ci: v04.06 sync — retire deploy-rs, hardcode sftp denial [skip ci]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/CODEOWNERS

@@ -11,7 +11,7 @@
 # ── Synced workflows (managed by MokoStandards — do not edit manually) ────
 /.github/workflows/deploy-dev.yml                @jmiller-moko
 /.github/workflows/deploy-demo.yml               @jmiller-moko
-/.github/workflows/deploy-rs.yml                 @jmiller-moko
+/.github/workflows/deploy-manual.yml             @jmiller-moko
 /.github/workflows/auto-release.yml              @jmiller-moko
 /.github/workflows/auto-dev-issue.yml            @jmiller-moko
 /.github/workflows/auto-assign.yml               @jmiller-moko

.github/workflows/auto-assign.yml

@@ -6,7 +6,7 @@
 # INGROUP: MokoStandards.Workflows.Shared
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /.github/workflows/auto-assign.yml
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Auto-assign jmiller-moko to unassigned issues and PRs every 15 minutes
 
 name: Auto-Assign Issues & PRs

.github/workflows/auto-dev-issue.yml

@@ -9,7 +9,7 @@
 # INGROUP: MokoStandards.Automation
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/shared/auto-dev-issue.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Auto-create tracking issue with sub-issues for dev/rc branch workflow
 # NOTE: Synced via bulk-repo-sync to .github/workflows/auto-dev-issue.yml in all governed repos.
 

.github/workflows/auto-release.yml

@@ -7,7 +7,7 @@
 # INGROUP: MokoStandards.Release
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/joomla/auto-release.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Joomla build & release — ZIP package, updates.xml, SHA-256 checksum
 #
 # +========================================================================+
@@ -477,7 +477,7 @@ jobs:
           [ ! -d "$SOURCE_DIR" ] && { echo "No src/ or htdocs/ — skipping package"; exit 0; }
 
           cd "$SOURCE_DIR"
-          zip -r "/tmp/${PACKAGE_NAME}" . -x '.ftpignore'
+          zip -r "/tmp/${PACKAGE_NAME}" . -x '.ftpignore' 'sftp-config*' '*.ppk' '*.pem' '*.key' '.env*'
           cd ..
 
           FILESIZE=$(stat -c%s "/tmp/${PACKAGE_NAME}" 2>/dev/null || stat -f%z "/tmp/${PACKAGE_NAME}" 2>/dev/null || echo "unknown")

.github/workflows/changelog-validation.yml

@@ -9,7 +9,7 @@
 # INGROUP: MokoStandards.CI
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/shared/changelog-validation.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Validates CHANGELOG.md format and version consistency
 # NOTE: Deployed to .github/workflows/changelog-validation.yml in governed repos.
 

.github/workflows/ci-joomla.yml

@@ -9,7 +9,7 @@
 # INGROUP: MokoStandards.CI
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/joomla/ci-joomla.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: CI workflow for Joomla extensions — lint, validate, test
 # NOTE: Deployed to .github/workflows/ci-joomla.yml in governed Joomla extension repos.
 

.github/workflows/deploy-manual.yml

@@ -7,7 +7,7 @@
 # INGROUP: MokoStandards.Deploy
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/joomla/deploy-manual.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Manual SFTP deploy to dev server for Joomla repos
 # NOTE: Joomla repos use update.xml for distribution. This is for manual
 #       dev server testing only — triggered via workflow_dispatch.

.github/workflows/enterprise-firewall-setup.yml

@@ -22,7 +22,7 @@
 # INGROUP: MokoStandards.Firewall
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/shared/enterprise-firewall-setup.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Enterprise firewall configuration — generates outbound allow-rules including SFTP deployment server
 # NOTE: Reads DEV_FTP_HOST / DEV_FTP_PORT variables to include SFTP egress rules alongside HTTPS rules.
 

.github/workflows/repo_health.yml

@@ -10,7 +10,7 @@
 # INGROUP: MokoStandards.Validation
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /.github/workflows/repo_health.yml
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Enforces repository guardrails by validating release configuration, scripts governance, tooling availability, and core repository health artifacts.
 # NOTE: Field is user-managed.
 # ============================================================================

.github/workflows/repository-cleanup.yml

@@ -9,7 +9,7 @@
 # INGROUP: MokoStandards.Maintenance
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/shared/repository-cleanup.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Recurring repository maintenance — labels, branches, workflows, logs, doc indexes
 # NOTE: Synced via bulk-repo-sync to .github/workflows/repository-cleanup.yml in all governed repos.
 #       Runs on the 1st and 15th of each month at 6:00 AM UTC, and on manual dispatch.
@@ -154,6 +154,10 @@ jobs:
             ".github/workflows/auto-version-branch.yml"
             ".github/workflows/publish-to-mokodolibarr.yml"
             ".github/workflows/ci.yml"
+            ".github/workflows/deploy-rs.yml"
+            "sftp-config.json"
+            "sftp-config.json.template"
+            "scripts/sftp-config"
           )
 
           DELETED=0

.github/workflows/standards-compliance.yml

@@ -5,7 +5,7 @@
 # INGROUP: MokoStandards.Compliance
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /.github/workflows/standards-compliance.yml
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: MokoStandards compliance validation workflow
 # NOTE: Validates repository structure, documentation, and coding standards
 

.github/workflows/sync-version-on-merge.yml

@@ -9,7 +9,7 @@
 # INGROUP: MokoStandards.Automation
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/shared/sync-version-on-merge.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Auto-bump patch version on every push to main and propagate to all file headers
 # NOTE: Synced via bulk-repo-sync to .github/workflows/sync-version-on-merge.yml in all governed repos.
 #       README.md is the single source of truth for the repository version.

.github/workflows/update-server.yml

@@ -7,7 +7,7 @@
 # INGROUP: MokoStandards.Joomla
 # REPO: https://github.com/mokoconsulting-tech/MokoStandards
 # PATH: /templates/workflows/joomla/update-server.yml.template
-# VERSION: 03.09.03
+# VERSION: 04.06.00
 # BRIEF: Update Joomla update server XML feed with stable/rc/dev entries
 #
 # Writes updates.xml with multiple <update> entries:
@@ -165,7 +165,7 @@ jobs:
           [ ! -d "$SOURCE_DIR" ] && SOURCE_DIR="htdocs"
           if [ -d "$SOURCE_DIR" ]; then
             cd "$SOURCE_DIR"
-            zip -r "/tmp/${PACKAGE_NAME}" . -x '.ftpignore'
+            zip -r "/tmp/${PACKAGE_NAME}" . -x '.ftpignore' 'sftp-config*' '*.ppk' '*.pem' '*.key' '.env*'
             cd ..
 
             SHA256=$(sha256sum "/tmp/${PACKAGE_NAME}" | cut -d' ' -f1)