||||||
echo "## ESLint" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "All files passed ESLint." >> $GITHUB_STEP_SUMMARY
|
|
||||||
elif [ -f ".eslintrc.json" ] || [ -f ".eslintrc.js" ] || [ -f "eslint.config.js" ]; then
|
|
||||||
echo "::warning::ESLint config found but eslint not installed"
|
|
||||||
else
|
|
||||||
echo "No ESLint configured — skipping"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: TypeScript compile check
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "tsconfig.json" ] && [ -f "node_modules/.bin/tsc" ]; then
|
|
||||||
npx tsc --noEmit 2>&1 || { echo "::error::TypeScript compilation errors"; exit 1; }
|
|
||||||
echo "## TypeScript" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "TypeScript compilation passed." >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: PHPStan static analysis
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "phpstan.neon" ] && [ -f "vendor/bin/phpstan" ]; then
|
|
||||||
vendor/bin/phpstan analyse --no-progress 2>&1 || { echo "::warning::PHPStan found issues"; }
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Tests ─────────────────────────────────────────────────────────────
|
|
||||||
test:
|
|
||||||
name: Tests
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: lint
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Detect toolchain
|
|
||||||
id: detect
|
|
||||||
run: |
|
|
||||||
HAS_PHP=false
|
|
||||||
HAS_NODE=false
|
|
||||||
[ -f "composer.json" ] && HAS_PHP=true
|
|
||||||
[ -f "package.json" ] && HAS_NODE=true
|
|
||||||
echo "has_php=$HAS_PHP" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "has_node=$HAS_NODE" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
- name: Setup PHP
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
if ! command -v php &> /dev/null; then
|
|
||||||
sudo apt-get update -qq
|
|
||||||
sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Setup Node.js
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: '20'
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
[ -f "composer.json" ] && composer install --no-interaction --prefer-dist --quiet 2>/dev/null || true
|
|
||||||
[ -f "package.json" ] && { npm ci --quiet 2>/dev/null || npm install --quiet 2>/dev/null || true; }
|
|
||||||
|
|
||||||
- name: Run PHP tests
|
|
||||||
if: steps.detect.outputs.has_php == 'true'
|
|
||||||
run: |
|
|
||||||
if [ -f "vendor/bin/phpunit" ]; then
|
|
||||||
vendor/bin/phpunit --testdox 2>&1
|
|
||||||
echo "## PHPUnit" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Tests passed." >> $GITHUB_STEP_SUMMARY
|
|
||||||
elif [ -f "phpunit.xml" ] || [ -f "phpunit.xml.dist" ]; then
|
|
||||||
echo "::warning::PHPUnit config found but phpunit not installed"
|
|
||||||
else
|
|
||||||
echo "No PHPUnit configured — skipping"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Run Node.js tests
|
|
||||||
if: steps.detect.outputs.has_node == 'true'
|
|
||||||
run: |
|
|
||||||
if jq -e '.scripts.test' package.json > /dev/null 2>&1; then
|
|
||||||
npm test 2>&1
|
|
||||||
echo "## Node.js Tests" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Tests passed." >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "No test script in package.json — skipping"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Build check
|
|
||||||
run: |
|
|
||||||
if [ -f "Makefile" ]; then
|
|
||||||
make build 2>&1 || echo "::warning::Build failed or not configured"
|
|
||||||
elif [ -f "package.json" ] && jq -e '.scripts.build' package.json > /dev/null 2>&1; then
|
|
||||||
npm run build 2>&1 || echo "::warning::Build failed"
|
|
||||||
fi
|
|
||||||
@@ -1,68 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Universal
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.mokogitea/workflows/ci-issue-reporter.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Reusable workflow — creates/updates a Gitea issue when a CI gate fails.
|
|
||||||
# Clones MokoCLI and runs cli/ci_issue_reporter.sh.
|
|
||||||
|
|
||||||
name: "Universal: CI Issue Reporter"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_call:
|
|
||||||
inputs:
|
|
||||||
gate:
|
|
||||||
description: "CI gate name (e.g. PR Validation, Repository Health)"
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
details:
|
|
||||||
description: "Human-readable failure description"
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
severity:
|
|
||||||
description: "error or warning"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
default: "error"
|
|
||||||
workflow:
|
|
||||||
description: "Workflow name for the issue title"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
secrets:
|
|
||||||
MOKOGITEA_TOKEN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
report:
|
|
||||||
name: "Report: ${{ inputs.gate }}"
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Clone MokoCLI
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
|
|
||||||
git clone --depth 1 --filter=blob:none --sparse "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
|
|
||||||
cd /tmp/mokocli && git sparse-checkout set cli/ci_issue_reporter.sh
|
|
||||||
|
|
||||||
- name: Report CI failure
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
run: |
|
|
||||||
chmod +x /tmp/mokocli/cli/ci_issue_reporter.sh
|
|
||||||
/tmp/mokocli/cli/ci_issue_reporter.sh \
|
|
||||||
--gate "${{ inputs.gate }}" \
|
|
||||||
--details "${{ inputs.details }}" \
|
|
||||||
--severity "${{ inputs.severity }}" \
|
|
||||||
--workflow "${{ inputs.workflow }}"
|
|
||||||
@@ -1,87 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: MokoStandards.Maintenance
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
|
|
||||||
# PATH: /.gitea/workflows/cleanup.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Scheduled cleanup — delete merged branches and old workflow runs
|
|
||||||
|
|
||||||
name: "Universal: Repository Cleanup"
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 3 * * 0' # Weekly on Sunday at 03:00 UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
cleanup:
|
|
||||||
name: Clean Merged Branches
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
|
|
||||||
- name: Delete merged branches
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
echo "=== Merged Branch Cleanup ==="
|
|
||||||
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
|
|
||||||
|
|
||||||
# List branches via API
|
|
||||||
BRANCHES=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
|
|
||||||
"${API}/branches?limit=50" | jq -r '.[].name')
|
|
||||||
|
|
||||||
DELETED=0
|
|
||||||
for BRANCH in $BRANCHES; do
|
|
||||||
# Skip protected branches
|
|
||||||
case "$BRANCH" in
|
|
||||||
main|master|develop|release/*|hotfix/*) continue ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Check if branch is merged into main
|
|
||||||
if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
|
|
||||||
echo " Deleting merged branch: ${BRANCH}"
|
|
||||||
curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
|
|
||||||
"${API}/branches/${BRANCH}" 2>/dev/null || true
|
|
||||||
DELETED=$((DELETED + 1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Deleted ${DELETED} merged branch(es)"
|
|
||||||
|
|
||||||
- name: Clean old workflow runs
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
echo "=== Workflow Run Cleanup ==="
|
|
||||||
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
|
|
||||||
CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)
|
|
||||||
|
|
||||||
# Get old completed runs
|
|
||||||
RUNS=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
|
|
||||||
"${API}/actions/runs?status=completed&limit=50" | \
|
|
||||||
jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)
|
|
||||||
|
|
||||||
DELETED=0
|
|
||||||
for RUN_ID in $RUNS; do
|
|
||||||
curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
|
|
||||||
"${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
|
|
||||||
DELETED=$((DELETED + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Deleted ${DELETED} old workflow run(s)"
|
|
||||||
@@ -1,81 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Universal
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.mokogitea/workflows/workflow-sync-trigger.yml
|
|
||||||
# VERSION: 01.01.00
|
|
||||||
# BRIEF: Trigger workflow sync to live repos when a PR is merged to main
|
|
||||||
|
|
||||||
name: "Universal: Workflow Sync Trigger"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
pull_request:
|
|
||||||
types: [closed]
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
sync:
|
|
||||||
name: Sync workflows to live repos
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
github.event_name == 'workflow_dispatch' ||
|
|
||||||
(github.event.pull_request.merged == true &&
|
|
||||||
!contains(github.event.pull_request.title, '[skip sync]'))
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Determine platform from repo name
|
|
||||||
id: platform
|
|
||||||
run: |
|
|
||||||
REPO="${{ github.event.repository.name }}"
|
|
||||||
case "$REPO" in
|
|
||||||
Template-Joomla) PLATFORM="joomla" ;;
|
|
||||||
Template-Dolibarr) PLATFORM="dolibarr" ;;
|
|
||||||
Template-Go) PLATFORM="go" ;;
|
|
||||||
Template-MCP) PLATFORM="mcp" ;;
|
|
||||||
Template-Generic) PLATFORM="" ;;
|
|
||||||
*) PLATFORM="" ;;
|
|
||||||
esac
|
|
||||||
echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "Platform: ${PLATFORM:-all}"
|
|
||||||
|
|
||||||
- name: Clone mokocli
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
|
|
||||||
git clone --depth 1 "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
|
|
||||||
|
|
||||||
- name: Install PHP
|
|
||||||
run: |
|
|
||||||
if ! command -v php &> /dev/null; then
|
|
||||||
apt-get update -qq && apt-get install -y -qq php-cli php-json php-curl > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
cd /tmp/mokocli
|
|
||||||
composer install --no-dev --no-interaction --quiet 2>/dev/null || true
|
|
||||||
|
|
||||||
- name: Run workflow sync
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
ARGS="--token ${MOKOGITEA_TOKEN}"
|
|
||||||
ARGS="${ARGS} --org ${{ vars.GITEA_ORG || github.repository_owner }}"
|
|
||||||
ARGS="${ARGS} --phase repos"
|
|
||||||
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
if [ -n "$PLATFORM" ]; then
|
|
||||||
ARGS="${ARGS} --platform-filter ${PLATFORM}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
php /tmp/mokocli/cli/workflow_sync.php ${ARGS}
|
|
||||||
@@ -1,92 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: MokoStandards.Security
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
|
|
||||||
# PATH: /templates/workflows/gitleaks.yml.template
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Secret scanning — detect leaked credentials, API keys, and tokens
|
|
||||||
#
|
|
||||||
# +========================================================================+
|
|
||||||
# | SECRET SCANNING |
|
|
||||||
# +========================================================================+
|
|
||||||
# | |
|
|
||||||
# | Scans commits for leaked secrets using Gitleaks. |
|
|
||||||
# | |
|
|
||||||
# | - PR scan: only new commits in the PR |
|
|
||||||
# | - Scheduled: full repo scan weekly |
|
|
||||||
# | - Alerts via ntfy on findings |
|
|
||||||
# | |
|
|
||||||
# +========================================================================+
|
|
||||||
|
|
||||||
name: "Universal: Secret Scanning"
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 5 * * 1' # Weekly Monday 05:00 UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
env:
|
|
||||||
NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
|
|
||||||
NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-security' }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
gitleaks:
|
|
||||||
name: Gitleaks Secret Scan
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Install Gitleaks
|
|
||||||
run: |
|
|
||||||
GITLEAKS_VERSION="8.21.2"
|
|
||||||
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
|
|
||||||
| tar -xz -C /usr/local/bin gitleaks
|
|
||||||
gitleaks version
|
|
||||||
|
|
||||||
- name: Scan for secrets
|
|
||||||
id: scan
|
|
||||||
run: |
|
|
||||||
echo "### Secret Scanning" >> $GITHUB_STEP_SUMMARY
|
|
||||||
ARGS="--source . --verbose --report-format json --report-path /tmp/gitleaks-report.json"
|
|
||||||
|
|
||||||
if [ "${{ github.event_name }}" = "pull_request" ]; then
|
|
||||||
# Scan only PR commits
|
|
||||||
ARGS="$ARGS --log-opts=${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}"
|
|
||||||
echo "Scanning PR commits only" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "Full repository scan" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
|
|
||||||
if gitleaks detect $ARGS 2>&1; then
|
|
||||||
echo "result=clean" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "**No secrets detected.**" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "result=found" >> "$GITHUB_OUTPUT"
|
|
||||||
FINDINGS=$(jq length /tmp/gitleaks-report.json 2>/dev/null || echo "unknown")
|
|
||||||
echo "**${FINDINGS} potential secret(s) detected.**" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Review the findings and rotate any exposed credentials immediately." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Notify on findings
|
|
||||||
if: failure() && steps.scan.outputs.result == 'found'
|
|
||||||
run: |
|
|
||||||
REPO="${{ github.event.repository.name }}"
|
|
||||||
curl -sS \
|
|
||||||
-H "Title: ${REPO} — secrets detected in code" \
|
|
||||||
-H "Tags: rotating_light,key" \
|
|
||||||
-H "Priority: urgent" \
|
|
||||||
-d "Gitleaks found potential secrets. Review and rotate credentials immediately." \
|
|
||||||
"${NTFY_URL}/${NTFY_TOPIC}" || true
|
|
||||||
@@ -1,73 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Automation
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Auto-create feature branch when an issue is opened
|
|
||||||
|
|
||||||
name: "Universal: Issue Branch"
|
|
||||||
|
|
||||||
on:
|
|
||||||
issues:
|
|
||||||
types: [opened]
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
issues: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
create-branch:
|
|
||||||
name: Create feature branch
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Create branch and comment
|
|
||||||
run: |
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
|
|
||||||
ISSUE_NUM="${{ github.event.issue.number }}"
|
|
||||||
ISSUE_TITLE="${{ github.event.issue.title }}"
|
|
||||||
|
|
||||||
# Build slug from title: lowercase, replace non-alnum with dash, trim
|
|
||||||
SLUG=$(echo "${ISSUE_TITLE}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/--*/-/g' | sed 's/^-//;s/-$//' | cut -c1-40)
|
|
||||||
BRANCH="feature/${ISSUE_NUM}-${SLUG}"
|
|
||||||
|
|
||||||
# Check dev branch exists
|
|
||||||
DEV_EXISTS=$(curl -sf -o /dev/null -w '%{http_code}' \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API}/branches/dev" 2>/dev/null || echo "000")
|
|
||||||
|
|
||||||
if [ "${DEV_EXISTS}" != "200" ]; then
|
|
||||||
echo "No dev branch -- skipping"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create branch from dev
|
|
||||||
HTTP=$(curl -sf -o /dev/null -w '%{http_code}' -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API}/branches" \
|
|
||||||
-d "{\"new_branch_name\":\"${BRANCH}\",\"old_branch_name\":\"dev\"}" 2>/dev/null || echo "000")
|
|
||||||
|
|
||||||
if [ "${HTTP}" = "201" ]; then
|
|
||||||
echo "Created branch: ${BRANCH}"
|
|
||||||
|
|
||||||
# Comment on issue with branch link
|
|
||||||
REPO_URL="${MOKOGITEA_URL}/${{ github.repository }}"
|
|
||||||
BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"
|
|
||||||
|
|
||||||
curl -sf -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API}/issues/${ISSUE_NUM}/comments" \
|
|
||||||
-d "{\"body\":\"${BODY}\"}" > /dev/null 2>&1
|
|
||||||
|
|
||||||
echo "Commented on issue #${ISSUE_NUM}"
|
|
||||||
else
|
|
||||||
echo "Failed to create branch (HTTP ${HTTP}) -- may already exist"
|
|
||||||
fi
|
|
||||||
@@ -1,279 +0,0 @@
|
|||||||
# MCP Server Auto-Release
|
|
||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# MCP-specific release pipeline that builds TypeScript, runs validation,
|
|
||||||
# attaches the compiled dist/ as a release artifact, and creates a GitHub
|
|
||||||
# Release with tool inventory in the release notes.
|
|
||||||
#
|
|
||||||
# This replaces the generic auto-release.yml for MCP server repos.
|
|
||||||
|
|
||||||
name: "MCP: Build & Release"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
paths:
|
|
||||||
- 'src/**'
|
|
||||||
- 'package.json'
|
|
||||||
- 'tsconfig.json'
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
issues: write
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build-and-release:
|
|
||||||
name: Build, Validate & Release
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
!contains(github.event.head_commit.message, '[skip ci]') &&
|
|
||||||
github.actor != 'github-actions[bot]' &&
|
|
||||||
!startsWith(github.event.repository.name, 'Template-')
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GH_TOKEN || github.token }}
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
# ── Build ────────────────────────────────────────────────────────
|
|
||||||
- name: Setup Node.js
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: 20
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: npm ci
|
|
||||||
|
|
||||||
- name: TypeScript compile check
|
|
||||||
run: npx tsc --noEmit
|
|
||||||
|
|
||||||
- name: Build
|
|
||||||
run: npm run build
|
|
||||||
|
|
||||||
- name: Verify dist output
|
|
||||||
run: |
|
|
||||||
for f in index.js client.js config.js types.js; do
|
|
||||||
test -f "dist/${f}" || (echo "ERROR: dist/${f} not found" && exit 1)
|
|
||||||
done
|
|
||||||
echo "✓ All dist files present"
|
|
||||||
|
|
||||||
# ── Tool Inventory ───────────────────────────────────────────────
|
|
||||||
- name: Generate tool inventory
|
|
||||||
id: tools
|
|
||||||
run: |
|
|
||||||
TOOL_COUNT=$(grep -c "server\.tool(" src/index.ts || echo "0")
|
|
||||||
echo "count=${TOOL_COUNT}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
# Extract tool names
|
|
||||||
TOOL_LIST=$(grep -oE "'[a-z_]+'" src/index.ts | head -100 | tr -d "'" | sort -u)
|
|
||||||
echo "Tools registered: ${TOOL_COUNT}"
|
|
||||||
|
|
||||||
# Generate inventory for release notes
|
|
||||||
echo "## Tool Inventory (${TOOL_COUNT} tools)" > /tmp/tool-inventory.md
|
|
||||||
echo "" >> /tmp/tool-inventory.md
|
|
||||||
grep -B0 -A1 "server\.tool(" src/index.ts | grep -oE "'[^']+'" | while IFS= read -r name; do
|
|
||||||
read -r desc 2>/dev/null || true
|
|
||||||
CLEAN_NAME=$(echo "$name" | tr -d "'")
|
|
||||||
CLEAN_DESC=$(echo "$desc" | tr -d "'" | sed 's/,$//')
|
|
||||||
if [ -n "$CLEAN_NAME" ] && [ -n "$CLEAN_DESC" ]; then
|
|
||||||
echo "- \`${CLEAN_NAME}\` — ${CLEAN_DESC}" >> /tmp/tool-inventory.md
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# ── Version ──────────────────────────────────────────────────────
|
|
||||||
- name: Setup mokocli tools
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_TOKEN || github.token }}
|
|
||||||
COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_TOKEN || github.token }}"}}'
|
|
||||||
run: |
|
|
||||||
git clone --depth 1 --branch version/04 --quiet \
|
|
||||||
"https://x-access-token:${GH_TOKEN}@github.com/MokoConsulting/MokoCLI.git" \
|
|
||||||
/tmp/mokostandards
|
|
||||||
cd /tmp/mokostandards
|
|
||||||
composer install --no-dev --no-interaction --quiet
|
|
||||||
|
|
||||||
- name: Read version from README.md
|
|
||||||
id: version
|
|
||||||
run: |
|
|
||||||
VERSION=$(php /tmp/mokostandards/api/cli/version_read.php --path . 2>/dev/null)
|
|
||||||
if [ -z "$VERSION" ]; then
|
|
||||||
echo "No VERSION in README.md — skipping release"
|
|
||||||
echo "skip=true" >> "$GITHUB_OUTPUT"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
MAJOR=$(echo "$VERSION" | awk -F. '{print $1}')
|
|
||||||
MINOR=$(echo "$VERSION" | awk -F. '{printf "%s.%s", $1, $2}')
|
|
||||||
PATCH=$(echo "$VERSION" | awk -F. '{print $3}')
|
|
||||||
|
|
||||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "branch=version/${MAJOR}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "minor=$MINOR" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "release_tag=v${MAJOR}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
if [ "$PATCH" = "00" ]; then
|
|
||||||
echo "skip=true" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "skip=false" >> "$GITHUB_OUTPUT"
|
|
||||||
if [ "$PATCH" = "01" ]; then
|
|
||||||
echo "is_first=true" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "is_first=false" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Check if already released
|
|
||||||
if: steps.version.outputs.skip != 'true'
|
|
||||||
id: check
|
|
||||||
run: |
|
|
||||||
TAG="${{ steps.version.outputs.release_tag }}"
|
|
||||||
TAG_EXISTS=false
|
|
||||||
git rev-parse "$TAG" >/dev/null 2>&1 && TAG_EXISTS=true
|
|
||||||
echo "tag_exists=$TAG_EXISTS" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
# ── Release Artifact ─────────────────────────────────────────────
|
|
||||||
- name: Package dist
|
|
||||||
if: steps.version.outputs.skip != 'true'
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
REPO_NAME="${{ github.event.repository.name }}"
|
|
||||||
tar -czf "/tmp/${REPO_NAME}-${VERSION}.tar.gz" -C dist .
|
|
||||||
echo "artifact=/tmp/${REPO_NAME}-${VERSION}.tar.gz" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
# ── Version Updates ──────────────────────────────────────────────
|
|
||||||
- name: Set platform version
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
steps.check.outputs.tag_exists != 'true'
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
php /tmp/mokostandards/api/cli/version_set_platform.php \
|
|
||||||
--path . --version "$VERSION" --branch main
|
|
||||||
|
|
||||||
- name: Update version badges
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
steps.check.outputs.tag_exists != 'true'
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
find . -name "*.md" ! -path "./.git/*" ! -path "./vendor/*" | while read -r f; do
|
|
||||||
if grep -q '\[VERSION:' "$f" 2>/dev/null; then
|
|
||||||
sed -i "s/\[VERSION:[[:space:]]*[0-9]\{2\}\.[0-9]\{2\}\.[0-9]\{2\}\]/[VERSION: ${VERSION}]/" "$f"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
- name: Commit release changes
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
steps.check.outputs.tag_exists != 'true'
|
|
||||||
run: |
|
|
||||||
if git diff --quiet && git diff --cached --quiet; then
|
|
||||||
echo "No changes to commit"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
git config --local user.email "github-actions[bot]@users.noreply.github.com"
|
|
||||||
git config --local user.name "github-actions[bot]"
|
|
||||||
git add -A
|
|
||||||
git commit -m "chore(release): build ${VERSION} [skip ci]" \
|
|
||||||
--author="github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
|
|
||||||
git push
|
|
||||||
|
|
||||||
# ── Version Branch ───────────────────────────────────────────────
|
|
||||||
- name: Archive version branch
|
|
||||||
if: steps.check.outputs.tag_exists != 'true'
|
|
||||||
run: |
|
|
||||||
BRANCH="${{ steps.version.outputs.branch }}"
|
|
||||||
git push origin HEAD:"$BRANCH" --force
|
|
||||||
echo "Updated archive branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# ── Tag & Release ────────────────────────────────────────────────
|
|
||||||
- name: Create git tag
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
steps.check.outputs.tag_exists != 'true' &&
|
|
||||||
steps.version.outputs.is_first == 'true'
|
|
||||||
run: |
|
|
||||||
TAG="${{ steps.version.outputs.release_tag }}"
|
|
||||||
if ! git rev-parse "$TAG" >/dev/null 2>&1; then
|
|
||||||
git tag "$TAG"
|
|
||||||
git push origin "$TAG"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: GitHub Release
|
|
||||||
if: >-
|
|
||||||
steps.version.outputs.skip != 'true' &&
|
|
||||||
steps.check.outputs.tag_exists != 'true'
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_TOKEN || github.token }}
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
|
|
||||||
MAJOR="${{ steps.version.outputs.major }}"
|
|
||||||
BRANCH="${{ steps.version.outputs.branch }}"
|
|
||||||
TOOL_COUNT="${{ steps.tools.outputs.count }}"
|
|
||||||
REPO_NAME="${{ github.event.repository.name }}"
|
|
||||||
|
|
||||||
# Build release notes
|
|
||||||
NOTES=$(php /tmp/mokostandards/api/cli/release_notes.php --path . --version "$VERSION" 2>/dev/null)
|
|
||||||
[ -z "$NOTES" ] && NOTES="Release ${VERSION}"
|
|
||||||
|
|
||||||
{
|
|
||||||
echo "$NOTES"
|
|
||||||
echo ""
|
|
||||||
echo "---"
|
|
||||||
echo ""
|
|
||||||
echo "### MCP Server Info"
|
|
||||||
echo "- **Tools registered**: ${TOOL_COUNT}"
|
|
||||||
echo "- **Node.js**: 20+"
|
|
||||||
echo "- **MCP SDK**: $(node -p \"require('./package.json').dependencies['@modelcontextprotocol/sdk']\" 2>/dev/null || echo 'unknown')"
|
|
||||||
echo ""
|
|
||||||
cat /tmp/tool-inventory.md 2>/dev/null || true
|
|
||||||
} > /tmp/release_notes.md
|
|
||||||
|
|
||||||
EXISTING=$(gh release view "$RELEASE_TAG" --json tagName -q .tagName 2>/dev/null || true)
|
|
||||||
|
|
||||||
ARTIFACT="/tmp/${REPO_NAME}-${VERSION}.tar.gz"
|
|
||||||
|
|
||||||
if [ -z "$EXISTING" ]; then
|
|
||||||
gh release create "$RELEASE_TAG" \
|
|
||||||
--title "v${MAJOR} (latest: ${VERSION})" \
|
|
||||||
--notes-file /tmp/release_notes.md \
|
|
||||||
--target "$BRANCH" \
|
|
||||||
"$ARTIFACT"
|
|
||||||
echo "Release created: ${RELEASE_TAG} (${VERSION})" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
gh release edit "$RELEASE_TAG" \
|
|
||||||
--title "v${MAJOR} (latest: ${VERSION})" \
|
|
||||||
--notes-file /tmp/release_notes.md
|
|
||||||
gh release upload "$RELEASE_TAG" "$ARTIFACT" --clobber 2>/dev/null || true
|
|
||||||
echo "Release updated: ${RELEASE_TAG} -> ${VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Summary ──────────────────────────────────────────────────────
|
|
||||||
- name: Pipeline Summary
|
|
||||||
if: always()
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.version.outputs.version }}"
|
|
||||||
TOOL_COUNT="${{ steps.tools.outputs.count }}"
|
|
||||||
if [ "${{ steps.version.outputs.skip }}" = "true" ]; then
|
|
||||||
echo "## Release Skipped" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "## MCP Release Complete" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Detail | Value |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Tools | ${TOOL_COUNT} |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Tag | \`${{ steps.version.outputs.release_tag }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
@@ -1,66 +0,0 @@
|
|||||||
# MCP Server Build & Validation
|
|
||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# Builds the MCP server, validates TypeScript compilation, and checks
|
|
||||||
# that tools are properly registered with valid Zod schemas.
|
|
||||||
|
|
||||||
name: "MCP: Build & Validate"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [main, dev/**]
|
|
||||||
paths: ['src/**', 'package.json', 'tsconfig.json']
|
|
||||||
pull_request:
|
|
||||||
branches: [main]
|
|
||||||
paths: ['src/**', 'package.json', 'tsconfig.json']
|
|
||||||
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
node-version: [20, 22]
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Setup Node.js ${{ matrix.node-version }}
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: ${{ matrix.node-version }}
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: npm ci
|
|
||||||
|
|
||||||
- name: TypeScript compile
|
|
||||||
run: npx tsc --noEmit
|
|
||||||
|
|
||||||
- name: Build
|
|
||||||
run: npm run build
|
|
||||||
|
|
||||||
- name: Verify dist output exists
|
|
||||||
run: |
|
|
||||||
test -f dist/index.js || (echo "ERROR: dist/index.js not found" && exit 1)
|
|
||||||
test -f dist/client.js || (echo "ERROR: dist/client.js not found" && exit 1)
|
|
||||||
test -f dist/config.js || (echo "ERROR: dist/config.js not found" && exit 1)
|
|
||||||
test -f dist/types.js || (echo "ERROR: dist/types.js not found" && exit 1)
|
|
||||||
echo "✓ All required dist files present"
|
|
||||||
|
|
||||||
- name: Verify shebang in index.js
|
|
||||||
run: |
|
|
||||||
head -1 dist/index.js | grep -q "#!/usr/bin/env node" || echo "WARNING: Missing shebang in dist/index.js"
|
|
||||||
|
|
||||||
- name: Count registered tools
|
|
||||||
run: |
|
|
||||||
TOOL_COUNT=$(grep -c "server\.tool(" src/index.ts || true)
|
|
||||||
echo "Registered tools: ${TOOL_COUNT}"
|
|
||||||
if [ "${TOOL_COUNT}" -eq 0 ]; then
|
|
||||||
echo "ERROR: No tools registered in src/index.ts"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
@@ -1,110 +0,0 @@
|
|||||||
# MCP SDK Version Check
|
|
||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# Weekly check for MCP SDK updates. Creates an issue when a new version
|
|
||||||
# of @modelcontextprotocol/sdk is available.
|
|
||||||
|
|
||||||
name: "MCP: SDK Version Check"
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 9 * * 1' # Every Monday at 9am UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check-sdk:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Setup Node.js
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: 20
|
|
||||||
|
|
||||||
- name: Check for SDK updates
|
|
||||||
id: sdk-check
|
|
||||||
run: |
|
|
||||||
CURRENT=$(node -p "require('./package.json').dependencies['@modelcontextprotocol/sdk']" | sed 's/[\^~]//')
|
|
||||||
LATEST=$(npm view @modelcontextprotocol/sdk version 2>/dev/null || echo "unknown")
|
|
||||||
|
|
||||||
echo "current=${CURRENT}" >> $GITHUB_OUTPUT
|
|
||||||
echo "latest=${LATEST}" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
if [ "${CURRENT}" != "${LATEST}" ] && [ "${LATEST}" != "unknown" ]; then
|
|
||||||
echo "update_available=true" >> $GITHUB_OUTPUT
|
|
||||||
echo "MCP SDK update available: ${CURRENT} → ${LATEST}"
|
|
||||||
else
|
|
||||||
echo "update_available=false" >> $GITHUB_OUTPUT
|
|
||||||
echo "MCP SDK is up to date: ${CURRENT}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Check for Zod updates
|
|
||||||
id: zod-check
|
|
||||||
run: |
|
|
||||||
CURRENT=$(node -p "require('./package.json').dependencies['zod']" | sed 's/[\^~]//')
|
|
||||||
LATEST=$(npm view zod version 2>/dev/null || echo "unknown")
|
|
||||||
|
|
||||||
echo "current=${CURRENT}" >> $GITHUB_OUTPUT
|
|
||||||
echo "latest=${LATEST}" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
if [ "${CURRENT}" != "${LATEST}" ] && [ "${LATEST}" != "unknown" ]; then
|
|
||||||
echo "update_available=true" >> $GITHUB_OUTPUT
|
|
||||||
else
|
|
||||||
echo "update_available=false" >> $GITHUB_OUTPUT
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Create update issue
|
|
||||||
if: steps.sdk-check.outputs.update_available == 'true'
|
|
||||||
uses: actions/github-script@v7
|
|
||||||
with:
|
|
||||||
script: |
|
|
||||||
const title = `chore(deps): update @modelcontextprotocol/sdk ${process.env.CURRENT} → ${process.env.LATEST}`;
|
|
||||||
const body = [
|
|
||||||
'## MCP SDK Update Available',
|
|
||||||
'',
|
|
||||||
`| Package | Current | Latest |`,
|
|
||||||
`|---------|---------|--------|`,
|
|
||||||
`| @modelcontextprotocol/sdk | ${process.env.CURRENT} | ${process.env.LATEST} |`,
|
|
||||||
`| zod | ${process.env.ZOD_CURRENT} | ${process.env.ZOD_LATEST} |`,
|
|
||||||
'',
|
|
||||||
'### Steps',
|
|
||||||
'1. Update package.json',
|
|
||||||
'2. Run `npm install`',
|
|
||||||
'3. Run `npm run build` to verify compilation',
|
|
||||||
'4. Test all tools against target API',
|
|
||||||
'',
|
|
||||||
'### Changelog',
|
|
||||||
`https://github.com/modelcontextprotocol/typescript-sdk/releases`,
|
|
||||||
].join('\n');
|
|
||||||
|
|
||||||
// Check for existing open issue
|
|
||||||
const existing = await github.rest.issues.listForRepo({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
state: 'open',
|
|
||||||
labels: 'api-change',
|
|
||||||
});
|
|
||||||
|
|
||||||
const alreadyExists = existing.data.some(i => i.title.includes('@modelcontextprotocol/sdk'));
|
|
||||||
if (!alreadyExists) {
|
|
||||||
await github.rest.issues.create({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
title,
|
|
||||||
body,
|
|
||||||
labels: ['api-change', 'chore'],
|
|
||||||
});
|
|
||||||
}
|
|
||||||
env:
|
|
||||||
CURRENT: ${{ steps.sdk-check.outputs.current }}
|
|
||||||
LATEST: ${{ steps.sdk-check.outputs.latest }}
|
|
||||||
ZOD_CURRENT: ${{ steps.zod-check.outputs.current }}
|
|
||||||
ZOD_LATEST: ${{ steps.zod-check.outputs.latest }}
|
|
||||||
@@ -1,61 +0,0 @@
|
|||||||
# MCP Tool Inventory
|
|
||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# Generates a tool inventory report on each push to main.
|
|
||||||
# Extracts tool names, descriptions, and parameter counts from src/index.ts.
|
|
||||||
|
|
||||||
name: "MCP: Tool Inventory"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [main]
|
|
||||||
paths: ['src/index.ts']
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
inventory:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Generate tool inventory
|
|
||||||
run: |
|
|
||||||
echo "# MCP Tool Inventory" > TOOLS.md
|
|
||||||
echo "" >> TOOLS.md
|
|
||||||
echo "Auto-generated from \`src/index.ts\` on $(date -u +%Y-%m-%dT%H:%M:%SZ)" >> TOOLS.md
|
|
||||||
echo "" >> TOOLS.md
|
|
||||||
|
|
||||||
# Count tools
|
|
||||||
TOOL_COUNT=$(grep -c "server\.tool(" src/index.ts || true)
|
|
||||||
echo "**Total tools: ${TOOL_COUNT}**" >> TOOLS.md
|
|
||||||
echo "" >> TOOLS.md
|
|
||||||
|
|
||||||
# Extract tool names and descriptions
|
|
||||||
echo "| Tool | Description |" >> TOOLS.md
|
|
||||||
echo "|------|-------------|" >> TOOLS.md
|
|
||||||
|
|
||||||
grep -A1 "server\.tool(" src/index.ts | grep -E "^\s*'" | while read -r line; do
|
|
||||||
TOOL_NAME=$(echo "$line" | sed "s/.*'\([^']*\)'.*/\1/")
|
|
||||||
# Get next line for description
|
|
||||||
DESC=$(grep -A2 "'${TOOL_NAME}'" src/index.ts | grep -E "^\s*'" | tail -1 | sed "s/.*'\([^']*\)'.*/\1/" || echo "")
|
|
||||||
echo "| \`${TOOL_NAME}\` | ${DESC} |" >> TOOLS.md
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "" >> TOOLS.md
|
|
||||||
echo "---" >> TOOLS.md
|
|
||||||
echo "*Generated by MCP Tool Inventory workflow*" >> TOOLS.md
|
|
||||||
|
|
||||||
cat TOOLS.md
|
|
||||||
|
|
||||||
- name: Upload inventory artifact
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
with:
|
|
||||||
name: tool-inventory
|
|
||||||
path: TOOLS.md
|
|
||||||
retention-days: 90
|
|
||||||
@@ -1,70 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: MokoStandards.Notifications
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
|
|
||||||
# PATH: /.gitea/workflows/notify.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Push notifications via ntfy on release success or workflow failure
|
|
||||||
|
|
||||||
name: "Universal: Notifications"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_run:
|
|
||||||
workflows:
|
|
||||||
- "Joomla Build & Release"
|
|
||||||
- "Joomla Extension CI"
|
|
||||||
- "Deploy"
|
|
||||||
types:
|
|
||||||
- completed
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
env:
|
|
||||||
NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
|
|
||||||
NTFY_TOPIC: ${{ vars.NTFY_TOPIC || 'gitea-releases' }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
notify:
|
|
||||||
name: Send Notification
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
github.event.workflow_run.conclusion == 'success' ||
|
|
||||||
github.event.workflow_run.conclusion == 'failure'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Notify on success (releases only)
|
|
||||||
if: >-
|
|
||||||
github.event.workflow_run.conclusion == 'success' &&
|
|
||||||
contains(github.event.workflow_run.name, 'Release')
|
|
||||||
run: |
|
|
||||||
REPO="${{ github.event.repository.name }}"
|
|
||||||
WORKFLOW="${{ github.event.workflow_run.name }}"
|
|
||||||
URL="${{ github.event.workflow_run.html_url }}"
|
|
||||||
|
|
||||||
curl -sS \
|
|
||||||
-H "Title: ${REPO} released" \
|
|
||||||
-H "Tags: white_check_mark,package" \
|
|
||||||
-H "Priority: default" \
|
|
||||||
-H "Click: ${URL}" \
|
|
||||||
-d "${WORKFLOW} completed successfully." \
|
|
||||||
"${NTFY_URL}/${NTFY_TOPIC}"
|
|
||||||
|
|
||||||
- name: Notify on failure
|
|
||||||
if: github.event.workflow_run.conclusion == 'failure'
|
|
||||||
run: |
|
|
||||||
REPO="${{ github.event.repository.name }}"
|
|
||||||
WORKFLOW="${{ github.event.workflow_run.name }}"
|
|
||||||
URL="${{ github.event.workflow_run.html_url }}"
|
|
||||||
|
|
||||||
curl -sS \
|
|
||||||
-H "Title: ${REPO} workflow failed" \
|
|
||||||
-H "Tags: x,warning" \
|
|
||||||
-H "Priority: high" \
|
|
||||||
-H "Click: ${URL}" \
|
|
||||||
-d "${WORKFLOW} failed. Check the run for details." \
|
|
||||||
"${NTFY_URL}/${NTFY_TOPIC}"
|
|
||||||
@@ -1,114 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
name: "Publish to npm"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
env:
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
|
|
||||||
GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
publish:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
!contains(github.event.head_commit.message, '[skip ci]') &&
|
|
||||||
!contains(github.event.head_commit.message, '[skip publish]') &&
|
|
||||||
!startsWith(github.event.repository.name, 'Template-')
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Setup Node.js
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: '20'
|
|
||||||
registry-url: 'https://registry.npmjs.org'
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: npm install
|
|
||||||
|
|
||||||
- name: Build
|
|
||||||
run: npm run build
|
|
||||||
|
|
||||||
- name: Auto-bump patch version
|
|
||||||
run: |
|
|
||||||
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
PKG_NAME=$(node -p "require('./package.json').name")
|
|
||||||
CURRENT=$(node -p "require('./package.json').version")
|
|
||||||
PUBLISHED=$(npm view "${PKG_NAME}@latest" version 2>/dev/null || echo "0.0.0")
|
|
||||||
|
|
||||||
if [ "$CURRENT" != "$PUBLISHED" ]; then
|
|
||||||
echo "Version ${CURRENT} not yet published, using as-is."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Bump locally to get the new version
|
|
||||||
npm version patch --no-git-tag-version
|
|
||||||
NEW_VER=$(node -p "require('./package.json').version")
|
|
||||||
echo "Bumping ${CURRENT} -> ${NEW_VER}"
|
|
||||||
|
|
||||||
# Push via Gitea API: branch + PR + merge
|
|
||||||
BRANCH="chore/npm-version-bump"
|
|
||||||
FILEPATH="package.json"
|
|
||||||
CONTENT=$(base64 -w 0 < package.json)
|
|
||||||
COMMIT_MSG="chore: bump to ${NEW_VER} [skip ci]"
|
|
||||||
|
|
||||||
# Get current file SHA on main
|
|
||||||
FILE_SHA=$(curl -sf -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/contents/${FILEPATH}?ref=main" \
|
|
||||||
| python3 -c "import json,sys; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
|
|
||||||
|
|
||||||
# Create chore branch from main
|
|
||||||
curl -sf -X POST -H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API_BASE}/branches" \
|
|
||||||
-d "{\"new_branch_name\":\"${BRANCH}\",\"old_branch_name\":\"main\"}" 2>/dev/null || true
|
|
||||||
|
|
||||||
# Get file SHA on chore branch (may differ if branch already existed)
|
|
||||||
BRANCH_SHA=$(curl -sf -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/contents/${FILEPATH}?ref=${BRANCH}" \
|
|
||||||
| python3 -c "import json,sys; print(json.load(sys.stdin).get('sha',''))" 2>/dev/null || true)
|
|
||||||
[ -n "$BRANCH_SHA" ] && FILE_SHA="$BRANCH_SHA"
|
|
||||||
|
|
||||||
# Push package.json to chore branch
|
|
||||||
PAYLOAD="{\"content\":\"${CONTENT}\",\"message\":\"${COMMIT_MSG}\",\"branch\":\"${BRANCH}\",\"sha\":\"${FILE_SHA}\"}"
|
|
||||||
HTTP=$(curl -sf -o /dev/null -w "%{http_code}" -X PUT \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "$PAYLOAD" \
|
|
||||||
"${API_BASE}/contents/${FILEPATH}" 2>/dev/null || echo "ERR")
|
|
||||||
echo "File push: HTTP ${HTTP}"
|
|
||||||
|
|
||||||
# Create PR
|
|
||||||
PR_NUM=$(curl -sf -X POST -H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API_BASE}/pulls" \
|
|
||||||
-d "{\"title\":\"${COMMIT_MSG}\",\"head\":\"${BRANCH}\",\"base\":\"main\"}" \
|
|
||||||
| python3 -c "import json,sys; print(json.load(sys.stdin).get('number',''))" 2>/dev/null || true)
|
|
||||||
|
|
||||||
if [ -n "$PR_NUM" ]; then
|
|
||||||
# Merge PR
|
|
||||||
curl -sf -X POST -H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${API_BASE}/pulls/${PR_NUM}/merge" \
|
|
||||||
-d "{\"Do\":\"merge\",\"merge_message_field\":\"${COMMIT_MSG}\"}" 2>/dev/null
|
|
||||||
echo "Version bumped via PR #${PR_NUM} (merged)"
|
|
||||||
else
|
|
||||||
echo "::warning::Could not create PR for version bump — publishing with current version"
|
|
||||||
fi
|
|
||||||
env:
|
|
||||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
||||||
|
|
||||||
- name: Publish
|
|
||||||
run: npm publish --access public
|
|
||||||
env:
|
|
||||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
||||||
@@ -1,521 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.CI
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /templates/workflows/universal/pr-check.yml.template
|
|
||||||
# VERSION: 09.23.00
|
|
||||||
# BRIEF: PR gate — branch policy + code validation before merge
|
|
||||||
|
|
||||||
name: "Universal: PR Check"
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [opened, synchronize, reopened, edited]
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
# ── Branch Policy ──────────────────────────────────────────────────────
|
|
||||||
branch-policy:
|
|
||||||
name: Branch Policy
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Check branch merge target
|
|
||||||
run: |
|
|
||||||
HEAD="${{ github.head_ref }}"
|
|
||||||
BASE="${{ github.base_ref }}"
|
|
||||||
|
|
||||||
echo "PR: ${HEAD} → ${BASE}"
|
|
||||||
|
|
||||||
ALLOWED=true
|
|
||||||
REASON=""
|
|
||||||
|
|
||||||
case "$HEAD" in
|
|
||||||
feature/*|feat/*)
|
|
||||||
if [ "$BASE" != "dev" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="Feature branches must target 'dev', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
fix/*|bugfix/*)
|
|
||||||
if [ "$BASE" != "dev" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="Fix branches must target 'dev', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
patch/*)
|
|
||||||
if [ "$BASE" != "dev" ] && [ "$BASE" != "rc" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="Patch branches must target 'dev' or 'rc', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
hotfix/*)
|
|
||||||
if [ "$BASE" != "dev" ] && [ "$BASE" != "main" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="Hotfix branches can only target 'dev' or 'main', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
rc)
|
|
||||||
if [ "$BASE" != "main" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="RC branch can only merge into 'main', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
dev)
|
|
||||||
if [ "$BASE" != "main" ]; then
|
|
||||||
ALLOWED=false
|
|
||||||
REASON="Dev branch can only merge into 'main', not '${BASE}'"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ "$ALLOWED" = false ]; then
|
|
||||||
echo "::error::${REASON}"
|
|
||||||
echo "## Branch Policy Violation" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "${REASON}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "### Allowed merge paths:" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "- \`feature/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "- \`fix/*\` → \`dev\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "- \`hotfix/*\` → \`dev\` or \`main\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "- \`dev\` → \`main\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "- \`rc/*\` → \`main\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Branch policy: OK (${HEAD} → ${BASE})"
|
|
||||||
echo "## Branch Policy: Passed" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# ── Secret Scanning ──────────────────────────────────────────────────
|
|
||||||
gitleaks:
|
|
||||||
name: Secret Scan
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Install Gitleaks
|
|
||||||
run: |
|
|
||||||
GITLEAKS_VERSION="8.21.2"
|
|
||||||
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
|
|
||||||
| tar -xz -C /usr/local/bin gitleaks
|
|
||||||
|
|
||||||
- name: Scan PR commits for secrets
|
|
||||||
run: |
|
|
||||||
if gitleaks detect --source . --verbose \
|
|
||||||
--log-opts=${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} 2>&1; then
|
|
||||||
echo "**No secrets detected.**" >> $GITHUB_STEP_SUMMARY
|
|
||||||
else
|
|
||||||
echo "::error::Potential secrets detected in PR commits"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Code Validation ────────────────────────────────────────────────────
|
|
||||||
validate:
|
|
||||||
name: Validate PR
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Check for merge conflict markers
|
|
||||||
run: |
|
|
||||||
CONFLICTS=$(grep -rn '<<<<<<< \|>>>>>>> \|^=======$' --include='*.php' --include='*.xml' --include='*.css' --include='*.js' --include='*.json' --include='*.md' --include='*.yml' --include='*.yaml' --include='*.ini' --include='*.txt' . 2>/dev/null | grep -v '.git/' || true)
|
|
||||||
if [ -n "$CONFLICTS" ]; then
|
|
||||||
echo "::error::Merge conflict markers found in source files"
|
|
||||||
echo "## Conflict Markers Found" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "$CONFLICTS" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "No conflict markers found"
|
|
||||||
|
|
||||||
- name: Detect platform
|
|
||||||
id: platform
|
|
||||||
run: |
|
|
||||||
# Read platform from XML manifest (<platform> tag) or plain text fallback
|
|
||||||
PLATFORM=$(sed -n 's/.*<platform>\([^<]*\)<\/platform>.*/\1/p' .mokogitea/manifest.xml 2>/dev/null | head -1)
|
|
||||||
[ -z "$PLATFORM" ] && PLATFORM=$(cat .mokogitea/manifest.xml 2>/dev/null | tr -d '[:space:]')
|
|
||||||
[ -z "$PLATFORM" ] && PLATFORM="generic"
|
|
||||||
echo "platform=$PLATFORM" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
- name: Setup PHP
|
|
||||||
if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
|
|
||||||
run: |
|
|
||||||
if ! command -v php &> /dev/null; then
|
|
||||||
sudo apt-get update -qq
|
|
||||||
sudo apt-get install -y -qq php-cli php-mbstring php-xml >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: PHP syntax check
|
|
||||||
if: steps.platform.outputs.platform == 'joomla' || steps.platform.outputs.platform == 'dolibarr'
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
while IFS= read -r -d '' file; do
|
|
||||||
if ! php -l "$file" 2>&1 | grep -q "No syntax errors"; then
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done < <(find . -name "*.php" -not -path "./.git/*" -not -path "./vendor/*" -print0)
|
|
||||||
echo "PHP lint: ${ERRORS} error(s)"
|
|
||||||
[ "$ERRORS" -eq 0 ] || { echo "::error::PHP syntax errors found"; exit 1; }
|
|
||||||
|
|
||||||
- name: Joomla JEXEC guard check
|
|
||||||
if: steps.platform.outputs.platform == 'joomla'
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
while IFS= read -r -d '' file; do
|
|
||||||
# Skip vendor, node_modules, and index.html stub files
|
|
||||||
case "$file" in ./vendor/*|./node_modules/*) continue ;; esac
|
|
||||||
# Check first 10 lines for JEXEC or JPATH guard
|
|
||||||
if ! head -20 "$file" | grep -qE "defined\s*\(\s*['\"](_JEXEC|JPATH_BASE|\\\\JPATH_PLATFORM)['\"]"; then
|
|
||||||
echo "::error file=${file}::Missing JEXEC guard: ${file}"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done < <(find . -name "*.php" -path "*/src/*" -not -path "./.git/*" -not -path "./vendor/*" -print0)
|
|
||||||
if [ "$ERRORS" -gt 0 ]; then
|
|
||||||
echo "::error::${ERRORS} PHP file(s) missing defined('_JEXEC') or die guard"
|
|
||||||
echo "## JEXEC Guard Check: Failed" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "${ERRORS} file(s) in src/ are missing the Joomla execution guard." >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "JEXEC guard: OK"
|
|
||||||
|
|
||||||
- name: Joomla directory listing protection
|
|
||||||
if: steps.platform.outputs.platform == 'joomla'
|
|
||||||
run: |
|
|
||||||
MISSING=0
|
|
||||||
SOURCE_DIR="src"
|
|
||||||
[ ! -d "$SOURCE_DIR" ] && exit 0
|
|
||||||
while IFS= read -r dir; do
|
|
||||||
if [ ! -f "${dir}/index.html" ]; then
|
|
||||||
echo "::warning::Missing index.html in ${dir} (directory listing protection)"
|
|
||||||
MISSING=$((MISSING + 1))
|
|
||||||
fi
|
|
||||||
done < <(find "$SOURCE_DIR" -type d -not -path "./.git/*" -not -path "*/vendor/*" -not -path "*/node_modules/*")
|
|
||||||
if [ "$MISSING" -gt 0 ]; then
|
|
||||||
echo "## Directory Protection" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "${MISSING} director(ies) missing index.html" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
echo "Directory protection: ${MISSING} missing (advisory)"
|
|
||||||
|
|
||||||
- name: Joomla script file and asset checks
|
|
||||||
if: steps.platform.outputs.platform == 'joomla'
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
|
|
||||||
[ -z "$MANIFEST" ] && exit 0
|
|
||||||
MANIFEST_DIR=$(dirname "$MANIFEST")
|
|
||||||
|
|
||||||
# Check scriptfile exists if declared
|
|
||||||
SCRIPTFILE=$(sed -n 's/.*<scriptfile>\([^<]*\)<\/scriptfile>.*/\1/p' "$MANIFEST" 2>/dev/null)
|
|
||||||
if [ -n "$SCRIPTFILE" ]; then
|
|
||||||
if [ ! -f "${MANIFEST_DIR}/${SCRIPTFILE}" ]; then
|
|
||||||
echo "::error::Manifest declares <scriptfile>${SCRIPTFILE}</scriptfile> but file not found at ${MANIFEST_DIR}/${SCRIPTFILE}"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
else
|
|
||||||
echo "Script file: ${MANIFEST_DIR}/${SCRIPTFILE} (OK)"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Require joomla.asset.json and validate it
|
|
||||||
ASSET_JSON=$(find "$MANIFEST_DIR" -name "joomla.asset.json" -not -path "./.git/*" 2>/dev/null | head -1)
|
|
||||||
if [ -z "$ASSET_JSON" ]; then
|
|
||||||
echo "::error::joomla.asset.json not found — Joomla asset system is required"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
else
|
|
||||||
if command -v php &> /dev/null; then
|
|
||||||
php -r "json_decode(file_get_contents('$ASSET_JSON')); if(json_last_error()!==JSON_ERROR_NONE){echo json_last_error_msg();exit(1);}" 2>&1 || {
|
|
||||||
echo "::error::joomla.asset.json is not valid JSON"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
echo "joomla.asset.json: valid"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Validate all XML files in src/ are well-formed
|
|
||||||
XML_ERRORS=0
|
|
||||||
if command -v php &> /dev/null; then
|
|
||||||
while IFS= read -r -d '' xmlfile; do
|
|
||||||
if ! php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$xmlfile'); if(!\$x){foreach(libxml_get_errors() as \$e) echo trim(\$e->message) . ' in $xmlfile'; exit(1);}" 2>&1; then
|
|
||||||
XML_ERRORS=$((XML_ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done < <(find "$MANIFEST_DIR" -name "*.xml" -not -path "./.git/*" -print0)
|
|
||||||
fi
|
|
||||||
if [ "$XML_ERRORS" -gt 0 ]; then
|
|
||||||
echo "::error::${XML_ERRORS} XML file(s) are malformed"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
else
|
|
||||||
echo "XML well-formedness: OK"
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ "$ERRORS" -gt 0 ] && exit 1
|
|
||||||
echo "Joomla asset checks: OK"
|
|
||||||
|
|
||||||
- name: Validate platform manifest
|
|
||||||
run: |
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
case "$PLATFORM" in
|
|
||||||
joomla)
|
|
||||||
MANIFEST=$(find . -maxdepth 3 -name "*.xml" ! -path "./.git/*" -exec grep -l '<extension' {} \; 2>/dev/null | head -1)
|
|
||||||
if [ -z "$MANIFEST" ]; then
|
|
||||||
echo "::warning::No Joomla manifest found (WaaS site)"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
echo "Manifest: ${MANIFEST}"
|
|
||||||
if command -v php &> /dev/null; then
|
|
||||||
php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('$MANIFEST'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::Manifest XML is malformed"; exit 1; }
|
|
||||||
fi
|
|
||||||
for ELEMENT in name version description; do
|
|
||||||
grep -q "<${ELEMENT}>" "$MANIFEST" || { echo "::error::Missing <${ELEMENT}> in manifest"; exit 1; }
|
|
||||||
done
|
|
||||||
# Block legacy raw/branch update server URLs on MokoGitea
|
|
||||||
RAW_URLS=$(grep -n 'raw/branch' "$MANIFEST" | grep -i 'mokoconsulting\|mokogitea\|git\.mokoconsulting\.tech' || true)
|
|
||||||
if [ -n "$RAW_URLS" ]; then
|
|
||||||
echo "::error::Manifest contains legacy raw/branch update server URL on MokoGitea. Use the Gitea Pages URL instead (e.g. /{REPO}/updates.xml not /{REPO}/raw/branch/main/updates.xml)"
|
|
||||||
echo "$RAW_URLS"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Joomla manifest valid"
|
|
||||||
;;
|
|
||||||
dolibarr)
|
|
||||||
MOD_FILE=$(find . -maxdepth 4 -name "mod*.class.php" ! -path "./.git/*" -exec grep -l 'extends DolibarrModules' {} \; 2>/dev/null | head -1)
|
|
||||||
if [ -z "$MOD_FILE" ]; then
|
|
||||||
echo "::error::No mod*.class.php found"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Dolibarr module: ${MOD_FILE}"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Generic platform — no manifest validation"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
- name: Check update stream format
|
|
||||||
run: |
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
case "$PLATFORM" in
|
|
||||||
joomla)
|
|
||||||
if [ -f "updates.xml" ]; then
|
|
||||||
if command -v php &> /dev/null; then
|
|
||||||
php -r "libxml_use_internal_errors(true); \$x = simplexml_load_file('updates.xml'); if(!\$x){foreach(libxml_get_errors() as \$e) echo \$e->message; exit(1);}" || { echo "::error::updates.xml is malformed"; exit 1; }
|
|
||||||
fi
|
|
||||||
echo "updates.xml valid"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
dolibarr)
|
|
||||||
[ -f "update.txt" ] && echo "update.txt present" || echo "::warning::No update.txt"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
- name: Validate Joomla language files
|
|
||||||
if: steps.platform.outputs.platform == 'joomla'
|
|
||||||
run: |
|
|
||||||
ERRORS=0
|
|
||||||
WARNINGS=0
|
|
||||||
|
|
||||||
# Require both en-GB and en-US language directories
|
|
||||||
LANG_ROOT=$(find . -path "*/language" -type d -not -path "./.git/*" 2>/dev/null | head -1)
|
|
||||||
if [ -z "$LANG_ROOT" ]; then
|
|
||||||
echo "No language/ directory found — skipping"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -d "$LANG_ROOT/en-GB" ]; then
|
|
||||||
echo "::error::Missing en-GB language directory (${LANG_ROOT}/en-GB)"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
if [ ! -d "$LANG_ROOT/en-US" ]; then
|
|
||||||
echo "::error::Missing en-US language directory (${LANG_ROOT}/en-US)"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check that en-GB and en-US have matching .ini files
|
|
||||||
if [ -d "$LANG_ROOT/en-GB" ] && [ -d "$LANG_ROOT/en-US" ]; then
|
|
||||||
for GB_INI in "$LANG_ROOT/en-GB"/*.ini; do
|
|
||||||
[ ! -f "$GB_INI" ] && continue
|
|
||||||
US_INI="$LANG_ROOT/en-US/$(basename "$GB_INI")"
|
|
||||||
if [ ! -f "$US_INI" ]; then
|
|
||||||
echo "::error::$(basename "$GB_INI") exists in en-GB but missing from en-US"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
for US_INI in "$LANG_ROOT/en-US"/*.ini; do
|
|
||||||
[ ! -f "$US_INI" ] && continue
|
|
||||||
GB_INI="$LANG_ROOT/en-GB/$(basename "$US_INI")"
|
|
||||||
if [ ! -f "$GB_INI" ]; then
|
|
||||||
echo "::error::$(basename "$US_INI") exists in en-US but missing from en-GB"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Find all .ini language files
|
|
||||||
INI_FILES=$(find . -path "*/language/*/*.ini" -not -path "./.git/*" 2>/dev/null)
|
|
||||||
if [ -z "$INI_FILES" ]; then
|
|
||||||
echo "No .ini language files found"
|
|
||||||
[ "$ERRORS" -gt 0 ] && exit 1
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Found $(echo "$INI_FILES" | wc -l) language file(s)"
|
|
||||||
|
|
||||||
for FILE in $INI_FILES; do
|
|
||||||
FNAME=$(basename "$FILE")
|
|
||||||
LINENUM=0
|
|
||||||
SEEN_KEYS=""
|
|
||||||
|
|
||||||
while IFS= read -r line || [ -n "$line" ]; do
|
|
||||||
LINENUM=$((LINENUM + 1))
|
|
||||||
|
|
||||||
# Skip empty lines and comments
|
|
||||||
[ -z "$line" ] && continue
|
|
||||||
echo "$line" | grep -qE '^\s*;' && continue
|
|
||||||
echo "$line" | grep -qE '^\s*$' && continue
|
|
||||||
|
|
||||||
# Must match KEY="VALUE" format
|
|
||||||
if ! echo "$line" | grep -qE '^[A-Z_][A-Z0-9_]*=".*"$'; then
|
|
||||||
echo "::error file=${FILE},line=${LINENUM}::Malformed line: ${line}"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Extract key and check for duplicates
|
|
||||||
KEY=$(echo "$line" | sed 's/=.*//')
|
|
||||||
if echo "$SEEN_KEYS" | grep -qx "$KEY"; then
|
|
||||||
echo "::error file=${FILE},line=${LINENUM}::Duplicate key: ${KEY}"
|
|
||||||
ERRORS=$((ERRORS + 1))
|
|
||||||
fi
|
|
||||||
SEEN_KEYS="${SEEN_KEYS}
|
|
||||||
${KEY}"
|
|
||||||
done < "$FILE"
|
|
||||||
|
|
||||||
echo " ${FILE}: checked ${LINENUM} lines"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Cross-check en-GB vs en-US key consistency
|
|
||||||
GB_DIR=$(find . -path "*/language/en-GB" -type d -not -path "./.git/*" 2>/dev/null | head -1)
|
|
||||||
US_DIR=$(find . -path "*/language/en-US" -type d -not -path "./.git/*" 2>/dev/null | head -1)
|
|
||||||
|
|
||||||
if [ -n "$GB_DIR" ] && [ -n "$US_DIR" ]; then
|
|
||||||
for GB_FILE in "$GB_DIR"/*.ini; do
|
|
||||||
[ ! -f "$GB_FILE" ] && continue
|
|
||||||
FNAME=$(basename "$GB_FILE")
|
|
||||||
US_FILE="$US_DIR/$FNAME"
|
|
||||||
[ ! -f "$US_FILE" ] && continue
|
|
||||||
|
|
||||||
GB_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$GB_FILE" 2>/dev/null | sort)
|
|
||||||
US_KEYS=$(grep -oP '^[A-Z_][A-Z0-9_]*(?==)' "$US_FILE" 2>/dev/null | sort)
|
|
||||||
|
|
||||||
# Keys in en-GB but not en-US
|
|
||||||
MISSING_US=$(comm -23 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
|
|
||||||
if [ -n "$MISSING_US" ]; then
|
|
||||||
echo "::warning::Keys in en-GB/$FNAME but missing from en-US/$FNAME:"
|
|
||||||
echo "$MISSING_US" | while read -r k; do echo " - $k"; done
|
|
||||||
WARNINGS=$((WARNINGS + 1))
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Keys in en-US but not en-GB
|
|
||||||
MISSING_GB=$(comm -13 <(echo "$GB_KEYS") <(echo "$US_KEYS"))
|
|
||||||
if [ -n "$MISSING_GB" ]; then
|
|
||||||
echo "::warning::Keys in en-US/$FNAME but missing from en-GB/$FNAME:"
|
|
||||||
echo "$MISSING_GB" | while read -r k; do echo " - $k"; done
|
|
||||||
WARNINGS=$((WARNINGS + 1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
{
|
|
||||||
echo "### Language File Validation"
|
|
||||||
echo "| Metric | Count |"
|
|
||||||
echo "|---|---|"
|
|
||||||
echo "| Files checked | $(echo "$INI_FILES" | wc -l) |"
|
|
||||||
echo "| Errors | ${ERRORS} |"
|
|
||||||
echo "| Warnings | ${WARNINGS} |"
|
|
||||||
} >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
if [ "$ERRORS" -gt 0 ]; then
|
|
||||||
echo "::error::Language validation failed with ${ERRORS} error(s)"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Language files: OK (${WARNINGS} warning(s))"
|
|
||||||
|
|
||||||
- name: Check changelog has unreleased entry
|
|
||||||
run: |
|
|
||||||
if [ ! -f "CHANGELOG.md" ]; then
|
|
||||||
echo "::warning::No CHANGELOG.md found"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
# Check for content under [Unreleased] section
|
|
||||||
if ! grep -q "## \[Unreleased\]" CHANGELOG.md; then
|
|
||||||
echo "::error::CHANGELOG.md missing [Unreleased] section"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# Check there's at least one entry (Added/Changed/Fixed/Removed) under Unreleased
|
|
||||||
UNRELEASED_CONTENT=$(sed -n '/## \[Unreleased\]/,/## \[/p' CHANGELOG.md | grep -cE '^\s*-\s' || true)
|
|
||||||
if [ "$UNRELEASED_CONTENT" -eq 0 ]; then
|
|
||||||
echo "::error::CHANGELOG.md [Unreleased] section has no entries. Add a changelog entry describing your changes."
|
|
||||||
echo "## Changelog Check: Failed" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "The \`[Unreleased]\` section in CHANGELOG.md has no entries." >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Add a line like \`- Description of your change\` under a heading (\`### Added\`, \`### Changed\`, \`### Fixed\`, etc.)" >> $GITHUB_STEP_SUMMARY
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Changelog: ${UNRELEASED_CONTENT} entry/entries in [Unreleased]"
|
|
||||||
|
|
||||||
- name: Verify package source
|
|
||||||
run: |
|
|
||||||
SOURCE_DIR="src"
|
|
||||||
[ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
|
|
||||||
if [ ! -d "$SOURCE_DIR" ]; then
|
|
||||||
echo "::warning::No src/ or htdocs/ directory"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
FILE_COUNT=$(find "$SOURCE_DIR" -type f | wc -l)
|
|
||||||
echo "Source: ${FILE_COUNT} files"
|
|
||||||
[ "$FILE_COUNT" -gt 0 ] || { echo "::error::Source directory is empty"; exit 1; }
|
|
||||||
|
|
||||||
# ── Pre-Release RC Build ─────────────────────────────────────────────────
|
|
||||||
pre-release:
|
|
||||||
name: Build RC Package
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: [branch-policy, validate]
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Trigger RC pre-release
|
|
||||||
env:
|
|
||||||
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
REPO: ${{ github.repository }}
|
|
||||||
BRANCH: ${{ github.head_ref }}
|
|
||||||
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
run: |
|
|
||||||
curl -s -X POST "${MOKOGITEA_URL}/api/v1/repos/${REPO}/actions/workflows/pre-release.yml/dispatches" -H "Authorization: token ${MOKOGITEA_TOKEN}" -H "Content-Type: application/json" -d "{\"ref\":\"${BRANCH}\",\"inputs\":{\"stability\":\"release-candidate\"}}"
|
|
||||||
echo "### Pre-Release" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Triggered RC build on branch \`${BRANCH}\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# ── Issue Reporter ──────────────────────────────────────────────────────
|
|
||||||
report-issues:
|
|
||||||
name: Report Issues
|
|
||||||
needs: [branch-policy, validate]
|
|
||||||
if: >-
|
|
||||||
always() &&
|
|
||||||
needs.validate.result == 'failure'
|
|
||||||
uses: ./.mokogitea/workflows/ci-issue-reporter.yml
|
|
||||||
with:
|
|
||||||
gate: "PR Validation"
|
|
||||||
workflow: "PR Check"
|
|
||||||
severity: error
|
|
||||||
details: "PR validation failed (syntax, manifest, changelog, or source checks). See the CI run for the specific check that failed."
|
|
||||||
secrets: inherit
|
|
||||||
@@ -1,273 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Release
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /templates/workflows/universal/pre-release.yml.template
|
|
||||||
# VERSION: 05.02.00
|
|
||||||
# BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches
|
|
||||||
|
|
||||||
name: "Universal: Pre-Release"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- dev
|
|
||||||
- 'fix/**'
|
|
||||||
- 'patch/**'
|
|
||||||
- 'hotfix/**'
|
|
||||||
- 'bugfix/**'
|
|
||||||
- 'chore/**'
|
|
||||||
- alpha
|
|
||||||
- beta
|
|
||||||
- rc
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
stability:
|
|
||||||
description: 'Pre-release channel'
|
|
||||||
required: true
|
|
||||||
type: choice
|
|
||||||
options:
|
|
||||||
- development
|
|
||||||
- alpha
|
|
||||||
- beta
|
|
||||||
- release-candidate
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
|
|
||||||
GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: "Build Pre-Release (${{ inputs.stability || github.ref_name }})"
|
|
||||||
runs-on: release
|
|
||||||
if: >-
|
|
||||||
github.event_name == 'workflow_dispatch' ||
|
|
||||||
github.event_name == 'push'
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
ref: ${{ github.ref_name }}
|
|
||||||
submodules: recursive
|
|
||||||
|
|
||||||
- name: Update submodules to main
|
|
||||||
run: |
|
|
||||||
git submodule foreach --quiet 'git checkout main && git pull --quiet origin main' 2>/dev/null || true
|
|
||||||
|
|
||||||
- name: Setup mokocli tools
|
|
||||||
env:
|
|
||||||
MOKO_CLONE_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
MOKO_CLONE_HOST: git.mokoconsulting.tech/MokoConsulting
|
|
||||||
run: |
|
|
||||||
# Use pre-installed /opt/mokocli if available (updated by cron every 6h)
|
|
||||||
if [ -f /opt/mokocli/cli/version_bump.php ] && [ -f /opt/mokocli/cli/manifest_element.php ] && [ -f /opt/mokocli/vendor/autoload.php ]; then
|
|
||||||
echo Using pre-installed /opt/mokocli
|
|
||||||
echo MOKO_CLI=/opt/mokocli/cli >> $GITHUB_ENV
|
|
||||||
else
|
|
||||||
echo Falling back to fresh clone
|
|
||||||
if ! command -v composer > /dev/null 2>&1; then
|
|
||||||
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
rm -rf /tmp/mokocli
|
|
||||||
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
|
|
||||||
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
|
|
||||||
cd /tmp/mokocli && composer install --no-dev --no-interaction --quiet
|
|
||||||
echo MOKO_CLI=/tmp/mokocli/cli >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Detect platform
|
|
||||||
id: platform
|
|
||||||
run: |
|
|
||||||
# Auto-detect and update platform if not set in manifest
|
|
||||||
php ${MOKO_CLI}/platform_detect.php --path . --github-output 2>/dev/null || true
|
|
||||||
php ${MOKO_CLI}/manifest_read.php --path . --github-output
|
|
||||||
|
|
||||||
- name: Check platform eligibility (Joomla only)
|
|
||||||
id: eligibility
|
|
||||||
run: |
|
|
||||||
PLATFORM="${{ steps.platform.outputs.platform }}"
|
|
||||||
if [[ "$PLATFORM" == joomla* ]] || [[ "$PLATFORM" == "joomla" ]]; then
|
|
||||||
echo "proceed=true" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "proceed=false" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "::notice::Platform '$PLATFORM' — non-Joomla, skipping pre-release auto-bump"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Resolve metadata and bump version
|
|
||||||
id: meta
|
|
||||||
if: steps.eligibility.outputs.proceed == 'true'
|
|
||||||
run: |
|
|
||||||
# Auto-detect stability from branch name on push, or use input on dispatch
|
|
||||||
if [ "${{ github.event_name }}" = "push" ]; then
|
|
||||||
case "${{ github.ref_name }}" in
|
|
||||||
rc) STABILITY="release-candidate" ;;
|
|
||||||
alpha) STABILITY="alpha" ;;
|
|
||||||
beta) STABILITY="beta" ;;
|
|
||||||
*) STABILITY="development" ;;
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
STABILITY="${{ inputs.stability || 'development' }}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
case "$STABILITY" in
|
|
||||||
development) SUFFIX="-dev"; TAG="development" ;;
|
|
||||||
alpha) SUFFIX="-alpha"; TAG="alpha" ;;
|
|
||||||
beta) SUFFIX="-beta"; TAG="beta" ;;
|
|
||||||
release-candidate) SUFFIX="-rc"; TAG="release-candidate" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Bump version via CLI: patch for dev/alpha/beta, minor for RC
|
|
||||||
case "$STABILITY" in
|
|
||||||
release-candidate) BUMP="minor" ;;
|
|
||||||
*) BUMP="patch" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
php ${MOKO_CLI}/version_bump.php --path . $([ "$BUMP" = "minor" ] && echo "--minor") 2>/dev/null || true
|
|
||||||
|
|
||||||
# Set stability suffix and verify consistency
|
|
||||||
VERSION=$(php ${MOKO_CLI}/version_read.php --path . 2>/dev/null || echo "00.00.01")
|
|
||||||
VERSION=$(echo "$VERSION" | sed 's/-\(dev\|alpha\|beta\|rc\)$//')
|
|
||||||
|
|
||||||
php ${MOKO_CLI}/version_set_platform.php \
|
|
||||||
--path . --version "$VERSION" --branch "${{ github.ref_name }}" --stability "$STABILITY" 2>/dev/null || true
|
|
||||||
php ${MOKO_CLI}/version_check.php --path . --fix 2>/dev/null || true
|
|
||||||
|
|
||||||
# Ensure licensing tags (updateservers, dlid) if enabled in manifest.xml
|
|
||||||
php ${MOKO_CLI}/manifest_licensing.php --path . --fix 2>/dev/null || true
|
|
||||||
|
|
||||||
# Append suffix for output
|
|
||||||
if [ -n "$SUFFIX" ]; then
|
|
||||||
VERSION="${VERSION}${SUFFIX}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Commit version bump
|
|
||||||
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
|
|
||||||
git config --local user.name "gitea-actions[bot]"
|
|
||||||
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
|
|
||||||
git add -A
|
|
||||||
git diff --cached --quiet || {
|
|
||||||
git commit -m "chore(version): pre-release bump to ${VERSION} [skip ci]"
|
|
||||||
git push origin HEAD 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Auto-detect element via manifest_element.php
|
|
||||||
php ${MOKO_CLI}/manifest_element.php \
|
|
||||||
--path . --version "$VERSION" --stability "$STABILITY" \
|
|
||||||
--repo "${GITEA_REPO}" --github-output
|
|
||||||
|
|
||||||
# Read back element outputs
|
|
||||||
EXT_ELEMENT=$(grep '^ext_element=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
|
|
||||||
ZIP_NAME=$(grep '^zip_name=' "$GITHUB_OUTPUT" | tail -1 | cut -d= -f2)
|
|
||||||
[ -z "$EXT_ELEMENT" ] && EXT_ELEMENT=$(echo "${GITEA_REPO}" | tr '[:upper:]' '[:lower:]' | tr -d ' -')
|
|
||||||
[ -z "$ZIP_NAME" ] && ZIP_NAME="${EXT_ELEMENT}-${VERSION}.zip"
|
|
||||||
|
|
||||||
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "stability=${STABILITY}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "suffix=${SUFFIX}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "zip_name=${ZIP_NAME}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "ext_element=${EXT_ELEMENT}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
echo "=== Pre-Release: ${EXT_ELEMENT} ${VERSION}${SUFFIX} ==="
|
|
||||||
|
|
||||||
- name: Create release
|
|
||||||
id: release
|
|
||||||
if: steps.eligibility.outputs.proceed == 'true'
|
|
||||||
run: |
|
|
||||||
TAG="${{ steps.meta.outputs.tag }}"
|
|
||||||
VERSION="${{ steps.meta.outputs.version }}"
|
|
||||||
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
php ${MOKO_CLI}/release_create.php \
|
|
||||||
--path . --version "$VERSION" --tag "$TAG" \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
|
|
||||||
--repo "${GITEA_REPO}" --branch "${{ github.ref_name }}" --prerelease
|
|
||||||
|
|
||||||
- name: Update release notes from CHANGELOG.md
|
|
||||||
if: steps.eligibility.outputs.proceed == 'true'
|
|
||||||
run: |
|
|
||||||
TAG="${{ steps.meta.outputs.tag }}"
|
|
||||||
VERSION="${{ steps.meta.outputs.version }}"
|
|
||||||
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
|
|
||||||
# Extract [Unreleased] section from changelog (everything between [Unreleased] and next ## heading)
|
|
||||||
if [ -f "CHANGELOG.md" ]; then
|
|
||||||
NOTES=$(awk '/^## \[Unreleased\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md)
|
|
||||||
[ -z "$NOTES" ] && NOTES="Release ${VERSION}"
|
|
||||||
else
|
|
||||||
NOTES="Release ${VERSION}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Update release body via API
|
|
||||||
RELEASE_ID=$(curl -sf -H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
|
|
||||||
"${API_BASE}/releases/tags/${TAG}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
|
|
||||||
|
|
||||||
if [ -n "$RELEASE_ID" ]; then
|
|
||||||
python3 -c "
|
|
||||||
import json, urllib.request
|
|
||||||
body = open('/dev/stdin').read()
|
|
||||||
payload = json.dumps({'body': body}).encode()
|
|
||||||
req = urllib.request.Request(
|
|
||||||
'${API_BASE}/releases/${RELEASE_ID}',
|
|
||||||
data=payload, method='PATCH',
|
|
||||||
headers={
|
|
||||||
'Authorization': 'token ${{ secrets.MOKOGITEA_TOKEN }}',
|
|
||||||
'Content-Type': 'application/json'
|
|
||||||
})
|
|
||||||
urllib.request.urlopen(req)
|
|
||||||
" <<< "$NOTES"
|
|
||||||
echo "Release notes updated from CHANGELOG.md"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Build package and upload
|
|
||||||
id: package
|
|
||||||
if: steps.eligibility.outputs.proceed == 'true'
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.meta.outputs.version }}"
|
|
||||||
TAG="${{ steps.meta.outputs.tag }}"
|
|
||||||
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
php ${MOKO_CLI}/release_package.php \
|
|
||||||
--path . --version "$VERSION" --tag "$TAG" \
|
|
||||||
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
|
|
||||||
--repo "${GITEA_REPO}" --output /tmp || true
|
|
||||||
|
|
||||||
# updates.xml is generated dynamically by MokoGitea license server
|
|
||||||
# No need to build, commit, or sync updates.xml from workflows
|
|
||||||
|
|
||||||
- name: "Delete lesser pre-release channels (cascade)"
|
|
||||||
if: steps.eligibility.outputs.proceed == 'true'
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
|
|
||||||
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
|
|
||||||
|
|
||||||
php ${MOKO_CLI}/release_cascade.php \
|
|
||||||
--stability "${{ steps.meta.outputs.stability }}" \
|
|
||||||
--token "${TOKEN}" \
|
|
||||||
--api-base "${API_BASE}"
|
|
||||||
|
|
||||||
- name: Summary
|
|
||||||
if: always()
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.meta.outputs.version }}"
|
|
||||||
STABILITY="${{ steps.meta.outputs.stability }}"
|
|
||||||
ZIP_NAME="${{ steps.meta.outputs.zip_name }}"
|
|
||||||
SHA256="${{ steps.package.outputs.sha256_zip }}"
|
|
||||||
echo "## Pre-Release Complete" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Channel | ${STABILITY} |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| Package | \`${ZIP_NAME}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "| SHA-256 | \`${SHA256:-n/a}\` |" >> $GITHUB_STEP_SUMMARY
|
|
||||||
@@ -1,71 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Universal
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /.mokogitea/workflows/rc-revert.yml
|
|
||||||
# VERSION: 09.23.00
|
|
||||||
# BRIEF: Rename rc/ branch back to dev/ when PR is closed without merge
|
|
||||||
|
|
||||||
name: "RC Revert"
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [closed]
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
revert:
|
|
||||||
name: Rename rc/ back to dev/
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: >-
|
|
||||||
github.event.pull_request.merged == false &&
|
|
||||||
startsWith(github.event.pull_request.head.ref, 'rc/')
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Rename branch
|
|
||||||
env:
|
|
||||||
BRANCH: ${{ github.event.pull_request.head.ref }}
|
|
||||||
REPO: ${{ github.repository }}
|
|
||||||
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
|
|
||||||
TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
# BRANCH is attacker-controlled (PR head ref). Strict allowlist before ANY use.
|
|
||||||
if ! printf '%s' "$BRANCH" | grep -Eq '^rc/[A-Za-z0-9._/-]+$'; then
|
|
||||||
echo "::error::Refusing unsafe branch name: $BRANCH"; exit 1
|
|
||||||
fi
|
|
||||||
SUFFIX="${BRANCH#rc/}"
|
|
||||||
DEV_BRANCH="dev/${SUFFIX}"
|
|
||||||
API="${GITEA_URL}/api/v1/repos/${REPO}/branches"
|
|
||||||
|
|
||||||
# Create dev/ branch from rc/ branch
|
|
||||||
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "{\"new_branch_name\": \"${DEV_BRANCH}\", \"old_branch_name\": \"${BRANCH}\"}" \
|
|
||||||
"${API}" 2>/dev/null || true)
|
|
||||||
if [ "$STATUS" = "201" ]; then
|
|
||||||
echo "Created branch: ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
|
|
||||||
else
|
|
||||||
echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Read BRANCH from the environment inside PHP (getenv, no string interpolation -> no PHP injection)
|
|
||||||
ENCODED=$(php -r 'echo rawurlencode(getenv("BRANCH"));')
|
|
||||||
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API}/${ENCODED}" 2>/dev/null || true)
|
|
||||||
if [ "$STATUS" = "204" ]; then
|
|
||||||
echo "Deleted branch: ${BRANCH}" >> "$GITHUB_STEP_SUMMARY"
|
|
||||||
else
|
|
||||||
echo "::warning::Failed to delete ${BRANCH} (HTTP ${STATUS})"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "### RC Reverted" >> "$GITHUB_STEP_SUMMARY"
|
|
||||||
echo "${BRANCH} → ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
|
|
||||||
@@ -1,700 +0,0 @@
|
|||||||
# ============================================================================
|
|
||||||
# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# This file is part of a Moko Consulting project.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow
|
|
||||||
# INGROUP: mokocli.Validation
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoCLI
|
|
||||||
# PATH: /templates/workflows/joomla/repo_health.yml.template
|
|
||||||
# VERSION: 09.23.00
|
|
||||||
# BRIEF: Enforces repository guardrails by validating scripts governance, tooling availability, and core repository health artifacts.
|
|
||||||
# ============================================================================
|
|
||||||
|
|
||||||
name: "Generic: Repo Health"
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
profile:
|
|
||||||
description: 'Validation profile: all, scripts, or repo'
|
|
||||||
required: true
|
|
||||||
default: all
|
|
||||||
type: choice
|
|
||||||
options:
|
|
||||||
- all
|
|
||||||
- scripts
|
|
||||||
- repo
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
env:
|
|
||||||
# Scripts governance policy
|
|
||||||
SCRIPTS_REQUIRED_DIRS:
|
|
||||||
SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
|
|
||||||
|
|
||||||
# Repo health policy
|
|
||||||
REPO_REQUIRED_ARTIFACTS: README.md,LICENSE,CHANGELOG.md,CONTRIBUTING.md,CODE_OF_CONDUCT.md,.mokogitea/workflows/
|
|
||||||
REPO_OPTIONAL_FILES: SECURITY.md,GOVERNANCE.md,.editorconfig,.gitattributes,.gitignore,README.md,docs/
|
|
||||||
REPO_DISALLOWED_DIRS:
|
|
||||||
REPO_DISALLOWED_FILES: TODO.md,todo.md
|
|
||||||
|
|
||||||
# Extended checks toggles
|
|
||||||
EXTENDED_CHECKS: "true"
|
|
||||||
|
|
||||||
# File / directory variables
|
|
||||||
DOCS_INDEX: docs/docs-index.md
|
|
||||||
SCRIPT_DIR: scripts
|
|
||||||
WORKFLOWS_DIR: .mokogitea/workflows
|
|
||||||
SHELLCHECK_PATTERN: '*.sh'
|
|
||||||
SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
access_check:
|
|
||||||
name: Access control
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 10
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
allowed: ${{ steps.perm.outputs.allowed }}
|
|
||||||
permission: ${{ steps.perm.outputs.permission }}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Check actor permission (admin only)
|
|
||||||
id: perm
|
|
||||||
env:
|
|
||||||
TOKEN: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
|
|
||||||
REPO: ${{ github.repository }}
|
|
||||||
ACTOR: ${{ github.actor }}
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
ALLOWED=false
|
|
||||||
PERMISSION=unknown
|
|
||||||
METHOD=""
|
|
||||||
|
|
||||||
# Hardcoded authorized users — always allowed
|
|
||||||
case "$ACTOR" in
|
|
||||||
jmiller|gitea-actions[bot])
|
|
||||||
ALLOWED=true
|
|
||||||
PERMISSION=admin
|
|
||||||
METHOD="hardcoded allowlist"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Detect platform and check permissions via API
|
|
||||||
API_BASE="${GITHUB_API_URL:-${GITEA_API_URL:-https://api.github.com}}"
|
|
||||||
RESP=$(curl -sf -H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_BASE}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
|
|
||||||
PERMISSION=$(echo "$RESP" | grep -oP '"permission"\s*:\s*"\K[^"]+' || echo "unknown")
|
|
||||||
if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "maintain" ] || [ "$PERMISSION" = "owner" ]; then
|
|
||||||
ALLOWED=true
|
|
||||||
fi
|
|
||||||
METHOD="collaborator API"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
|
|
||||||
echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
{
|
|
||||||
echo "## Access Authorization"
|
|
||||||
echo ""
|
|
||||||
echo "| Field | Value |"
|
|
||||||
echo "|-------|-------|"
|
|
||||||
echo "| **Actor** | \`${ACTOR}\` |"
|
|
||||||
echo "| **Repository** | \`${REPO}\` |"
|
|
||||||
echo "| **Permission** | \`${PERMISSION}\` |"
|
|
||||||
echo "| **Method** | ${METHOD} |"
|
|
||||||
echo "| **Authorized** | ${ALLOWED} |"
|
|
||||||
echo ""
|
|
||||||
if [ "$ALLOWED" = "true" ]; then
|
|
||||||
echo "${ACTOR} authorized (${METHOD})"
|
|
||||||
else
|
|
||||||
echo "${ACTOR} is NOT authorized. Requires admin or maintain role."
|
|
||||||
fi
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
|
|
||||||
- name: Deny execution when not permitted
|
|
||||||
if: ${{ steps.perm.outputs.allowed != 'true' }}
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
printf '%s\n' 'ERROR: Access denied. Admin permission required.' >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 1
|
|
||||||
|
|
||||||
scripts_governance:
|
|
||||||
name: Scripts governance
|
|
||||||
needs: access_check
|
|
||||||
if: ${{ needs.access_check.outputs.allowed == 'true' }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 15
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Scripts folder checks
|
|
||||||
env:
|
|
||||||
PROFILE_RAW: ${{ github.event.inputs.profile }}
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
profile="${PROFILE_RAW:-all}"
|
|
||||||
case "${profile}" in
|
|
||||||
all|scripts|repo) ;;
|
|
||||||
*)
|
|
||||||
printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ "${profile}" = 'repo' ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Scripts governance'
|
|
||||||
printf '%s\n' "Profile: ${profile}"
|
|
||||||
printf '%s\n' 'Status: SKIPPED'
|
|
||||||
printf '%s\n' 'Reason: profile excludes scripts governance'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -d "${SCRIPT_DIR}" ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Scripts governance'
|
|
||||||
printf '%s\n' 'Status: OK (advisory)'
|
|
||||||
printf '%s\n' 'scripts/ directory not present. No scripts governance enforced.'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${SCRIPTS_REQUIRED_DIRS:-}" ]; then IFS=',' read -r -a required_dirs <<< "${SCRIPTS_REQUIRED_DIRS}"; else required_dirs=(); fi
|
|
||||||
IFS=',' read -r -a allowed_dirs <<< "${SCRIPTS_ALLOWED_DIRS}"
|
|
||||||
|
|
||||||
missing_dirs=()
|
|
||||||
unapproved_dirs=()
|
|
||||||
|
|
||||||
for d in "${required_dirs[@]}"; do
|
|
||||||
req="${d%/}"
|
|
||||||
[ ! -d "${req}" ] && missing_dirs+=("${req}/")
|
|
||||||
done
|
|
||||||
|
|
||||||
while IFS= read -r d; do
|
|
||||||
allowed=false
|
|
||||||
for a in "${allowed_dirs[@]}"; do
|
|
||||||
a_norm="${a%/}"
|
|
||||||
[ "${d%/}" = "${a_norm}" ] && allowed=true
|
|
||||||
done
|
|
||||||
[ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
|
|
||||||
done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
|
|
||||||
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Scripts governance'
|
|
||||||
printf '%s\n' "Profile: ${profile}"
|
|
||||||
printf '%s\n' '| Area | Status | Notes |'
|
|
||||||
printf '%s\n' '|---|---|---|'
|
|
||||||
|
|
||||||
if [ "${#missing_dirs[@]}" -gt 0 ]; then
|
|
||||||
printf '%s\n' '| Required directories | Warning | Missing required subfolders |'
|
|
||||||
else
|
|
||||||
printf '%s\n' '| Required directories | OK | All required subfolders present |'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
|
|
||||||
printf '%s\n' '| Directory policy | Warning | Unapproved directories detected |'
|
|
||||||
else
|
|
||||||
printf '%s\n' '| Directory policy | OK | No unapproved directories |'
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf '%s\n' '| Enforcement mode | Advisory | scripts folder is optional |'
|
|
||||||
printf '\n'
|
|
||||||
|
|
||||||
if [ "${#missing_dirs[@]}" -gt 0 ]; then
|
|
||||||
printf '%s\n' 'Missing required script directories:'
|
|
||||||
for m in "${missing_dirs[@]}"; do printf '%s\n' "- ${m}"; done
|
|
||||||
printf '\n'
|
|
||||||
else
|
|
||||||
printf '%s\n' 'Missing required script directories: none.'
|
|
||||||
printf '\n'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${#unapproved_dirs[@]}" -gt 0 ]; then
|
|
||||||
printf '%s\n' 'Unapproved script directories detected:'
|
|
||||||
for m in "${unapproved_dirs[@]}"; do printf '%s\n' "- ${m}"; done
|
|
||||||
printf '\n'
|
|
||||||
else
|
|
||||||
printf '%s\n' 'Unapproved script directories detected: none.'
|
|
||||||
printf '\n'
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf '%s\n' 'Scripts governance completed in advisory mode.'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
|
|
||||||
repo_health:
|
|
||||||
name: Repository health
|
|
||||||
needs: access_check
|
|
||||||
if: ${{ needs.access_check.outputs.allowed == 'true' }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 20
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Repository health checks
|
|
||||||
env:
|
|
||||||
PROFILE_RAW: ${{ github.event.inputs.profile }}
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
profile="${PROFILE_RAW:-all}"
|
|
||||||
case "${profile}" in
|
|
||||||
all|scripts|repo) ;;
|
|
||||||
*)
|
|
||||||
printf '%s\n' "ERROR: Unknown profile: ${profile}" >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ "${profile}" = 'scripts' ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Repository health'
|
|
||||||
printf '%s\n' "Profile: ${profile}"
|
|
||||||
printf '%s\n' 'Status: SKIPPED'
|
|
||||||
printf '%s\n' 'Reason: profile excludes repository health'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
IFS=',' read -r -a required_artifacts <<< "${REPO_REQUIRED_ARTIFACTS}"
|
|
||||||
IFS=',' read -r -a optional_files <<< "${REPO_OPTIONAL_FILES}"
|
|
||||||
if [ -n "${REPO_DISALLOWED_DIRS:-}" ]; then IFS=',' read -r -a disallowed_dirs <<< "${REPO_DISALLOWED_DIRS}"; else disallowed_dirs=(); fi
|
|
||||||
IFS=',' read -r -a disallowed_files <<< "${REPO_DISALLOWED_FILES:-}"
|
|
||||||
|
|
||||||
missing_required=()
|
|
||||||
missing_optional=()
|
|
||||||
|
|
||||||
# Source directory: src/ or htdocs/ (either is valid for extension repos)
|
|
||||||
SOURCE_DIR=""
|
|
||||||
if [ -d "src" ]; then
|
|
||||||
SOURCE_DIR="src"
|
|
||||||
elif [ -d "htdocs" ]; then
|
|
||||||
SOURCE_DIR="htdocs"
|
|
||||||
elif [ -d "deploy" ] || [ -d "cli" ] || [ -d "monitoring" ]; then
|
|
||||||
# Platform/tooling repos don't need src/
|
|
||||||
SOURCE_DIR=""
|
|
||||||
else
|
|
||||||
missing_required+=("src/ or htdocs/ (source directory required)")
|
|
||||||
fi
|
|
||||||
|
|
||||||
for item in "${required_artifacts[@]}"; do
|
|
||||||
if printf '%s' "${item}" | grep -q '/$'; then
|
|
||||||
d="${item%/}"
|
|
||||||
[ ! -d "${d}" ] && missing_required+=("${item}")
|
|
||||||
else
|
|
||||||
[ ! -f "${item}" ] && missing_required+=("${item}")
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
for f in "${optional_files[@]}"; do
|
|
||||||
if printf '%s' "${f}" | grep -q '/$'; then
|
|
||||||
d="${f%/}"
|
|
||||||
[ ! -d "${d}" ] && missing_optional+=("${f}")
|
|
||||||
else
|
|
||||||
[ ! -f "${f}" ] && missing_optional+=("${f}")
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
for d in "${disallowed_dirs[@]}"; do
|
|
||||||
d_norm="${d%/}"
|
|
||||||
[ -d "${d_norm}" ] && missing_required+=("${d_norm}/ (disallowed)")
|
|
||||||
done
|
|
||||||
|
|
||||||
for f in "${disallowed_files[@]}"; do
|
|
||||||
[ -f "${f}" ] && missing_required+=("${f} (disallowed)")
|
|
||||||
done
|
|
||||||
|
|
||||||
git fetch origin --prune
|
|
||||||
|
|
||||||
dev_paths=()
|
|
||||||
dev_branches=()
|
|
||||||
|
|
||||||
while IFS= read -r b; do
|
|
||||||
name="${b#origin/}"
|
|
||||||
if [ "${name}" = 'dev' ]; then
|
|
||||||
dev_branches+=("${name}")
|
|
||||||
else
|
|
||||||
dev_paths+=("${name}")
|
|
||||||
fi
|
|
||||||
done < <(git branch -r --list 'origin/dev*' | sed 's/^ *//')
|
|
||||||
|
|
||||||
if [ "${#dev_paths[@]}" -eq 0 ] && [ "${#dev_branches[@]}" -eq 0 ]; then
|
|
||||||
missing_required+=("dev or dev/* branch")
|
|
||||||
fi
|
|
||||||
|
|
||||||
content_warnings=()
|
|
||||||
|
|
||||||
if [ -f 'CHANGELOG.md' ] && ! grep -Eq '^# Changelog' CHANGELOG.md; then
|
|
||||||
content_warnings+=("CHANGELOG.md missing '# Changelog' header")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f 'CHANGELOG.md' ] && grep -Eq '^[# ]*Unreleased' CHANGELOG.md; then
|
|
||||||
content_warnings+=("CHANGELOG.md contains Unreleased section (review release readiness)")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f 'LICENSE' ] && ! grep -qiE 'GNU GENERAL PUBLIC LICENSE|GPL' LICENSE; then
|
|
||||||
content_warnings+=("LICENSE does not look like a GPL text")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f 'README.md' ] && ! grep -qiE 'moko|Moko' README.md; then
|
|
||||||
content_warnings+=("README.md missing expected brand keyword")
|
|
||||||
fi
|
|
||||||
|
|
||||||
export PROFILE_RAW="${profile}"
|
|
||||||
export MISSING_REQUIRED="$(printf '%s\n' "${missing_required[@]:-}")"
|
|
||||||
export MISSING_OPTIONAL="$(printf '%s\n' "${missing_optional[@]:-}")"
|
|
||||||
export CONTENT_WARNINGS="$(printf '%s\n' "${content_warnings[@]:-}")"
|
|
||||||
|
|
||||||
report_json=$(printf '{"profile":"%s","missing_required":%d,"missing_optional":%d,"content_warnings":%d}' "$profile" "${#missing_required[@]}" "${#missing_optional[@]}" "${#content_warnings[@]}")
|
|
||||||
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Repository health'
|
|
||||||
printf '%s\n' "Profile: ${profile}"
|
|
||||||
printf '%s\n' '| Metric | Value |'
|
|
||||||
printf '%s\n' '|---|---|'
|
|
||||||
printf '%s\n' "| Missing required | ${#missing_required[@]} |"
|
|
||||||
printf '%s\n' "| Missing optional | ${#missing_optional[@]} |"
|
|
||||||
printf '%s\n' "| Content warnings | ${#content_warnings[@]} |"
|
|
||||||
printf '\n'
|
|
||||||
|
|
||||||
printf '%s\n' '### Guardrails report (JSON)'
|
|
||||||
printf '%s\n' '```json'
|
|
||||||
printf '%s\n' "${report_json}"
|
|
||||||
printf '%s\n' '```'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
|
|
||||||
if [ "${#missing_required[@]}" -gt 0 ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Missing required repo artifacts'
|
|
||||||
for m in "${missing_required[@]}"; do printf '%s\n' "- ${m}"; done
|
|
||||||
printf '%s\n' 'ERROR: Guardrails failed. Missing required repository artifacts.'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${#missing_optional[@]}" -gt 0 ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Missing optional repo artifacts'
|
|
||||||
for m in "${missing_optional[@]}"; do printf '%s\n' "- ${m}"; done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${#content_warnings[@]}" -gt 0 ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Repo content warnings'
|
|
||||||
for m in "${content_warnings[@]}"; do printf '%s\n' "- ${m}"; done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -- Joomla-specific checks --
|
|
||||||
joomla_findings=()
|
|
||||||
|
|
||||||
MANIFEST="$(find . -maxdepth 2 -name '*.xml' -exec grep -l '<extension' {} \; 2>/dev/null | head -1 || true)"
|
|
||||||
if [ -z "${MANIFEST}" ]; then
|
|
||||||
joomla_findings+=("Joomla XML manifest not found (no *.xml with <extension> tag)")
|
|
||||||
else
|
|
||||||
if ! grep -qP '<version>' "${MANIFEST}"; then
|
|
||||||
joomla_findings+=("XML manifest: <version> tag missing")
|
|
||||||
fi
|
|
||||||
if ! grep -qP 'type="(component|module|plugin|library|package|template|language)"' "${MANIFEST}"; then
|
|
||||||
joomla_findings+=("XML manifest: type attribute missing or invalid")
|
|
||||||
fi
|
|
||||||
if ! grep -qP '<name>' "${MANIFEST}"; then
|
|
||||||
joomla_findings+=("XML manifest: <name> tag missing")
|
|
||||||
fi
|
|
||||||
if ! grep -qP '<author>' "${MANIFEST}"; then
|
|
||||||
joomla_findings+=("XML manifest: <author> tag missing")
|
|
||||||
fi
|
|
||||||
if ! grep -qP '<namespace' "${MANIFEST}"; then
|
|
||||||
joomla_findings+=("XML manifest: <namespace> missing (required for Joomla 5+)")
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
INI_COUNT="$(find . -name '*.ini' -type f 2>/dev/null | wc -l)"
|
|
||||||
if [ "${INI_COUNT}" -eq 0 ]; then
|
|
||||||
joomla_findings+=("No .ini language files found")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f 'updates.xml' ]; then
|
|
||||||
joomla_findings+=("updates.xml missing in root (required for Joomla update server)")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${SOURCE_DIR}" ]; then
|
|
||||||
INDEX_DIRS=("${SOURCE_DIR}" "${SOURCE_DIR}/admin" "${SOURCE_DIR}/site")
|
|
||||||
for dir in "${INDEX_DIRS[@]}"; do
|
|
||||||
if [ -d "${dir}" ] && [ ! -f "${dir}/index.html" ]; then
|
|
||||||
joomla_findings+=("${dir}/index.html missing (directory listing protection)")
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${#joomla_findings[@]}" -gt 0 ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Joomla extension checks'
|
|
||||||
printf '%s\n' '| Check | Status |'
|
|
||||||
printf '%s\n' '|---|---|'
|
|
||||||
for f in "${joomla_findings[@]}"; do
|
|
||||||
printf '%s\n' "| ${f} | Warning |"
|
|
||||||
done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Joomla extension checks'
|
|
||||||
printf '%s\n' 'All Joomla-specific checks passed.'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
extended_enabled="${EXTENDED_CHECKS:-true}"
|
|
||||||
extended_findings=()
|
|
||||||
|
|
||||||
if [ "${extended_enabled}" = 'true' ]; then
|
|
||||||
if [ -f '.github/CODEOWNERS' ] || [ -f 'CODEOWNERS' ] || [ -f 'docs/CODEOWNERS' ]; then
|
|
||||||
:
|
|
||||||
else
|
|
||||||
extended_findings+=("CODEOWNERS not found (.github/CODEOWNERS preferred)")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
|
|
||||||
bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
|
|
||||||
if [ -n "${bad_refs}" ]; then
|
|
||||||
extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Workflow pinning advisory'
|
|
||||||
printf '%s\n' 'Found uses: entries pinned to main/master:'
|
|
||||||
printf '%s\n' '```'
|
|
||||||
printf '%s\n' "${bad_refs}"
|
|
||||||
printf '%s\n' '```'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${DOCS_INDEX}" ]; then
|
|
||||||
missing_links=""
|
|
||||||
while IFS= read -r docline; do
|
|
||||||
for link in $(echo "$docline" | grep -oE '\]\([^)]+\)' | sed 's/\](//' | sed 's/)$//' || true); do
|
|
||||||
case "$link" in http://*|https://*|"#"*|mailto:*) continue ;; esac
|
|
||||||
linkpath="${link%%#*}"
|
|
||||||
linkpath="${linkpath%%\?*}"
|
|
||||||
[ -z "$linkpath" ] && continue
|
|
||||||
if [ "${linkpath:0:1}" = "/" ]; then
|
|
||||||
testpath="${linkpath#/}"
|
|
||||||
else
|
|
||||||
testpath="$(dirname "${DOCS_INDEX}")/${linkpath}"
|
|
||||||
fi
|
|
||||||
[ ! -e "$testpath" ] && missing_links="${missing_links}${testpath} "
|
|
||||||
done
|
|
||||||
done < "${DOCS_INDEX}"
|
|
||||||
if [ -n "${missing_links}" ]; then
|
|
||||||
extended_findings+=("docs/docs-index.md contains broken relative links")
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Docs index link integrity'
|
|
||||||
printf '%s\n' 'Broken relative links:'
|
|
||||||
for bl in ${missing_links}; do
|
|
||||||
printf '%s\n' "- ${bl}"
|
|
||||||
done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -d "${SCRIPT_DIR}" ]; then
|
|
||||||
if ! command -v shellcheck >/dev/null 2>&1; then
|
|
||||||
sudo apt-get update -qq
|
|
||||||
sudo apt-get install -y shellcheck >/dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
sc_out=''
|
|
||||||
while IFS= read -r shf; do
|
|
||||||
[ -z "${shf}" ] && continue
|
|
||||||
out_one="$(shellcheck -S warning -x "${shf}" 2>/dev/null || true)"
|
|
||||||
if [ -n "${out_one}" ]; then
|
|
||||||
sc_out="${sc_out}${out_one}\n"
|
|
||||||
fi
|
|
||||||
done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
|
|
||||||
|
|
||||||
if [ -n "${sc_out}" ]; then
|
|
||||||
extended_findings+=("ShellCheck warnings detected (advisory)")
|
|
||||||
sc_head="$(printf '%s' "${sc_out}" | head -n 200)"
|
|
||||||
{
|
|
||||||
printf '%s\n' '### ShellCheck (advisory)'
|
|
||||||
printf '%s\n' '```'
|
|
||||||
printf '%s\n' "${sc_head}"
|
|
||||||
printf '%s\n' '```'
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
spdx_missing=()
|
|
||||||
IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
|
|
||||||
spdx_args=()
|
|
||||||
for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
|
|
||||||
|
|
||||||
while IFS= read -r f; do
|
|
||||||
[ -z "${f}" ] && continue
|
|
||||||
if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
|
|
||||||
spdx_missing+=("${f}")
|
|
||||||
fi
|
|
||||||
done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
|
|
||||||
|
|
||||||
if [ "${#spdx_missing[@]}" -gt 0 ]; then
|
|
||||||
extended_findings+=("SPDX header missing in some tracked files (advisory)")
|
|
||||||
{
|
|
||||||
printf '%s\n' '### SPDX header advisory'
|
|
||||||
printf '%s\n' 'Files missing SPDX-License-Identifier (first 40 lines scan):'
|
|
||||||
for f in "${spdx_missing[@]}"; do printf '%s\n' "- ${f}"; done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
stale_cutoff_days=180
|
|
||||||
stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | head -50)"
|
|
||||||
if [ -n "${stale_branches}" ]; then
|
|
||||||
extended_findings+=("Stale remote branches detected (advisory)")
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Git hygiene advisory'
|
|
||||||
printf '%s\n' "Branches with last commit older than ${stale_cutoff_days} days (sample up to 50):"
|
|
||||||
while IFS= read -r b; do [ -n "${b}" ] && printf '%s\n' "- ${b}"; done <<< "${stale_branches}"
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Guardrails coverage matrix'
|
|
||||||
printf '%s\n' '| Domain | Status | Notes |'
|
|
||||||
printf '%s\n' '|---|---|---|'
|
|
||||||
printf '%s\n' '| Access control | OK | Admin-only execution gate |'
|
|
||||||
printf '%s\n' '| Release policy | N/A | Releases handled by MokoGitea |'
|
|
||||||
printf '%s\n' '| Scripts governance | OK | Directory policy and advisory reporting |'
|
|
||||||
printf '%s\n' '| Repo required artifacts | OK | Required, optional, disallowed enforcement |'
|
|
||||||
printf '%s\n' '| Repo content heuristics | OK | Brand, license, changelog structure |'
|
|
||||||
if [ "${extended_enabled}" = 'true' ]; then
|
|
||||||
if [ "${#extended_findings[@]}" -gt 0 ]; then
|
|
||||||
printf '%s\n' '| Extended checks | Warning | See extended findings below |'
|
|
||||||
else
|
|
||||||
printf '%s\n' '| Extended checks | OK | No findings |'
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
printf '%s\n' '| Extended checks | SKIPPED | EXTENDED_CHECKS disabled |'
|
|
||||||
fi
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
|
|
||||||
if [ "${extended_enabled}" = 'true' ] && [ "${#extended_findings[@]}" -gt 0 ]; then
|
|
||||||
{
|
|
||||||
printf '%s\n' '### Extended findings (advisory)'
|
|
||||||
for f in "${extended_findings[@]}"; do printf '%s\n' "- ${f}"; done
|
|
||||||
printf '\n'
|
|
||||||
} >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf '%s\n' 'Repository health guardrails passed.' >> "${GITHUB_STEP_SUMMARY}"
|
|
||||||
|
|
||||||
|
|
||||||
site-health:
|
|
||||||
name: Site Health
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.event_name == 'workflow_dispatch'
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Setup PHP
|
|
||||||
uses: shivammathur/setup-php@v2
|
|
||||||
with:
|
|
||||||
php-version: '8.3'
|
|
||||||
|
|
||||||
- name: Uptime check
|
|
||||||
if: env.URLS != ''
|
|
||||||
run: |
|
|
||||||
echo "$URLS" > /tmp/urls.txt
|
|
||||||
php monitoring/uptime-probe.php --urls /tmp/urls.txt --timeout 15 || echo "::warning::Some sites are down"
|
|
||||||
rm -f /tmp/urls.txt
|
|
||||||
env:
|
|
||||||
URLS: ${{ vars.MONITORED_URLS }}
|
|
||||||
|
|
||||||
- name: SSL certificate check
|
|
||||||
if: env.DOMAINS != ''
|
|
||||||
run: |
|
|
||||||
echo "$DOMAINS" > /tmp/domains.txt
|
|
||||||
php monitoring/ssl-check.php --domains /tmp/domains.txt --warn-days 30 || echo "::warning::SSL certificates expiring soon"
|
|
||||||
rm -f /tmp/domains.txt
|
|
||||||
env:
|
|
||||||
DOMAINS: ${{ vars.MONITORED_DOMAINS }}
|
|
||||||
|
|
||||||
- name: Summary
|
|
||||||
if: always()
|
|
||||||
run: |
|
|
||||||
echo "### Site Health" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Uptime and SSL checks completed." >> $GITHUB_STEP_SUMMARY
|
|
||||||
|
|
||||||
# ═══════════════════════════════════════════════════════════════════════
|
|
||||||
# Issue Reporter — file issues for failed gates
|
|
||||||
# ═══════════════════════════════════════════════════════════════════════
|
|
||||||
report-scripts:
|
|
||||||
name: "Report: Scripts Governance"
|
|
||||||
needs: [access_check, scripts_governance]
|
|
||||||
if: >-
|
|
||||||
always() &&
|
|
||||||
needs.scripts_governance.result == 'failure'
|
|
||||||
uses: ./.mokogitea/workflows/ci-issue-reporter.yml
|
|
||||||
with:
|
|
||||||
gate: "Scripts Governance"
|
|
||||||
workflow: "Repo Health"
|
|
||||||
severity: error
|
|
||||||
details: "Scripts directory policy violations detected. Review required and allowed directories."
|
|
||||||
secrets: inherit
|
|
||||||
|
|
||||||
report-health:
|
|
||||||
name: "Report: Repository Health"
|
|
||||||
needs: [access_check, repo_health]
|
|
||||||
if: >-
|
|
||||||
always() &&
|
|
||||||
needs.repo_health.result == 'failure'
|
|
||||||
uses: ./.mokogitea/workflows/ci-issue-reporter.yml
|
|
||||||
with:
|
|
||||||
gate: "Repository Health"
|
|
||||||
workflow: "Repo Health"
|
|
||||||
severity: error
|
|
||||||
details: "Repository health checks failed — missing required artifacts, disallowed files, or content warnings. Check the CI run summary."
|
|
||||||
secrets: inherit
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1,134 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# This file is part of a Moko Consulting project.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: GitHub.Workflow
|
|
||||||
# INGROUP: MokoStandards.Automation
|
|
||||||
# REPO: https://github.com/mokoconsulting-tech/MokoStandards
|
|
||||||
# PATH: /templates/workflows/shared/sync-version-on-merge.yml.template
|
|
||||||
# VERSION: 04.06.00
|
|
||||||
# BRIEF: Auto-bump patch version on every push to main and propagate to all file headers
|
|
||||||
# NOTE: Synced via bulk-repo-sync to .mokogitea/workflows/sync-version-on-merge.yml in all governed repos.
|
|
||||||
# README.md is the single source of truth for the repository version.
|
|
||||||
|
|
||||||
name: "Universal: Sync Version on Merge"
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- master
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
dry_run:
|
|
||||||
description: 'Dry run (preview only, no commit)'
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
issues: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
sync-version:
|
|
||||||
name: Propagate README version
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GH_MIRROR_TOKEN || github.token }}
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Set up PHP
|
|
||||||
uses: shivammathur/setup-php@fcafdd6392932010c2bd5094439b8e33be2a8a09 # v2.37.0
|
|
||||||
with:
|
|
||||||
php-version: '8.1'
|
|
||||||
tools: composer
|
|
||||||
|
|
||||||
- name: Setup MokoStandards tools
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_MIRROR_TOKEN || github.token }}
|
|
||||||
COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GH_MIRROR_TOKEN || github.token }}"}}'
|
|
||||||
run: |
|
|
||||||
git clone --depth 1 --branch version/04 --quiet \
|
|
||||||
"https://x-access-token:${GH_TOKEN}@github.com/mokoconsulting-tech/MokoStandards.git" \
|
|
||||||
/tmp/mokostandards
|
|
||||||
cd /tmp/mokostandards
|
|
||||||
composer install --no-dev --no-interaction --quiet
|
|
||||||
|
|
||||||
- name: Auto-bump patch version
|
|
||||||
if: ${{ github.event_name == 'push' && github.actor != 'github-actions[bot]' }}
|
|
||||||
run: |
|
|
||||||
if git diff --name-only HEAD~1 HEAD 2>/dev/null | grep -q '^README\.md$'; then
|
|
||||||
echo "README.md changed in this push — skipping auto-bump"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
RESULT=$(php /tmp/mokostandards/api/cli/version_bump.php --path .) || {
|
|
||||||
echo "⚠️ Could not bump version — skipping"
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
echo "Auto-bumping patch: $RESULT"
|
|
||||||
git config --local user.email "github-actions[bot]@users.noreply.github.com"
|
|
||||||
git config --local user.name "github-actions[bot]"
|
|
||||||
git add README.md
|
|
||||||
git commit -m "chore(version): auto-bump patch ${RESULT} [skip ci]" \
|
|
||||||
--author="github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
|
|
||||||
git push
|
|
||||||
|
|
||||||
- name: Extract version from README.md
|
|
||||||
id: readme_version
|
|
||||||
run: |
|
|
||||||
git pull --ff-only 2>/dev/null || true
|
|
||||||
VERSION=$(php /tmp/mokostandards/api/cli/version_read.php --path . 2>/dev/null)
|
|
||||||
if [ -z "$VERSION" ]; then
|
|
||||||
echo "⚠️ No VERSION in README.md — skipping propagation"
|
|
||||||
echo "skip=true" >> $GITHUB_OUTPUT
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
|
||||||
echo "skip=false" >> $GITHUB_OUTPUT
|
|
||||||
echo "✅ README.md version: $VERSION"
|
|
||||||
|
|
||||||
- name: Run version sync
|
|
||||||
if: ${{ steps.readme_version.outputs.skip != 'true' && inputs.dry_run != true }}
|
|
||||||
run: |
|
|
||||||
php /tmp/mokostandards/api/maintenance/update_version_from_readme.php \
|
|
||||||
--path . \
|
|
||||||
--create-issue \
|
|
||||||
--repo "${{ github.repository }}"
|
|
||||||
env:
|
|
||||||
GH_TOKEN: ${{ secrets.GH_MIRROR_TOKEN || github.token }}
|
|
||||||
|
|
||||||
- name: Commit updated files
|
|
||||||
if: ${{ steps.readme_version.outputs.skip != 'true' && inputs.dry_run != true }}
|
|
||||||
run: |
|
|
||||||
git pull --ff-only 2>/dev/null || true
|
|
||||||
if git diff --quiet; then
|
|
||||||
echo "ℹ️ No version changes needed — already up to date"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
VERSION="${{ steps.readme_version.outputs.version }}"
|
|
||||||
git config --local user.email "github-actions[bot]@users.noreply.github.com"
|
|
||||||
git config --local user.name "github-actions[bot]"
|
|
||||||
git add -A
|
|
||||||
git commit -m "chore(version): sync badges and headers to ${VERSION} [skip ci]" \
|
|
||||||
--author="github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
|
|
||||||
git push
|
|
||||||
|
|
||||||
- name: Summary
|
|
||||||
run: |
|
|
||||||
VERSION="${{ steps.readme_version.outputs.version }}"
|
|
||||||
echo "## 📦 Version Sync — ${VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "**Source:** \`README.md\` FILE INFORMATION block" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "**Version:** \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
@@ -1,130 +0,0 @@
|
|||||||
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#
|
|
||||||
# FILE INFORMATION
|
|
||||||
# DEFGROUP: Gitea.Workflow.Template
|
|
||||||
# INGROUP: MokoStandards.CI
|
|
||||||
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
|
|
||||||
# PATH: /.mokogitea/workflows/version-set.yml
|
|
||||||
# VERSION: 01.00.00
|
|
||||||
# BRIEF: Set or reset the extension version across all version-bearing files
|
|
||||||
|
|
||||||
name: "Joomla: Set Version"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
version:
|
|
||||||
description: "Version number (e.g. 01.00.00)"
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
branch:
|
|
||||||
description: "Branch to update (default: current)"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
env:
|
|
||||||
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
set-version:
|
|
||||||
name: Set Version to ${{ inputs.version }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Validate version format
|
|
||||||
run: |
|
|
||||||
VERSION="${{ inputs.version }}"
|
|
||||||
if ! echo "$VERSION" | grep -qP '^\d{2}\.\d{2}\.\d{2}$'; then
|
|
||||||
echo "::error::Invalid version format '${VERSION}' — expected XX.YY.ZZ (e.g. 01.00.00)"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
|
|
||||||
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
|
|
||||||
ref: ${{ inputs.branch || github.ref }}
|
|
||||||
fetch-depth: 1
|
|
||||||
|
|
||||||
- name: Update manifest version
|
|
||||||
run: |
|
|
||||||
MANIFEST=""
|
|
||||||
for XML_FILE in $(find . -maxdepth 3 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
|
|
||||||
if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
|
|
||||||
MANIFEST="$XML_FILE"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$MANIFEST" ]; then
|
|
||||||
echo "::warning::No Joomla extension manifest found — skipping manifest update"
|
|
||||||
else
|
|
||||||
OLD_VER=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
|
|
||||||
sed -i "s|<version>${OLD_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
|
|
||||||
echo "Manifest: ${OLD_VER} → ${VERSION} (${MANIFEST})"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update README.md version
|
|
||||||
run: |
|
|
||||||
if [ -f "README.md" ]; then
|
|
||||||
if grep -qP '^\s*VERSION:\s*\d' README.md; then
|
|
||||||
sed -i -E "s/(VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" README.md
|
|
||||||
echo "README.md version updated to ${VERSION}"
|
|
||||||
else
|
|
||||||
echo "::warning::No VERSION line found in README.md — skipping"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update CHANGELOG.md
|
|
||||||
run: |
|
|
||||||
if [ -f "CHANGELOG.md" ]; then
|
|
||||||
DATE=$(date +%Y-%m-%d)
|
|
||||||
# Check if this version already has an entry
|
|
||||||
if grep -q "^\#\# \[${VERSION}\]" CHANGELOG.md; then
|
|
||||||
echo "CHANGELOG.md already has entry for ${VERSION} — skipping"
|
|
||||||
else
|
|
||||||
# Insert new version entry after [Unreleased] or at the top after header
|
|
||||||
if grep -q '^\#\# \[Unreleased\]' CHANGELOG.md; then
|
|
||||||
sed -i "/^\#\# \[Unreleased\]/a\\\\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
|
|
||||||
else
|
|
||||||
sed -i "/^\# Changelog/a\\\\n## [Unreleased]\n\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
|
|
||||||
fi
|
|
||||||
echo "CHANGELOG.md: added entry for ${VERSION}"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "::warning::No CHANGELOG.md found — skipping"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update FILE INFORMATION blocks
|
|
||||||
run: |
|
|
||||||
# Update VERSION in file header blocks (# VERSION: XX.YY.ZZ)
|
|
||||||
find . -maxdepth 1 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.php" -o -name "*.md" \) \
|
|
||||||
-not -path "./.git/*" -not -path "./vendor/*" -print0 2>/dev/null | \
|
|
||||||
while IFS= read -r -d '' FILE; do
|
|
||||||
if head -20 "$FILE" | grep -qP '^\s*#?\s*VERSION:\s*\d{2}\.\d{2}\.\d{2}'; then
|
|
||||||
sed -i -E "s/(#?\s*VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" "$FILE"
|
|
||||||
echo "Updated FILE INFORMATION VERSION in ${FILE}"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
- name: Commit and push
|
|
||||||
run: |
|
|
||||||
git config user.name "Moko Consulting [bot]"
|
|
||||||
git config user.email "hello@mokoconsulting.tech"
|
|
||||||
git add -A
|
|
||||||
if git diff --cached --quiet; then
|
|
||||||
echo "No version changes detected — nothing to commit"
|
|
||||||
else
|
|
||||||
git commit -m "chore: set version to ${VERSION} [skip bump]
|
|
||||||
|
|
||||||
Authored-by: Moko Consulting"
|
|
||||||
git push
|
|
||||||
echo "### Version Set" >> $GITHUB_STEP_SUMMARY
|
|
||||||
echo "Version updated to \`${VERSION}\` on branch \`${GITHUB_REF_NAME}\`" >> $GITHUB_STEP_SUMMARY
|
|
||||||
fi
|
|
||||||
Reference in New Issue
Block a user