Compare commits

..

68 Commits

Author SHA1 Message Date
jmiller 19ace79027 chore(docs): normalize refs — MokoStandards->org wiki, moko-platform->mokocli, residual MokoGitea/MokoSuite
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 19s
Non-workflow docs/config only (CLAUDE.md, README, branch-protection, ISSUE_TEMPLATE/config.yml,
ci-issue-reporter). Workflow files, manifest schema, and Makefile install paths left for the
forge-rebrand gate. Authored-by: Moko Consulting
2026-07-05 22:49:53 +00:00
jmiller da76ff6c22 chore: sync workflow-sync-trigger.yml from Template-Generic [skip ci] 2026-07-05 21:39:05 +00:00
jmiller 12245a1880 chore: sync version-set.yml from Template-Generic [skip ci] 2026-07-05 21:39:05 +00:00
jmiller ebbf09a085 chore: sync repo-health.yml from Template-Generic [skip ci] 2026-07-05 21:39:04 +00:00
jmiller eeb5b4abc1 chore: sync rc-revert.yml from Template-Generic [skip ci] 2026-07-05 21:39:03 +00:00
jmiller 829c5d8468 chore: sync pre-release.yml from Template-Generic [skip ci] 2026-07-05 21:39:03 +00:00
jmiller f86ba0b095 chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-05 21:39:02 +00:00
jmiller 16dad734e2 chore: sync gitleaks.yml from Template-Generic [skip ci] 2026-07-05 21:34:31 +00:00
jmiller 4e42ec188c chore: sync cleanup.yml from Template-Generic [skip ci] 2026-07-05 21:34:30 +00:00
jmiller a532c94de9 chore: sync ci-issue-reporter.yml from Template-Generic [skip ci] 2026-07-05 21:34:29 +00:00
jmiller 86b0e13edd chore: sync ci-generic.yml from Template-Generic [skip ci] 2026-07-05 21:34:28 +00:00
jmiller 3388a2f5cd chore: sync cascade-dev.yml from Template-Generic [skip ci] 2026-07-05 21:34:28 +00:00
jmiller e875106a5f chore: sync branch-cleanup.yml from Template-Generic [skip ci] 2026-07-05 21:34:27 +00:00
jmiller f1058c0e46 chore: sync auto-release.yml from Template-Generic [skip ci] 2026-07-05 21:34:26 +00:00
jmiller 1b5a5bd976 chore: sync auto-bump.yml from Template-Generic [skip ci] 2026-07-05 21:34:25 +00:00
jmiller 4e6926e799 chore: sync workflow-sync-trigger.yml from Template-Generic [skip ci] 2026-07-05 21:08:20 +00:00
jmiller 94f2ac9871 chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-05 21:08:18 +00:00
jmiller c788f69652 chore: sync pre-release.yml from Template-Generic [skip ci] 2026-07-05 20:40:52 +00:00
jmiller 37ca0647ba chore: sync gitleaks.yml from Template-Generic [skip ci] 2026-07-05 20:40:34 +00:00
jmiller 87c3372ae6 chore: sync auto-bump.yml from Template-Generic [skip ci] 2026-07-05 20:40:28 +00:00
jmiller 49fb5d8939 chore: sync version-set.yml from Template-Generic [skip ci] 2026-07-05 20:37:39 +00:00
jmiller c9691e4849 chore: sync sync-on-merge.yml from Template-Generic [skip ci] 2026-07-05 20:37:37 +00:00
jmiller ccb9a73830 chore: sync repo-health.yml from Template-Generic [skip ci] 2026-07-05 20:37:36 +00:00
jmiller c33caa064d chore: sync rc-revert.yml from Template-Generic [skip ci] 2026-07-05 20:37:33 +00:00
jmiller b117dd3f4b chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-05 20:35:17 +00:00
jmiller 6c04c99380 chore: sync gitleaks.yml from Template-Generic [skip ci] 2026-07-05 20:35:15 +00:00
jmiller 6ee328fa95 chore: sync ci-issue-reporter.yml from Template-Generic [skip ci] 2026-07-05 20:35:14 +00:00
jmiller a6b800a3ed chore: sync cascade-dev.yml from Template-Generic [skip ci] 2026-07-05 20:35:12 +00:00
jmiller 58bd103daf chore: sync branch-cleanup.yml from Template-Generic [skip ci] 2026-07-05 20:35:10 +00:00
jmiller 2e3b153e5c chore: sync auto-release.yml from Template-Generic [skip ci] 2026-07-05 20:35:09 +00:00
jmiller f7770991c7 chore: sync auto-bump.yml from Template-Generic [skip ci] 2026-07-05 20:35:07 +00:00
jmiller d7e80865e0 chore: sync notify.yml from Template-Generic [skip ci] 2026-07-05 00:04:26 +00:00
jmiller 9258e9ef33 chore: sync cleanup.yml from Template-Generic [skip ci] 2026-07-05 00:04:24 +00:00
jmiller 6eb975795f chore: sync auto-release.yml from Template-Generic [skip ci] 2026-07-04 23:26:34 +00:00
jmiller d3280d4c7a chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-04 20:27:38 +00:00
jmiller 5a6688ef69 chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-04 20:22:10 +00:00
jmiller a63f14aba7 chore: sync ci-generic.yml from Template-Generic [skip ci] 2026-07-04 20:22:09 +00:00
jmiller 22b2154896 chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-04 19:37:35 +00:00
jmiller 514838a37b chore: sync ci-generic.yml from Template-Generic [skip ci] 2026-07-04 19:37:34 +00:00
jmiller f1f17c728a chore: sync branch-cleanup.yml from Template-Generic [skip ci] 2026-07-04 19:37:33 +00:00
jmiller e78d4a7ac4 chore: sync sync-on-merge.yml from Template-Generic [skip ci] 2026-07-04 19:03:42 +00:00
jmiller 5daee2d60a chore: sync pre-release.yml from Template-Generic [skip ci] 2026-07-04 19:03:41 +00:00
jmiller 2c0bd02ddd chore: sync pr-check.yml from Template-Generic [skip ci] 2026-07-04 19:03:40 +00:00
jmiller 54e7ab3aa7 chore: sync notify.yml from Template-Generic [skip ci] 2026-07-04 19:03:39 +00:00
jmiller 6105be7254 chore: sync cleanup.yml from Template-Generic [skip ci] 2026-07-04 19:03:38 +00:00
jmiller a8eac46932 chore: sync ci-generic.yml from Template-Generic [skip ci] 2026-07-04 19:03:37 +00:00
jmiller 360dfcb5e4 chore: sync auto-release.yml from Template-Generic [skip ci] 2026-07-04 19:03:36 +00:00
jmiller 4af29e79fd Merge pull request 'fix: remove orphaned deploy-manual workflow' (#29) from fix/remove-deploy-manual into main
fix: remove orphaned deploy-manual workflow [skip ci]
2026-06-30 18:33:31 +00:00
jmiller de01bf3e12 fix: remove orphaned deploy-manual workflow [skip ci] 2026-06-30 18:06:58 +00:00
jmiller 553960f185 chore: sync auto-release.yml from Template-Generic [skip ci] 2026-06-29 06:34:32 +00:00
jmiller c44c1efb18 chore: sync ci-generic.yml from Template-Generic [skip ci] 2026-06-27 20:43:42 +00:00
jmiller 00ca3c9457 chore: sync rc-revert.yml from Template-Generic [skip ci] 2026-06-27 05:31:59 +00:00
jmiller 059da4b37a chore: sync pre-release.yml from Template-Generic [skip ci] 2026-06-27 00:49:04 +00:00
jmiller 81f7db7b1b chore: sync repo-health.yml from Template-Generic [skip ci] 2026-06-25 19:46:02 +00:00
jmiller 0487c5a9c9 chore: sync pr-check.yml from Template-Generic [skip ci] 2026-06-25 19:46:01 +00:00
jmiller 08e57bfcfb chore: sync ci-issue-reporter.yml from Template-Generic [skip ci] 2026-06-25 19:45:59 +00:00
jmiller afa693b8d2 chore: sync workflow-sync-trigger.yml from Template-Generic [skip ci] 2026-06-25 17:10:14 +00:00
jmiller 0269496b96 chore: sync version-set.yml from Template-Generic [skip ci] 2026-06-25 17:10:14 +00:00
jmiller d25ae647cf chore: sync repo-health.yml from Template-Generic [skip ci] 2026-06-25 17:10:13 +00:00
jmiller 66d6c9ccaa chore: sync pre-release.yml from Template-Generic [skip ci] 2026-06-25 17:10:13 +00:00
jmiller a83fc2a03f chore: sync pr-check.yml from Template-Generic [skip ci] 2026-06-25 17:10:12 +00:00
jmiller d695f603c4 chore: sync issue-branch.yml from Template-Generic [skip ci] 2026-06-25 17:10:12 +00:00
jmiller 264c682d53 chore: sync deploy-manual.yml from Template-Generic [skip ci] 2026-06-25 17:10:11 +00:00
jmiller 4f44c169ca chore: sync cleanup.yml from Template-Generic [skip ci] 2026-06-25 17:10:11 +00:00
jmiller dc2332e01d chore: sync auto-release.yml from Template-Generic [skip ci] 2026-06-25 17:10:10 +00:00
jmiller ce55aa05d7 chore: sync auto-bump.yml from Template-Generic [skip ci] 2026-06-25 17:10:09 +00:00
jmiller 745daafe5e chore: sync version-set.yml from Template-Generic [skip ci] 2026-06-24 11:50:09 +00:00
jmiller 02dcbd625e chore: sync auto-release.yml from Template-Generic [skip ci] 2026-06-24 11:50:07 +00:00
28 changed files with 1897 additions and 1844 deletions
+1 -1
View File
@@ -8,7 +8,7 @@ contact_links:
url: https://mokoconsulting.tech/
about: Get help or ask questions through our website
- name: 📚 MokoStandards Documentation
url: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
url: https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/wiki
about: View our coding standards and best practices
- name: 🔒 Report a Security Vulnerability
url: https://git.mokoconsulting.tech/mokoconsulting-tech/.github-private/security/advisories/new
+1 -1
View File
@@ -37,7 +37,7 @@ If you have ideas about how this could be implemented, share them here:
Add any other context, mockups, or screenshots about the feature request here.
## Relevant Standards
Does this relate to any standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
Does this relate to any standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/wiki)?
- [ ] Accessibility (WCAG 2.1 AA)
- [ ] Localization (en_US/en_GB)
- [ ] Security best practices
@@ -18,7 +18,7 @@ assignees: ''
- [ ] API response error (4xx / 5xx)
### MCP Server
- **Server Name**: [e.g., mcp_mokowaas]
- **Server Name**: [e.g., mcp_mokosuite]
- **Server Version**: [e.g., 1.0.0]
- **Node.js Version**: [e.g., 20.x]
+1 -1
View File
@@ -35,7 +35,7 @@ Use this template only for:
<!-- Describe how this could be addressed -->
## Standards Reference
Does this relate to security standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
Does this relate to security standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/wiki)?
- [ ] SPDX license identifiers
- [ ] Secret management
- [ ] Dependency security
+67 -66
View File
@@ -1,66 +1,67 @@
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# INGROUP: mokocli.Release
# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
# PATH: /.mokogitea/workflows/auto-bump.yml
# VERSION: 09.02.00
# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
name: "Universal: Auto Version Bump"
on:
push:
branches:
- dev
- rc
- 'feature/**'
- 'patch/**'
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
permissions:
contents: write
jobs:
bump:
name: Version Bump
runs-on: release
if: >-
!contains(github.event.head_commit.message, '[skip ci]') &&
!contains(github.event.head_commit.message, '[skip bump]') &&
!startsWith(github.event.head_commit.message, 'Merge pull request')
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
token: ${{ secrets.MOKOGITEA_TOKEN }}
fetch-depth: 1
- name: Setup mokocli tools
run: |
if ! command -v composer &> /dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
fi
if [ -d "/opt/mokocli/cli" ]; then
echo "MOKO_CLI=/opt/mokocli/cli" >> "$GITHUB_ENV"
else
git clone --depth 1 --branch main --quiet \
"https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/mokocli.git" \
/tmp/mokocli
cd /tmp/mokocli && composer install --no-dev --no-interaction --quiet
echo "MOKO_CLI=/tmp/mokocli/cli" >> "$GITHUB_ENV"
fi
- name: Bump version
run: |
php ${MOKO_CLI}/version_auto_bump.php \
--path . --branch "${GITHUB_REF_NAME}" \
--token "${{ secrets.MOKOGITEA_TOKEN }}" \
--repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Release
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/auto-bump.yml
# VERSION: 09.02.00
# BRIEF: Auto patch-bump version on every push to dev (skips merge commits)
name: "Universal: Auto Version Bump"
on:
push:
branches:
- dev
- rc
- 'feature/**'
- 'patch/**'
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
permissions:
contents: write
jobs:
bump:
name: Version Bump
runs-on: release
if: >-
!contains(github.event.head_commit.message, '[skip ci]') &&
!contains(github.event.head_commit.message, '[skip bump]') &&
!startsWith(github.event.head_commit.message, 'Merge pull request') &&
!startsWith(github.event.repository.name, 'Template-')
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
token: ${{ secrets.MOKOGITEA_TOKEN }}
fetch-depth: 1
- name: Setup mokocli tools
run: |
if ! command -v composer &> /dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer >/dev/null 2>&1
fi
if [ -d "/opt/mokocli/cli" ]; then
echo "MOKO_CLI=/opt/mokocli/cli" >> "$GITHUB_ENV"
else
git clone --depth 1 --branch main --quiet \
"https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/MokoConsulting/MokoCLI.git" \
/tmp/mokocli
cd /tmp/mokocli && composer install --no-dev --no-interaction --quiet
echo "MOKO_CLI=/tmp/mokocli/cli" >> "$GITHUB_ENV"
fi
- name: Bump version
run: |
php ${MOKO_CLI}/version_auto_bump.php \
--path . --branch "${GITHUB_REF_NAME}" \
--token "${{ secrets.MOKOGITEA_TOKEN }}" \
--repo-url "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
+72 -41
View File
@@ -3,11 +3,11 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Release
# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/mokocli
# PATH: /templates/workflows/universal/auto-release.yml.template
# VERSION: 05.00.00
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/auto-release.yml
# VERSION: 05.01.00
# BRIEF: Universal build & release detects platform from manifest.xml
#
# +=======================================================================+
@@ -27,7 +27,7 @@ name: "Universal: Build & Release"
on:
pull_request:
types: [opened, closed]
types: [opened, synchronize, closed]
branches:
- main
paths-ignore:
@@ -52,7 +52,7 @@ on:
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
GITEA_ORG: ${{ vars.GITEA_ORG || github.repository_owner }}
GITEA_REPO: ${{ vars.GITEA_REPO || github.event.repository.name }}
@@ -64,9 +64,14 @@ jobs:
promote-rc:
name: Promote to RC
runs-on: release
# Skip on template repos (Template-*) — they scaffold other repos and do not release.
if: >-
(github.event.action == 'opened' && github.event.pull_request.merged != true) ||
(github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
!startsWith(github.event.repository.name, 'Template-') &&
(
(github.event.action == 'opened' && github.event.pull_request.merged != true) ||
(github.event.action == 'synchronize' && github.event.pull_request.merged != true) ||
(github.event_name == 'workflow_dispatch' && inputs.action == 'promote-rc')
)
steps:
- name: Checkout repository
@@ -74,6 +79,7 @@ jobs:
with:
token: ${{ secrets.MOKOGITEA_TOKEN }}
fetch-depth: 1
submodules: recursive
- name: Setup mokocli tools
env:
@@ -89,7 +95,7 @@ jobs:
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
fi
rm -rf /tmp/mokocli
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokocli.git
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
cd /tmp/mokocli
composer install --no-dev --no-interaction --quiet
@@ -98,18 +104,46 @@ jobs:
- name: Rename branch to rc
run: |
php ${MOKO_CLI}/branch_rename.php \
--from "${{ github.event.pull_request.head.ref || 'dev' }}" --to rc \
--token "${{ secrets.MOKOGITEA_TOKEN }}" \
--api-base "${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" \
--pr "${{ github.event.pull_request.number }}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
AUTH="Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}"
FROM="${{ github.event.pull_request.head.ref || 'dev' }}"
PR="${{ github.event.pull_request.number }}"
# Resolve the source branch HEAD commit.
SRC_JSON=$(curl -sf -H "$AUTH" "${API_BASE}/branches/${FROM}") \
|| { echo "::error::Source branch ${FROM} not found"; exit 1; }
SRC_SHA=$(printf '%s' "$SRC_JSON" | python3 -c "import sys, json; print(json.load(sys.stdin)['commit']['id'])" 2>/dev/null || true)
[ -n "$SRC_SHA" ] || { echo "::error::Could not resolve HEAD of ${FROM}"; exit 1; }
# Point rc at the source commit. If rc already exists (a protected branch that
# cannot be deleted), force-update its ref in place instead of delete+recreate:
# deleting a protected branch fails, which then makes the recreate return HTTP 409.
if curl -sf -o /dev/null -H "$AUTH" "${API_BASE}/branches/rc"; then
echo "rc exists - force-updating to ${FROM} (${SRC_SHA})"
curl -sf -X PATCH -H "$AUTH" -H "Content-Type: application/json" \
"${API_BASE}/git/refs/heads/rc" -d "{\"sha\":\"${SRC_SHA}\",\"force\":true}" \
|| { echo "::error::Failed to force-update rc (CI token needs force-push on the protected rc branch)"; exit 1; }
else
echo "Creating rc from ${FROM}"
curl -sf -X POST -H "$AUTH" -H "Content-Type: application/json" \
"${API_BASE}/branches" -d "{\"new_branch_name\":\"rc\",\"old_branch_name\":\"${FROM}\"}" \
|| { echo "::error::Failed to create rc from ${FROM}"; exit 1; }
fi
# Repoint the PR at rc, then delete the old source branch (non-fatal).
if [ -n "$PR" ]; then
curl -s -X PATCH -H "$AUTH" -H "Content-Type: application/json" \
"${API_BASE}/pulls/${PR}" -d '{"head":"rc"}' >/dev/null || true
fi
curl -s -X DELETE -H "$AUTH" "${API_BASE}/branches/${FROM}" >/dev/null || true
echo "Renamed ${FROM} -> rc"
- name: Checkout rc and configure git
run: |
git fetch origin rc
git checkout rc
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "gitea-actions[bot]"
git config --local user.email "mokogitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "mokogitea-actions[bot]"
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
- name: Publish RC release
@@ -120,7 +154,7 @@ jobs:
- name: Update RC release notes from CHANGELOG.md
run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
# Extract [Unreleased] section from changelog
@@ -162,9 +196,13 @@ jobs:
release:
name: Build & Release Pipeline
runs-on: release
# Skip on template repos (Template-*) — they scaffold other repos and do not release.
if: >-
github.event.pull_request.merged == true ||
(github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
!startsWith(github.event.repository.name, 'Template-') &&
(
github.event.pull_request.merged == true ||
(github.event_name == 'workflow_dispatch' && inputs.action != 'promote-rc')
)
steps:
- name: Checkout repository
@@ -172,11 +210,12 @@ jobs:
with:
token: ${{ secrets.MOKOGITEA_TOKEN }}
fetch-depth: 0
submodules: recursive
- name: Configure git for bot pushes
run: |
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "gitea-actions[bot]"
git config --local user.email "mokogitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "mokogitea-actions[bot]"
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
- name: Check for merge conflict markers
@@ -207,7 +246,7 @@ jobs:
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
fi
rm -rf /tmp/mokocli
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokocli.git
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
cd /tmp/mokocli
composer install --no-dev --no-interaction --quiet
@@ -268,7 +307,7 @@ jobs:
!startsWith(steps.platform.outputs.platform, 'joomla')
run: |
VERSION="${{ steps.version.outputs.version }}"
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
SEMVER_TAG="v${VERSION}"
@@ -293,7 +332,7 @@ jobs:
- name: Update release notes and promote changelog
run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
# Get the stable release info (version and ID)
@@ -362,7 +401,7 @@ jobs:
VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
GH_REPO="${{ vars.GH_MIRROR_REPO || github.repository }}"
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
php ${MOKO_CLI}/release_mirror.php \
--version "$VERSION" --tag "$RELEASE_TAG" \
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "$API_BASE" \
@@ -387,11 +426,11 @@ jobs:
&& echo "main branch pushed to GitHub mirror" \
|| echo "WARNING: GitHub mirror push failed"
- name: "Step 11: Delete rc branch and recreate dev from main"
- name: "Step 11: Delete rc branch (dev reset moved to cascade-dev.yml)"
if: steps.version.outputs.skip != 'true'
continue-on-error: true
run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
# Delete rc branch (ephemeral — created by promote-rc)
@@ -399,23 +438,15 @@ jobs:
"${API_BASE}/branches/rc" 2>/dev/null \
&& echo "Deleted rc branch" || echo "rc branch not found"
# Delete dev branch
curl -sf -X DELETE -H "Authorization: token ${TOKEN}" \
"${API_BASE}/branches/dev" 2>/dev/null && echo "Deleted dev branch"
# Recreate dev from main (now includes version bump + changelog promotion)
curl -sf -X POST -H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
"${API_BASE}/branches" \
-d '{"new_branch_name":"dev","old_branch_name":"main"}' 2>/dev/null && echo "Recreated dev from main"
echo "Pre-release branches cleaned, dev reset from main" >> $GITHUB_STEP_SUMMARY
# dev is reset from main by the dedicated "Cascade Main -> Dev" workflow
# (cascade-dev.yml), which runs after this release completes.
echo "rc cleaned; dev reset handled by cascade-dev.yml" >> $GITHUB_STEP_SUMMARY
- name: "Step 12: Create version branch from main"
if: steps.version.outputs.skip != 'true'
continue-on-error: true
run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
VERSION="${{ steps.bump.outputs.version || steps.version.outputs.version }}"
BRANCH_NAME="version/${VERSION}"
@@ -436,7 +467,7 @@ jobs:
if: steps.version.outputs.skip != 'true'
continue-on-error: true
run: |
API_BASE="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
API_BASE="${MOKOGITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}"
php ${MOKO_CLI}/version_reset_dev.php \
--token "${{ secrets.MOKOGITEA_TOKEN }}" --api-base "${API_BASE}" \
--branch dev --path . 2>&1 || true
@@ -462,5 +493,5 @@ jobs:
echo "| Version | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Branch | \`${{ steps.version.outputs.branch }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Tag | \`${{ steps.version.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Release | [View](${GITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
echo "| Release | [View](${MOKOGITEA_URL}/${GITEA_ORG}/${GITEA_REPO}/releases/tag/${{ steps.version.outputs.tag }}) |" >> $GITHUB_STEP_SUMMARY
fi
+4 -3
View File
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: MokoStandards.Universal
# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/branch-cleanup.yml
# VERSION: 01.00.00
# BRIEF: Delete feature branches after PR merge
@@ -33,7 +33,8 @@ jobs:
run: |
BRANCH="${{ github.event.pull_request.head.ref }}"
API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
# URL-encode the branch name's slashes (no PHP dependency on the runner)
ENCODED=$(printf '%s' "${BRANCH}" | sed 's|/|%2F|g')
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
-H "Authorization: token ${{ secrets.MOKOGITEA_TOKEN }}" \
+103 -7
View File
@@ -1,10 +1,106 @@
# DISABLED — auto-release Step 11 recreates dev from main after every release.
# Cascade-dev is redundant and causes version conflicts when both main and dev
# have different version numbers in templateDetails.xml / manifest.xml.
name: "Cascade Main → Dev (DISABLED)"
on: workflow_dispatch
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: MokoGitea.Workflow
# INGROUP: MokoStandards.Cascade
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/cascade-dev.yml
# VERSION: 02.00.00
# BRIEF: Cascade main -> dev via PR; auto-merge only if conflict-free, else notify
name: "Cascade Main -> Dev"
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: write
pull-requests: write
env:
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
# ntfy destination is configured via repo or org variables (org vars are inherited).
NTFY_URL: ${{ vars.NTFY_URL || 'https://ntfy.mokoconsulting.tech' }}
NTFY_TOPIC: ${{ vars.CASCADE_NTFY_TOPIC || vars.NTFY_TOPIC || 'gitea-releases' }}
jobs:
noop:
cascade:
name: Cascade main -> dev
runs-on: ubuntu-latest
steps:
- run: echo "Cascade disabled — auto-release handles dev recreation"
- name: Open main -> dev PR (auto-merge if clean, else notify)
env:
TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
REPO: ${{ github.repository }}
run: |
set -uo pipefail
API="${MOKOGITEA_URL}/api/v1/repos/${REPO}"
AUTH="Authorization: token ${TOKEN}"
jqnum() { python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('$1',''))" 2>/dev/null; }
# 0. dev must exist
if ! curl -sf -H "$AUTH" "${API}/branches/dev" >/dev/null 2>&1; then
echo "No dev branch - nothing to cascade."; exit 0
fi
# 1. is main ahead of dev?
AHEAD=$(curl -sf -H "$AUTH" "${API}/compare/dev...main" \
| python3 -c "import sys,json; print(json.load(sys.stdin).get('total_commits',0))" 2>/dev/null || echo 0)
if [ "${AHEAD:-0}" -eq 0 ]; then
echo "dev already up to date with main."; exit 0
fi
echo "main is ${AHEAD} commit(s) ahead of dev."
# 2. reuse an open main->dev PR, else create one
PR=$(curl -sf -H "$AUTH" "${API}/pulls?state=open&base=dev" \
| python3 -c "import sys,json; d=json.load(sys.stdin); print(next((str(p['number']) for p in d if p.get('head',{}).get('ref')=='main'), ''))" 2>/dev/null || echo "")
if [ -z "$PR" ]; then
RESP=$(curl -s -H "$AUTH" -H "Content-Type: application/json" -X POST "${API}/pulls" \
-d '{"head":"main","base":"dev","title":"chore(sync): cascade main -> dev","body":"Automated cascade of main into dev. Auto-merges only if conflict-free; otherwise left open for manual resolution."}')
PR=$(printf '%s' "$RESP" | jqnum number)
if [ -z "$PR" ]; then
echo "::warning::Could not open cascade PR: $RESP"; exit 0
fi
echo "Opened cascade PR #${PR}"
else
echo "Reusing open cascade PR #${PR}"
fi
# 3. wait for MokoGitea to compute mergeability (conflict detection)
MERGEABLE=""
for _ in 1 2 3 4 5 6; do
MERGEABLE=$(curl -sf -H "$AUTH" "${API}/pulls/${PR}" | jqnum mergeable)
case "$MERGEABLE" in True|False) break ;; esac
sleep 3
done
echo "mergeable=${MERGEABLE}"
notify() {
curl -sS \
-H "Title: ${REPO}: dev cascade needs manual merge" \
-H "Tags: warning,twisted_rightwards_arrows" \
-H "Priority: high" \
-H "Click: ${MOKOGITEA_URL}/${REPO}/pulls/${PR}" \
-d "main -> dev cascade PR #${PR} $1 It was NOT auto-merged; resolve it manually." \
"${NTFY_URL}/${NTFY_TOPIC}" || true
}
# 4. auto-merge only if conflict-free; otherwise notify
if [ "$MERGEABLE" = "True" ]; then
CODE=$(curl -s -o /tmp/merge.json -w "%{http_code}" -H "$AUTH" -H "Content-Type: application/json" \
-X POST "${API}/pulls/${PR}/merge" -d '{"Do":"merge","merge_when_checks_succeed":true}')
if [ "$CODE" -ge 200 ] && [ "$CODE" -lt 300 ]; then
echo "Cascade PR #${PR} merged (or scheduled to merge when checks pass)."
else
echo "::warning::Auto-merge returned HTTP ${CODE}: $(cat /tmp/merge.json)"
notify "could not be auto-merged (HTTP ${CODE})."
fi
else
echo "::warning::Cascade PR #${PR} has conflicts (mergeable=${MERGEABLE}); sending notification."
notify "has conflicts and cannot be merged automatically."
fi
+13 -2
View File
@@ -3,16 +3,22 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: MokoStandards.CI
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.gitea/workflows/ci-generic.yml
# PATH: /.mokogitea/workflows/ci-generic.yml
# VERSION: 01.00.00
# BRIEF: CI pipeline — lint, validate, and test for generic projects (PHP + Node.js)
name: "Generic: Project CI"
on:
pull_request:
branches:
- main
- dev
- dev/**
- rc/**
workflow_dispatch:
permissions:
@@ -26,6 +32,8 @@ jobs:
lint:
name: Lint & Validate
runs-on: ubuntu-latest
# Skip on template repos (Template-*) — they hold placeholder scaffolding, not buildable source.
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
steps:
- name: Checkout
@@ -124,6 +132,9 @@ jobs:
name: Tests
runs-on: ubuntu-latest
needs: lint
# Run only when lint succeeded; always() forces evaluation so a skipped
# lint (e.g. template repos) skips this job cleanly instead of hanging.
if: ${{ always() && needs.lint.result == 'success' }}
steps:
- name: Checkout
@@ -0,0 +1,68 @@
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Universal
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/ci-issue-reporter.yml
# VERSION: 01.00.00
# BRIEF: Reusable workflow — creates/updates a MokoGitea issue when a CI gate fails.
# Clones MokoCLI and runs cli/ci_issue_reporter.sh.
name: "Universal: CI Issue Reporter"
on:
workflow_call:
inputs:
gate:
description: "CI gate name (e.g. PR Validation, Repository Health)"
required: true
type: string
details:
description: "Human-readable failure description"
required: true
type: string
severity:
description: "error or warning"
required: false
type: string
default: "error"
workflow:
description: "Workflow name for the issue title"
required: false
type: string
default: ""
secrets:
MOKOGITEA_TOKEN:
required: true
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
report:
name: "Report: ${{ inputs.gate }}"
runs-on: ubuntu-latest
steps:
- name: Clone MokoCLI
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
git clone --depth 1 --filter=blob:none --sparse "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
cd /tmp/mokocli && git sparse-checkout set cli/ci_issue_reporter.sh
- name: Report CI failure
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
run: |
chmod +x /tmp/mokocli/cli/ci_issue_reporter.sh
/tmp/mokocli/cli/ci_issue_reporter.sh \
--gate "${{ inputs.gate }}" \
--details "${{ inputs.details }}" \
--severity "${{ inputs.severity }}" \
--workflow "${{ inputs.workflow }}"
+13 -13
View File
@@ -3,10 +3,10 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: MokoStandards.Maintenance
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
# PATH: /.gitea/workflows/cleanup.yml
# PATH: /.mokogitea/workflows/cleanup.yml
# VERSION: 01.00.00
# BRIEF: Scheduled cleanup — delete merged branches and old workflow runs
@@ -21,7 +21,7 @@ permissions:
contents: write
env:
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
jobs:
cleanup:
@@ -33,30 +33,30 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GA_TOKEN }}
token: ${{ secrets.MOKOGITEA_TOKEN }}
- name: Delete merged branches
env:
GA_TOKEN: ${{ secrets.GA_TOKEN }}
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
echo "=== Merged Branch Cleanup ==="
API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
# List branches via API
BRANCHES=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
BRANCHES=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${API}/branches?limit=50" | jq -r '.[].name')
DELETED=0
for BRANCH in $BRANCHES; do
# Skip protected branches
case "$BRANCH" in
main|master|develop|release/*|hotfix/*) continue ;;
main|master|dev|develop|rc|beta|alpha|release|release/*|production|stable|staging|hotfix/*|version/*) continue ;;
esac
# Check if branch is merged into main
if git merge-base --is-ancestor "origin/${BRANCH}" origin/main 2>/dev/null; then
echo " Deleting merged branch: ${BRANCH}"
curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${API}/branches/${BRANCH}" 2>/dev/null || true
DELETED=$((DELETED + 1))
fi
@@ -66,20 +66,20 @@ jobs:
- name: Clean old workflow runs
env:
GA_TOKEN: ${{ secrets.GA_TOKEN }}
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
echo "=== Workflow Run Cleanup ==="
API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
CUTOFF=$(date -d "30 days ago" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -v-30d +%Y-%m-%dT%H:%M:%SZ)
# Get old completed runs
RUNS=$(curl -sS -H "Authorization: token ${GA_TOKEN}" \
RUNS=$(curl -sS -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${API}/actions/runs?status=completed&limit=50" | \
jq -r ".workflow_runs[] | select(.created_at < \"${CUTOFF}\") | .id" 2>/dev/null)
DELETED=0
for RUN_ID in $RUNS; do
curl -sS -X DELETE -H "Authorization: token ${GA_TOKEN}" \
curl -sS -X DELETE -H "Authorization: token ${MOKOGITEA_TOKEN}" \
"${API}/actions/runs/${RUN_ID}" 2>/dev/null || true
DELETED=$((DELETED + 1))
done
-126
View File
@@ -1,126 +0,0 @@
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# INGROUP: MokoStandards.Deploy
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
# PATH: /templates/workflows/joomla/deploy-manual.yml.template
# VERSION: 04.07.00
# BRIEF: Manual SFTP deploy to dev server for Joomla repos
name: "Universal: Deploy to Dev (Manual)"
on:
workflow_dispatch:
inputs:
clear_remote:
description: 'Delete all remote files before uploading'
required: false
default: 'false'
type: boolean
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
permissions:
contents: read
jobs:
deploy:
name: SFTP Deploy to Dev
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup PHP
run: |
php -v && composer --version
- name: Setup MokoStandards tools
env:
GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
MOKO_CLONE_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
MOKO_CLONE_HOST: ${{ secrets.GA_TOKEN && 'git.mokoconsulting.tech/MokoConsulting' || 'github.com/mokoconsulting-tech' }}
COMPOSER_AUTH: '{"github-oauth":{"github.com":"${{ secrets.GA_TOKEN || github.token }}"}}'
run: |
git clone --depth 1 --branch main --quiet \
"https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoStandards-API.git" \
/tmp/mokostandards-api 2>/dev/null || true
if [ -d "/tmp/mokostandards-api" ] && [ -f "/tmp/mokostandards-api/composer.json" ]; then
cd /tmp/mokostandards-api && composer install --no-dev --no-interaction --quiet 2>/dev/null || true
fi
- name: Check FTP configuration
id: check
env:
HOST: ${{ vars.DEV_FTP_HOST }}
PATH_VAR: ${{ vars.DEV_FTP_PATH }}
PORT: ${{ vars.DEV_FTP_PORT }}
run: |
if [ -z "$HOST" ] || [ -z "$PATH_VAR" ]; then
echo "DEV_FTP_HOST or DEV_FTP_PATH not configured -- cannot deploy"
echo "skip=true" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "skip=false" >> "$GITHUB_OUTPUT"
echo "host=$HOST" >> "$GITHUB_OUTPUT"
REMOTE="${PATH_VAR%/}"
echo "remote=$REMOTE" >> "$GITHUB_OUTPUT"
[ -z "$PORT" ] && PORT="22"
echo "port=$PORT" >> "$GITHUB_OUTPUT"
- name: Deploy via SFTP
if: steps.check.outputs.skip != 'true'
env:
SFTP_KEY: ${{ secrets.DEV_FTP_KEY }}
SFTP_PASS: ${{ secrets.DEV_FTP_PASSWORD }}
SFTP_USER: ${{ vars.DEV_FTP_USERNAME }}
run: |
SOURCE_DIR="src"
[ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
[ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ -- nothing to deploy"; exit 0; }
printf '{"host":"%s","port":%s,"username":"%s","remotePath":"%s"' \
"${{ steps.check.outputs.host }}" "${{ steps.check.outputs.port }}" "$SFTP_USER" "${{ steps.check.outputs.remote }}" \
> /tmp/sftp-config.json
if [ -n "$SFTP_KEY" ]; then
echo "$SFTP_KEY" > /tmp/deploy_key
chmod 600 /tmp/deploy_key
printf ',"privateKeyPath":"/tmp/deploy_key"}' >> /tmp/sftp-config.json
else
printf ',"password":"%s"}' "$SFTP_PASS" >> /tmp/sftp-config.json
fi
DEPLOY_ARGS=(--path . --src-dir "$SOURCE_DIR" --config /tmp/sftp-config.json)
[ "${{ inputs.clear_remote }}" = "true" ] && DEPLOY_ARGS+=(--clear-remote)
PLATFORM=$(php /tmp/mokostandards-api/cli/platform_detect.php --path . 2>/dev/null || true)
if [ "$PLATFORM" = "waas-component" ] && [ -f "/tmp/mokostandards-api/deploy/deploy-joomla.php" ]; then
php /tmp/mokostandards-api/deploy/deploy-joomla.php "${DEPLOY_ARGS[@]}"
else
php /tmp/mokostandards-api/deploy/deploy-sftp.php "${DEPLOY_ARGS[@]}"
fi
rm -f /tmp/deploy_key /tmp/sftp-config.json
- name: Summary
if: always()
run: |
if [ "${{ steps.check.outputs.skip }}" = "true" ]; then
echo "### Deploy Skipped -- FTP not configured" >> $GITHUB_STEP_SUMMARY
else
echo "### Manual Dev Deploy Complete" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| Host | \`${{ steps.check.outputs.host }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Remote | \`${{ steps.check.outputs.remote }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| Clear | ${{ inputs.clear_remote }} |" >> $GITHUB_STEP_SUMMARY
fi
+3 -3
View File
@@ -3,10 +3,10 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: MokoStandards.Security
# REPO: https://git.mokoconsulting.tech/mokoconsulting-tech/MokoStandards-API
# PATH: /templates/workflows/gitleaks.yml.template
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
# PATH: /.mokogitea/workflows/gitleaks.yml
# VERSION: 01.00.00
# BRIEF: Secret scanning — detect leaked credentials, API keys, and tokens
#
+4 -4
View File
@@ -19,7 +19,7 @@ permissions:
issues: write
env:
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
MOKOGITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
jobs:
create-branch:
@@ -28,8 +28,8 @@ jobs:
steps:
- name: Create branch and comment
run: |
TOKEN="${{ secrets.GA_TOKEN }}"
API="${GITEA_URL}/api/v1/repos/${{ github.repository }}"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
API="${MOKOGITEA_URL}/api/v1/repos/${{ github.repository }}"
ISSUE_NUM="${{ github.event.issue.number }}"
ISSUE_TITLE="${{ github.event.issue.title }}"
@@ -58,7 +58,7 @@ jobs:
echo "Created branch: ${BRANCH}"
# Comment on issue with branch link
REPO_URL="${GITEA_URL}/${{ github.repository }}"
REPO_URL="${MOKOGITEA_URL}/${{ github.repository }}"
BODY="Branch created: [\`${BRANCH}\`](${REPO_URL}/src/branch/${BRANCH})\n\n\`\`\`bash\ngit fetch origin\ngit checkout ${BRANCH}\n\`\`\`"
curl -sf -X POST \
+4 -4
View File
@@ -6,7 +6,7 @@
# DEFGROUP: Gitea.Workflow
# INGROUP: MokoStandards.Notifications
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
# PATH: /.gitea/workflows/notify.yml
# PATH: /.mokogitea/workflows/notify.yml
# VERSION: 01.00.00
# BRIEF: Push notifications via ntfy on release success or workflow failure
@@ -15,9 +15,9 @@ name: "Universal: Notifications"
on:
workflow_run:
workflows:
- "Joomla Build & Release"
- "Joomla Extension CI"
- "Deploy"
- "Universal: Build & Release"
- "Joomla: Extension CI"
- "Generic: Project CI"
types:
- completed
File diff suppressed because it is too large Load Diff
+18 -9
View File
@@ -3,11 +3,11 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Release
# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
# PATH: /templates/workflows/universal/pre-release.yml.template
# VERSION: 05.01.00
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/pre-release.yml
# VERSION: 05.02.00
# BRIEF: Auto pre-release on push to dev/alpha/beta/rc branches
name: "Universal: Pre-Release"
@@ -48,9 +48,13 @@ jobs:
build:
name: "Build Pre-Release (${{ inputs.stability || github.ref_name }})"
runs-on: release
# Skip on template repos (Template-*) — they scaffold other repos and do not release.
if: >-
github.event_name == 'workflow_dispatch' ||
github.event_name == 'push'
!startsWith(github.event.repository.name, 'Template-') &&
(
github.event_name == 'workflow_dispatch' ||
github.event_name == 'push'
)
steps:
- name: Checkout
@@ -59,6 +63,11 @@ jobs:
fetch-depth: 0
token: ${{ secrets.MOKOGITEA_TOKEN }}
ref: ${{ github.ref_name }}
submodules: recursive
- name: Update submodules to main
run: |
git submodule foreach --quiet 'git checkout main && git pull --quiet origin main' 2>/dev/null || true
- name: Setup mokocli tools
env:
@@ -75,7 +84,7 @@ jobs:
sudo apt-get update -qq && sudo apt-get install -y -qq php-cli php-mbstring php-xml php-zip php-curl composer > /dev/null 2>&1
fi
rm -rf /tmp/mokocli
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/mokocli.git
CLONE_URL=https://x-access-token:${MOKO_CLONE_TOKEN}@${MOKO_CLONE_HOST}/MokoCLI.git
git clone --depth 1 --branch main --quiet $CLONE_URL /tmp/mokocli
cd /tmp/mokocli && composer install --no-dev --no-interaction --quiet
echo MOKO_CLI=/tmp/mokocli/cli >> $GITHUB_ENV
@@ -147,8 +156,8 @@ jobs:
fi
# Commit version bump
git config --local user.email "gitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "gitea-actions[bot]"
git config --local user.email "mokogitea-actions[bot]@mokoconsulting.tech"
git config --local user.name "mokogitea-actions[bot]"
git remote set-url origin "https://x-access-token:${{ secrets.MOKOGITEA_TOKEN }}@git.mokoconsulting.tech/${{ github.repository }}.git"
git add -A
git diff --cached --quiet || {
+22 -16
View File
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Universal
# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/rc-revert.yml
# VERSION: 09.23.00
# BRIEF: Rename rc/ branch back to dev/ when PR is closed without merge
@@ -25,16 +25,25 @@ jobs:
runs-on: ubuntu-latest
if: >-
github.event.pull_request.merged == false &&
startsWith(github.event.pull_request.head.ref, 'rc/')
startsWith(github.event.pull_request.head.ref, 'rc/') &&
!startsWith(github.event.repository.name, 'Template-')
steps:
- name: Rename branch
env:
BRANCH: ${{ github.event.pull_request.head.ref }}
REPO: ${{ github.repository }}
GITEA_URL: ${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}
TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
BRANCH="${{ github.event.pull_request.head.ref }}"
set -euo pipefail
# BRANCH is attacker-controlled (PR head ref). Strict allowlist before ANY use.
if ! printf '%s' "$BRANCH" | grep -Eq '^rc/[A-Za-z0-9._/-]+$'; then
echo "::error::Refusing unsafe branch name: $BRANCH"; exit 1
fi
SUFFIX="${BRANCH#rc/}"
DEV_BRANCH="dev/${SUFFIX}"
API="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}/api/v1/repos/${{ github.repository }}/branches"
TOKEN="${{ secrets.MOKOGITEA_TOKEN }}"
API="${GITEA_URL}/api/v1/repos/${REPO}/branches"
# Create dev/ branch from rc/ branch
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X POST \
@@ -42,25 +51,22 @@ jobs:
-H "Content-Type: application/json" \
-d "{\"new_branch_name\": \"${DEV_BRANCH}\", \"old_branch_name\": \"${BRANCH}\"}" \
"${API}" 2>/dev/null || true)
if [ "$STATUS" = "201" ]; then
echo "Created branch: ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
echo "Created branch: ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
else
echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"
exit 1
echo "::error::Failed to create ${DEV_BRANCH} from ${BRANCH} (HTTP ${STATUS})"; exit 1
fi
# Delete rc/ branch
ENCODED=$(php -r "echo rawurlencode('${BRANCH}');")
# Read BRANCH from the environment inside PHP (getenv, no string interpolation -> no PHP injection)
ENCODED=$(php -r 'echo rawurlencode(getenv("BRANCH"));')
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" -X DELETE \
-H "Authorization: token ${TOKEN}" \
"${API}/${ENCODED}" 2>/dev/null || true)
if [ "$STATUS" = "204" ]; then
echo "Deleted branch: ${BRANCH}" >> $GITHUB_STEP_SUMMARY
echo "Deleted branch: ${BRANCH}" >> "$GITHUB_STEP_SUMMARY"
else
echo "::warning::Failed to delete ${BRANCH} (HTTP ${STATUS})"
fi
echo "### RC Reverted" >> $GITHUB_STEP_SUMMARY
echo "${BRANCH} → ${DEV_BRANCH}" >> $GITHUB_STEP_SUMMARY
echo "### RC Reverted" >> "$GITHUB_STEP_SUMMARY"
echo "${BRANCH} → ${DEV_BRANCH}" >> "$GITHUB_STEP_SUMMARY"
File diff suppressed because it is too large Load Diff
+32
View File
@@ -0,0 +1,32 @@
name: Sync Workflows to Repos
on:
push:
branches:
- main
paths:
- '.mokogitea/workflows/**'
jobs:
sync:
runs-on: ubuntu-latest
if: ${{ startsWith(github.event.repository.name, 'Template-') }}
steps:
- name: Checkout mokocli
uses: actions/checkout@v4
with:
repository: MokoConsulting/MokoCLI
token: ${{ secrets.MOKOGITEA_TOKEN }}
- name: Setup PHP
uses: https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/raw/branch/main/actions/setup-php@v1
with:
php-version: '8.1'
- name: Install dependencies
run: composer install --no-dev --no-interaction
- name: Sync workflows to generic repos
run: php automation/bulk_sync.php --platform generic --org MokoConsulting --workflows-only --auto-merge --token "${{ secrets.MOKOGITEA_TOKEN }}"
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
+131
View File
@@ -0,0 +1,131 @@
# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: MokoGitea.Workflow.Template
# INGROUP: MokoStandards.CI
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Joomla
# PATH: /.mokogitea/workflows/version-set.yml
# VERSION: 01.00.00
# BRIEF: Set or reset the extension version across all version-bearing files
name: "Joomla: Set Version"
on:
workflow_dispatch:
inputs:
version:
description: "Version number (e.g. 01.00.00)"
required: true
type: string
branch:
description: "Branch to update (default: current)"
required: false
type: string
permissions:
contents: write
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
set-version:
name: Set Version to ${{ inputs.version }}
runs-on: ubuntu-latest
if: ${{ !startsWith(github.event.repository.name, 'Template-') }}
steps:
- name: Validate version format
run: |
VERSION="${{ inputs.version }}"
if ! echo "$VERSION" | grep -qP '^\d{2}\.\d{2}\.\d{2}$'; then
echo "::error::Invalid version format '${VERSION}' — expected XX.YY.ZZ (e.g. 01.00.00)"
exit 1
fi
echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.MOKOGITEA_TOKEN || github.token }}
ref: ${{ inputs.branch || github.ref }}
fetch-depth: 1
- name: Update manifest version
run: |
MANIFEST=""
for XML_FILE in $(find . -maxdepth 3 -name "*.xml" -not -path "./.git/*" -not -path "./vendor/*"); do
if grep -q "<extension" "$XML_FILE" 2>/dev/null; then
MANIFEST="$XML_FILE"
break
fi
done
if [ -z "$MANIFEST" ]; then
echo "::warning::No Joomla extension manifest found — skipping manifest update"
else
OLD_VER=$(grep -oP '<version>\K[^<]+' "$MANIFEST" | head -1)
sed -i "s|<version>${OLD_VER}</version>|<version>${VERSION}</version>|" "$MANIFEST"
echo "Manifest: ${OLD_VER} → ${VERSION} (${MANIFEST})"
fi
- name: Update README.md version
run: |
if [ -f "README.md" ]; then
if grep -qP '^\s*VERSION:\s*\d' README.md; then
sed -i -E "s/(VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" README.md
echo "README.md version updated to ${VERSION}"
else
echo "::warning::No VERSION line found in README.md — skipping"
fi
fi
- name: Update CHANGELOG.md
run: |
if [ -f "CHANGELOG.md" ]; then
DATE=$(date +%Y-%m-%d)
# Check if this version already has an entry
if grep -q "^\#\# \[${VERSION}\]" CHANGELOG.md; then
echo "CHANGELOG.md already has entry for ${VERSION} — skipping"
else
# Insert new version entry after [Unreleased] or at the top after header
if grep -q '^\#\# \[Unreleased\]' CHANGELOG.md; then
sed -i "/^\#\# \[Unreleased\]/a\\\\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
else
sed -i "/^\# Changelog/a\\\\n## [Unreleased]\n\n## [${VERSION}] --- ${DATE}" CHANGELOG.md
fi
echo "CHANGELOG.md: added entry for ${VERSION}"
fi
else
echo "::warning::No CHANGELOG.md found — skipping"
fi
- name: Update FILE INFORMATION blocks
run: |
# Update VERSION in file header blocks (# VERSION: XX.YY.ZZ)
find . -maxdepth 1 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.php" -o -name "*.md" \) \
-not -path "./.git/*" -not -path "./vendor/*" -print0 2>/dev/null | \
while IFS= read -r -d '' FILE; do
if head -20 "$FILE" | grep -qP '^\s*#?\s*VERSION:\s*\d{2}\.\d{2}\.\d{2}'; then
sed -i -E "s/(#?\s*VERSION:\s*)[0-9]{2}\.[0-9]{2}\.[0-9]{2}/\1${VERSION}/" "$FILE"
echo "Updated FILE INFORMATION VERSION in ${FILE}"
fi
done
- name: Commit and push
run: |
git config user.name "Moko Consulting [bot]"
git config user.email "hello@mokoconsulting.tech"
git add -A
if git diff --cached --quiet; then
echo "No version changes detected — nothing to commit"
else
git commit -m "chore: set version to ${VERSION} [skip bump]
Authored-by: Moko Consulting"
git push
echo "### Version Set" >> $GITHUB_STEP_SUMMARY
echo "Version updated to \`${VERSION}\` on branch \`${GITHUB_REF_NAME}\`" >> $GITHUB_STEP_SUMMARY
fi
+15 -6
View File
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# DEFGROUP: MokoGitea.Workflow
# INGROUP: mokocli.Universal
# REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
# REPO: https://git.mokoconsulting.tech/MokoConsulting/Template-Generic
# PATH: /.mokogitea/workflows/workflow-sync-trigger.yml
# VERSION: 01.01.00
# BRIEF: Trigger workflow sync to live repos when a PR is merged to main
@@ -13,6 +13,7 @@
name: "Universal: Workflow Sync Trigger"
on:
workflow_dispatch:
pull_request:
types: [closed]
branches:
@@ -26,8 +27,10 @@ jobs:
name: Sync workflows to live repos
runs-on: ubuntu-latest
if: >-
github.event.pull_request.merged == true &&
!contains(github.event.pull_request.title, '[skip sync]')
startsWith(github.event.repository.name, 'Template-') &&
(github.event_name == 'workflow_dispatch' ||
(github.event.pull_request.merged == true &&
!contains(github.event.pull_request.title, '[skip sync]')))
steps:
- name: Determine platform from repo name
@@ -49,8 +52,14 @@ jobs:
env:
MOKOGITEA_TOKEN: ${{ secrets.MOKOGITEA_TOKEN }}
run: |
GITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
git clone --depth 1 "${GITEA_URL}/MokoConsulting/mokocli.git" /tmp/mokocli
MOKOGITEA_URL="${{ vars.GITEA_URL || 'https://git.mokoconsulting.tech' }}"
git clone --depth 1 "${MOKOGITEA_URL}/MokoConsulting/MokoCLI.git" /tmp/mokocli
- name: Install PHP
run: |
if ! command -v php &> /dev/null; then
apt-get update -qq && apt-get install -y -qq php-cli php-json php-curl > /dev/null 2>&1
fi
- name: Install dependencies
run: |
+5 -5
View File
@@ -31,7 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `branch-cleanup.yml`: auto-delete merged feature branches after PR merge
### Changed
- **Renamed** package from `@mokoconsulting/gitea-api-mcp` to `@mokoconsulting/mokogitea-api-mcp` to distinguish Moko's forked Gitea MCP from upstream
- **Renamed** package from `@mokoconsulting/gitea-api-mcp` to `@mokoconsulting/mokogitea-api-mcp` to distinguish Moko's forked MokoGitea MCP from upstream
- **Renamed** McpServer name and bin entry to `mokogitea-api-mcp`
## [0.0.1] - 2026-05-07
@@ -51,7 +51,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `gitea_repo_fork` -- Fork a repository
- `gitea_repo_search` -- Search repositories
- `gitea_org_repos` -- List repositories in an organization
- `gitea_list_connections` -- List configured Gitea connections
- `gitea_list_connections` -- List configured MokoGitea connections
#### File Contents (5 tools)
- `gitea_file_get` -- Get file contents from a repository
@@ -133,12 +133,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `gitea_notifications_read` -- Mark all notifications as read
#### Generic (2 tools)
- `gitea_api_request` -- Make a raw API request to any Gitea v1 endpoint
- `gitea_list_connections` -- List configured Gitea connections
- `gitea_api_request` -- Make a raw API request to any MokoGitea v1 endpoint
- `gitea_list_connections` -- List configured MokoGitea connections
### Infrastructure
- Multi-connection config support via `~/.gitea-api-mcp.json`
- Token-based authentication (Gitea native `Authorization: token` header)
- Token-based authentication (MokoGitea native `Authorization: token` header)
- Built on `node:https` / `node:http` (zero HTTP dependencies)
- MCP SDK v1.12.x with stdio transport
+4 -4
View File
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code when working with this repository.
## Project Overview
**gitea-api-mcp** -- MCP server for Gitea REST API v1 operations — 61 tools for repos, issues, PRs, releases, branches, actions, orgs, wiki, webhooks, and more
**gitea-api-mcp** -- MCP server for MokoGitea REST API v1 operations — 61 tools for repos, issues, PRs, releases, branches, actions, orgs, wiki, webhooks, and more
| Field | Value |
|---|---|
@@ -13,7 +13,7 @@ This file provides guidance to Claude Code when working with this repository.
| **Default branch** | main |
| **License** | GPL-3.0-or-later |
| **Wiki** | [gitea-api-mcp Wiki](https://git.mokoconsulting.tech/MokoConsulting/gitea-api-mcp/wiki) |
| **Standards** | [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home) |
| **Standards** | [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/wiki) |
## Common Commands
@@ -39,5 +39,5 @@ This is an MCP (Model Context Protocol) server. Key files:
- **Attribution**: use `Authored-by: Moko Consulting` in commits
- **Branch strategy**: develop on `dev`, merge to `main` for release
- **Minification**: handled at build time (CI) and runtime (MokoMinifyHelper for Joomla templates)
- **Wiki**: documentation lives in the Gitea wiki, not in `docs/` files
- **Standards**: this repo follows [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)
- **Wiki**: documentation lives in the MokoGitea wiki, not in `docs/` files
- **Standards**: this repo follows [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/.mokogitea/wiki)
+1 -1
View File
@@ -34,7 +34,7 @@ feature/* ──PR──> dev ──draft PR──> (renamed to rc) ──merge
7. **Merging to main** triggers the stable release pipeline:
- Minor version bump (e.g., `02.09.xx` → `02.10.00`)
- Stability suffix stripped (clean version)
- Gitea release created with ZIP/tar.gz packages
- MokoGitea release created with ZIP/tar.gz packages
- `updates.xml` updated (Joomla extensions)
- `dev` branch recreated from `main`
+9 -9
View File
@@ -11,7 +11,7 @@ REPO: https://git.mokoconsulting.tech/MokoConsulting/gitea-api-mcp
[![Node](https://img.shields.io/badge/node-%3E%3D20.0.0-green.svg)](https://nodejs.org)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue.svg)](https://www.typescriptlang.org)
> MCP server for Gitea REST API v1 operations -- 111 tools for complete Gitea instance management from Claude Code and other MCP clients.
> MCP server for MokoGitea REST API v1 operations -- 111 tools for complete MokoGitea instance management from Claude Code and other MCP clients.
## Table of Contents
@@ -26,15 +26,15 @@ REPO: https://git.mokoconsulting.tech/MokoConsulting/gitea-api-mcp
## Background
`gitea-api-mcp` is a Model Context Protocol (MCP) server that exposes 111 tools for interacting with the Gitea REST API v1. It supports multiple named connections, allowing you to manage several Gitea instances from a single server. Authentication uses Gitea's native `Authorization: token` header format.
`gitea-api-mcp` is a Model Context Protocol (MCP) server that exposes 111 tools for interacting with the MokoGitea REST API v1. It supports multiple named connections, allowing you to manage several MokoGitea instances from a single server. Authentication uses MokoGitea's native `Authorization: token` header format.
## Install
### Prerequisites
- Node.js >= 20.0.0
- A Gitea instance with API access
- A Gitea access token (Settings > Applications > Generate Token)
- A MokoGitea instance with API access
- A MokoGitea access token (Settings > Applications > Generate Token)
### Build from Source
@@ -66,8 +66,8 @@ Create `~/.gitea-api-mcp.json`:
| Field | Type | Required | Description |
|-------|------|----------|-------------|
| `baseUrl` | string | Yes | Base URL of your Gitea instance |
| `token` | string | Yes | Gitea API access token |
| `baseUrl` | string | Yes | Base URL of your MokoGitea instance |
| `token` | string | Yes | MokoGitea API access token |
| `insecure` | boolean | No | Skip TLS verification (self-signed certs) |
Override the config path with the `GITEA_API_MCP_CONFIG` environment variable.
@@ -138,7 +138,7 @@ If `connection` is omitted, the `defaultConnection` is used.
| `gitea_repo_fork` | Fork a repository |
| `gitea_repo_search` | Search repositories |
| `gitea_org_repos` | List repositories in an organization |
| `gitea_list_connections` | List configured Gitea connections |
| `gitea_list_connections` | List configured MokoGitea connections |
### File Contents (5 tools)
@@ -273,8 +273,8 @@ If `connection` is omitted, the `defaultConnection` is used.
| Tool | Description |
|------|-------------|
| `gitea_api_request` | Make a raw API request to any Gitea v1 endpoint |
| `gitea_list_connections` | List configured Gitea connections |
| `gitea_api_request` | Make a raw API request to any MokoGitea v1 endpoint |
| `gitea_list_connections` | List configured MokoGitea connections |
## Contributing
+3 -3
View File
@@ -22,7 +22,7 @@ We will acknowledge receipt within 48 hours and provide an initial assessment wi
### Configuration File
The config file `~/.gitea-api-mcp.json` stores Gitea API tokens in plaintext. Follow these practices to protect your tokens:
The config file `~/.gitea-api-mcp.json` stores MokoGitea API tokens in plaintext. Follow these practices to protect your tokens:
#### File Permissions
@@ -43,7 +43,7 @@ On Windows, ensure the file is only readable by your user account through the fi
#### Token Scope
When generating Gitea access tokens, follow the principle of least privilege:
When generating MokoGitea access tokens, follow the principle of least privilege:
- Only grant the scopes (permissions) your workflow requires
- Use separate tokens for separate purposes or environments
@@ -52,7 +52,7 @@ When generating Gitea access tokens, follow the principle of least privilege:
#### Token Generation
1. Navigate to your Gitea instance Settings > Applications
1. Navigate to your MokoGitea instance Settings > Applications
2. Under "Manage Access Tokens," enter a token name
3. Select only the required scopes
4. Click "Generate Token"
-272
View File
@@ -1788,278 +1788,6 @@ server.tool(
},
);
// ── Organization Branch Protection (org-governance) ──────────────────────
// Shared field schema for org branch protection rulesets (create + edit).
// rule_name is supplied separately (body field on create, path param on edit).
const OrgBranchProtectionFields = {
priority: z.number().optional().describe('Rule priority (lower applies first)'),
enable_push: z.boolean().optional().describe('Allow push to matching branches'),
enable_push_whitelist: z.boolean().optional().describe('Restrict push to whitelisted teams'),
push_whitelist_teams: z.array(z.string()).optional().describe('Teams allowed to push'),
enable_force_push: z.boolean().optional().describe('Allow force push'),
enable_force_push_allowlist: z.boolean().optional().describe('Restrict force push to allowlisted teams'),
force_push_allowlist_teams: z.array(z.string()).optional().describe('Teams allowed to force push'),
enable_delete: z.boolean().optional().describe('Allow branch deletion'),
enable_delete_allowlist: z.boolean().optional().describe('Restrict deletion to allowlisted teams'),
delete_allowlist_teams: z.array(z.string()).optional().describe('Teams allowed to delete branches'),
enable_merge_whitelist: z.boolean().optional().describe('Restrict merges to whitelisted teams'),
merge_whitelist_teams: z.array(z.string()).optional().describe('Teams allowed to merge'),
enable_status_check: z.boolean().optional().describe('Require status checks to pass'),
status_check_contexts: z.array(z.string()).optional().describe('Required status check names'),
required_approvals: z.number().optional().describe('Required PR approvals (0 = none)'),
enable_approvals_whitelist: z.boolean().optional().describe('Restrict approvals to whitelisted teams'),
approvals_whitelist_teams: z.array(z.string()).optional().describe('Teams whose approvals count'),
block_on_rejected_reviews: z.boolean().optional().describe('Block merge on rejected reviews'),
block_on_official_review_requests: z.boolean().optional().describe('Block merge on pending official review requests'),
block_on_outdated_branch: z.boolean().optional().describe('Block merge when branch is behind base'),
dismiss_stale_approvals: z.boolean().optional().describe('Dismiss approvals when new commits are pushed'),
ignore_stale_approvals: z.boolean().optional().describe('Ignore stale approvals when counting'),
require_signed_commits: z.boolean().optional().describe('Require signed commits'),
protected_file_patterns: z.string().optional().describe('Protected file path patterns (glob, semicolon-separated)'),
unprotected_file_patterns: z.string().optional().describe('Unprotected file path patterns (glob, semicolon-separated)'),
block_admin_merge_override: z.boolean().optional().describe('Prevent admins from overriding merge restrictions'),
};
server.tool(
'gitea_org_branch_protections_list',
'List org-level branch protection rulesets (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/branch_protections`)),
);
server.tool(
'gitea_org_branch_protection_get',
'Get a single org-level branch protection ruleset by rule name (requires org owner)',
{
org: z.string().describe('Organization name'),
rule_name: z.string().describe('Rule name / branch pattern (e.g. "main", "release/*")'),
...ConnectionParam,
},
async ({ org, rule_name, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/branch_protections/${rule_name}`)),
);
server.tool(
'gitea_org_branch_protection_create',
'Create an org-level branch protection ruleset applied across the org (requires org owner)',
{
org: z.string().describe('Organization name'),
rule_name: z.string().describe('Rule name / branch pattern (e.g. "main", "release/*")'),
...OrgBranchProtectionFields,
...ConnectionParam,
},
async ({ org, rule_name, connection, ...fields }) => {
const body: Record<string, unknown> = { rule_name };
for (const [k, v] of Object.entries(fields)) {
if (v !== undefined) body[k] = v;
}
return formatResponse(await clientFor(connection).post(`/orgs/${org}/branch_protections`, body));
},
);
server.tool(
'gitea_org_branch_protection_edit',
'Edit an org-level branch protection ruleset (only provided fields change; requires org owner)',
{
org: z.string().describe('Organization name'),
rule_name: z.string().describe('Rule name / branch pattern of the ruleset to edit'),
...OrgBranchProtectionFields,
...ConnectionParam,
},
async ({ org, rule_name, connection, ...fields }) => {
const body: Record<string, unknown> = {};
for (const [k, v] of Object.entries(fields)) {
if (v !== undefined) body[k] = v;
}
return formatResponse(await clientFor(connection).patch(`/orgs/${org}/branch_protections/${rule_name}`, body));
},
);
server.tool(
'gitea_org_branch_protection_delete',
'Delete an org-level branch protection ruleset by rule name (requires org owner)',
{
org: z.string().describe('Organization name'),
rule_name: z.string().describe('Rule name / branch pattern of the ruleset to delete'),
...ConnectionParam,
},
async ({ org, rule_name, connection }) => formatResponse(await clientFor(connection).delete(`/orgs/${org}/branch_protections/${rule_name}`)),
);
// ── Organization Tag Protection (org-governance) ─────────────────────────
server.tool(
'gitea_org_tag_protections_list',
'List org-level tag protection rules (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/tag_protections`)),
);
server.tool(
'gitea_org_tag_protection_get',
'Get a single org-level tag protection rule by id (requires org owner)',
{
org: z.string().describe('Organization name'),
id: z.number().describe('Tag protection rule ID'),
...ConnectionParam,
},
async ({ org, id, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/tag_protections/${id}`)),
);
server.tool(
'gitea_org_tag_protection_create',
'Create an org-level tag protection rule (requires org owner)',
{
org: z.string().describe('Organization name'),
name_pattern: z.string().describe('Tag name pattern to protect (glob, e.g. "v*")'),
whitelist_teams: z.array(z.string()).optional().describe('Teams allowed to create/delete matching tags'),
...ConnectionParam,
},
async ({ org, name_pattern, whitelist_teams, connection }) => {
const body: Record<string, unknown> = { name_pattern };
if (whitelist_teams !== undefined) body.whitelist_teams = whitelist_teams;
return formatResponse(await clientFor(connection).post(`/orgs/${org}/tag_protections`, body));
},
);
server.tool(
'gitea_org_tag_protection_edit',
'Edit an org-level tag protection rule (only provided fields change; requires org owner)',
{
org: z.string().describe('Organization name'),
id: z.number().describe('Tag protection rule ID'),
name_pattern: z.string().optional().describe('Tag name pattern to protect (glob, e.g. "v*")'),
whitelist_teams: z.array(z.string()).optional().describe('Teams allowed to create/delete matching tags'),
...ConnectionParam,
},
async ({ org, id, name_pattern, whitelist_teams, connection }) => {
const body: Record<string, unknown> = {};
if (name_pattern !== undefined) body.name_pattern = name_pattern;
if (whitelist_teams !== undefined) body.whitelist_teams = whitelist_teams;
return formatResponse(await clientFor(connection).patch(`/orgs/${org}/tag_protections/${id}`, body));
},
);
server.tool(
'gitea_org_tag_protection_delete',
'Delete an org-level tag protection rule by id (requires org owner)',
{
org: z.string().describe('Organization name'),
id: z.number().describe('Tag protection rule ID'),
...ConnectionParam,
},
async ({ org, id, connection }) => formatResponse(await clientFor(connection).delete(`/orgs/${org}/tag_protections/${id}`)),
);
// ── Organization Push Policy (singleton, org-governance) ─────────────────
server.tool(
'gitea_org_push_policy_get',
'Get the organization push policy (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/push_policy`)),
);
server.tool(
'gitea_org_push_policy_edit',
'Edit the organization push policy (only provided fields change; requires org owner)',
{
org: z.string().describe('Organization name'),
branch_name_pattern: z.string().optional().describe('Allowed branch name pattern (glob)'),
tag_name_pattern: z.string().optional().describe('Allowed tag name pattern (glob)'),
require_secret_block: z.boolean().optional().describe('Block pushes containing detected secrets'),
max_file_size: z.number().optional().describe('Maximum allowed pushed file size in bytes (0 = unlimited)'),
blocked_file_patterns: z.string().optional().describe('File path patterns to block on push (glob, semicolon-separated)'),
...ConnectionParam,
},
async ({ org, connection, ...fields }) => {
const body: Record<string, unknown> = {};
for (const [k, v] of Object.entries(fields)) {
if (v !== undefined) body[k] = v;
}
return formatResponse(await clientFor(connection).patch(`/orgs/${org}/push_policy`, body));
},
);
server.tool(
'gitea_org_push_policy_delete',
'Delete (reset) the organization push policy (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).delete(`/orgs/${org}/push_policy`)),
);
// ── Organization Repo Defaults (singleton, org-governance) ───────────────
server.tool(
'gitea_org_repo_defaults_get',
'Get the organization default repository settings (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/repo_defaults`)),
);
server.tool(
'gitea_org_repo_defaults_edit',
'Edit the organization default repository settings (only provided fields change; requires org owner)',
{
org: z.string().describe('Organization name'),
force_private: z.boolean().optional().describe('Force all new repos to be private'),
apply_pr_defaults: z.boolean().optional().describe('Apply the PR merge defaults below to new repos'),
allow_merge: z.boolean().optional().describe('Allow merge commits'),
allow_rebase: z.boolean().optional().describe('Allow rebase merging'),
allow_rebase_merge: z.boolean().optional().describe('Allow rebase with merge commit'),
allow_squash: z.boolean().optional().describe('Allow squash merging'),
allow_fast_forward_only: z.boolean().optional().describe('Allow fast-forward-only merging'),
default_merge_style: z.string().optional().describe('Default merge style (merge, rebase, rebase-merge, squash, fast-forward-only)'),
delete_branch_after_merge: z.boolean().optional().describe('Delete head branch after merge by default'),
...ConnectionParam,
},
async ({ org, connection, ...fields }) => {
const body: Record<string, unknown> = {};
for (const [k, v] of Object.entries(fields)) {
if (v !== undefined) body[k] = v;
}
return formatResponse(await clientFor(connection).patch(`/orgs/${org}/repo_defaults`, body));
},
);
server.tool(
'gitea_org_repo_defaults_delete',
'Delete (reset) the organization default repository settings (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).delete(`/orgs/${org}/repo_defaults`)),
);
// ── Organization Email Domain Policy (singleton, org-governance) ─────────
server.tool(
'gitea_org_email_domain_policy_get',
'Get the organization email domain policy (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).get(`/orgs/${org}/email_domain_policy`)),
);
server.tool(
'gitea_org_email_domain_policy_edit',
'Edit the organization email domain policy (only provided fields change; requires org owner)',
{
org: z.string().describe('Organization name'),
allowed_domains: z.string().optional().describe('Allowed member email domains (comma-separated, e.g. "example.com,foo.org")'),
...ConnectionParam,
},
async ({ org, allowed_domains, connection }) => {
const body: Record<string, unknown> = {};
if (allowed_domains !== undefined) body.allowed_domains = allowed_domains;
return formatResponse(await clientFor(connection).patch(`/orgs/${org}/email_domain_policy`, body));
},
);
server.tool(
'gitea_org_email_domain_policy_delete',
'Delete (reset) the organization email domain policy (requires org owner)',
{ org: z.string().describe('Organization name'), ...ConnectionParam },
async ({ org, connection }) => formatResponse(await clientFor(connection).delete(`/orgs/${org}/email_domain_policy`)),
);
// ── Start Server ────────────────────────────────────────────────────────
async function main(): Promise<void> {