MokoConsulting/moko-platform
1
0
Fork 0
Code Issues 9 Pull Requests Actions 41 Packages Releases 4 Wiki Activity

chore: add cascade, gitleaks, renovate, and updated branch protections to definitions [skip ci]

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
2026-05-07 15:36:04 -05:00
parent 38c2536c7b
commit 2dc43603da
7 changed files with 236 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
definitions/default/client.tf
+18
View File
@@ -93,6 +93,12 @@ locals {
required = true
always_overwrite = false
},
{
name = "renovate.json"
description = "Renovate dependency management configuration"
required = true
always_overwrite = false
},
]
// NOTE: Client sites do NOT have updates.xml — they are not installable extensions
@@ -199,6 +205,18 @@ locals {
required = true
always_overwrite = true
},
{
name = "cascade-dev.yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
required = true
always_overwrite = true
},
{
name = "gitleaks.yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
required = true
always_overwrite = true
},
]
},
]
definitions/default/default-repository.json
+12 -1
View File
@@ -86,6 +86,15 @@
"description": "Build automation",
"requirementStatus": "suggested",
"audience": "developer"
},
{
"name": "renovate.json",
"extension": "json",
"description": "Renovate dependency management configuration",
"requirementStatus": "required",
"alwaysOverwrite": false,
"audience": "developer",
"template": "templates/configs/renovate.json"
}
],
"directories": [
@@ -158,7 +167,9 @@
"branch-freeze.yml",
"changelog-validation.yml",
"repository-cleanup.yml",
"sync-version-on-merge.yml"
"sync-version-on-merge.yml",
"cascade-dev.yml",
"gitleaks.yml"
]
}
]
definitions/default/dolibarr.tf
+25
View File
@@ -185,6 +185,15 @@ EOT
protected = true
audience = "all"
template = "templates/docs/required/GOVERNANCE.md"
},
{
name = "renovate.json"
extension = "json"
description = "Renovate dependency management configuration"
required = true
always_overwrite = false
audience = "developer"
template = "templates/configs/renovate.json"
}
]
@@ -1093,6 +1102,22 @@ EOT
requirement_status = "required"
always_overwrite = true
template = "templates/workflows/dolibarr/repo_health.yml.template"
},
{
name = "cascade-dev.yml"
extension = "yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
requirement_status = "required"
always_overwrite = true
template = "workflows/cascade-dev.yml"
},
{
name = "gitleaks.yml"
extension = "yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
requirement_status = "required"
always_overwrite = true
template = "workflows/gitleaks.yml"
}
]
},
definitions/default/generic.tf
+61 -14
View File
@@ -193,6 +193,15 @@ locals {
always_overwrite = false
audience = "developer"
template = "templates/configs/composer.generic.json"
},
{
name = "renovate.json"
extension = "json"
description = "Renovate dependency management configuration"
requirement_status = "required"
always_overwrite = false
audience = "developer"
template = "templates/configs/renovate.json"
}
]
@@ -443,6 +452,22 @@ locals {
requirement_status = "required"
always_overwrite = true
template = "templates/workflows/shared/auto-dev-issue.yml.template"
},
{
name = "cascade-dev.yml"
extension = "yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
requirement_status = "required"
always_overwrite = true
template = "workflows/cascade-dev.yml"
},
{
name = "gitleaks.yml"
extension = "yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
requirement_status = "required"
always_overwrite = true
template = "workflows/gitleaks.yml"
}
]
},
@@ -580,24 +605,46 @@ locals {
{
branch_pattern = "main"
require_pull_request = true
required_approvals = 1
require_code_owner_review = false
required_approvals = 0
dismiss_stale_reviews = true
require_status_checks = true
required_status_checks = ["ci", "code-quality"]
enforce_admins = false
block_on_rejected_reviews = true
restrict_pushes = true
push_whitelist = ["jmiller"]
enable_force_push = true
force_push_whitelist = ["jmiller"]
enforce_admins = false
},
{
branch_pattern = "master"
require_pull_request = true
required_approvals = 1
require_code_owner_review = false
dismiss_stale_reviews = true
require_status_checks = true
required_status_checks = ["ci"]
enforce_admins = false
restrict_pushes = true
branch_pattern = "dev"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "rc/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "beta/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "alpha/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
}
]
definitions/default/joomla.tf
+25
View File
@@ -239,6 +239,15 @@ locals {
protected = true
audience = "all"
template = "templates/docs/required/GOVERNANCE.md"
},
{
name = "renovate.json"
extension = "json"
description = "Renovate dependency management configuration"
required = true
always_overwrite = false
audience = "developer"
template = "templates/configs/renovate.json"
}
]
@@ -1114,6 +1123,22 @@ locals {
requirement_status = "required"
always_overwrite = true
template = "workflows/cleanup.yml"
},
{
name = "cascade-dev.yml"
extension = "yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
requirement_status = "required"
always_overwrite = true
template = "workflows/cascade-dev.yml"
},
{
name = "gitleaks.yml"
extension = "yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
requirement_status = "required"
always_overwrite = true
template = "workflows/gitleaks.yml"
}
]
},
definitions/default/platform.tf
+25
View File
@@ -91,6 +91,15 @@ locals {
always_overwrite = false
template = "managed-by-sync"
source_type = "programmatic"
},
{
name = "renovate.json"
extension = "json"
description = "Renovate dependency management configuration"
required = true
always_overwrite = false
audience = "developer"
template = "templates/configs/renovate.json"
}
]
@@ -219,6 +228,22 @@ locals {
requirement_status = "required"
always_overwrite = true
template = "templates/workflows/dolibarr/repo_health.yml.template"
},
{
name = "cascade-dev.yml"
extension = "yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
requirement_status = "required"
always_overwrite = true
template = "workflows/cascade-dev.yml"
},
{
name = "gitleaks.yml"
extension = "yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
requirement_status = "required"
always_overwrite = true
template = "workflows/gitleaks.yml"
}
]
},
definitions/default/standards.tf
+70 -13
View File
@@ -207,6 +207,15 @@ locals {
audience = "developer"
template = "managed-by-sync"
source_type = "programmatic"
},
{
name = "renovate.json"
extension = "json"
description = "Renovate dependency management configuration"
required = true
always_overwrite = false
audience = "developer"
template = "templates/configs/renovate.json"
}
]
@@ -497,6 +506,22 @@ locals {
requirement_status = "required"
always_overwrite = true
template = "templates/workflows/shared/auto-dev-issue.yml.template"
},
{
name = "cascade-dev.yml"
extension = "yml"
description = "Forward-merge main to all open branches (dev, rc/*, beta/*, alpha/*) on push to main"
requirement_status = "required"
always_overwrite = true
template = "workflows/cascade-dev.yml"
},
{
name = "gitleaks.yml"
extension = "yml"
description = "Secret scanning — detect leaked credentials, API keys, and tokens using Gitleaks"
requirement_status = "required"
always_overwrite = true
template = "workflows/gitleaks.yml"
}
]
},
@@ -668,20 +693,52 @@ locals {
}
]
branch_protections = {
main = {
required_status_checks = {
strict = true
contexts = ["standards-compliance", "code-quality"]
}
enforce_admins = false
required_pull_request_reviews = {
dismiss_stale_reviews = true
require_code_owner_reviews = true
required_approving_review_count = 1
}
branch_protections = [
{
branch_pattern = "main"
require_pull_request = true
required_approvals = 0
dismiss_stale_reviews = true
block_on_rejected_reviews = true
restrict_pushes = true
push_whitelist = ["jmiller"]
enable_force_push = true
force_push_whitelist = ["jmiller"]
enforce_admins = false
},
{
branch_pattern = "dev"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "rc/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "beta/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
},
{
branch_pattern = "alpha/*"
require_pull_request = false
required_approvals = 0
restrict_pushes = false
enable_force_push = true
force_push_whitelist = ["jmiller"]
}
}
]
repository_settings = {
has_issues = true