MokoConsulting/moko-platform
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Releases Wiki Activity
Page: workflows-shared-workflows
Pages
ARCHITECTURE AUTO_CREATE_ORG_PROJECTS CLI_AUTOMATION DEPLOY_SCRIPTS DOLIBARR_MODULE_IDS DRY_RUN_PATTERN Documentation-Standards.-.- Documentation-Standards.- File-Header-Standards Home JOOMLA_SYNC LEGAL_DOC_GENERATOR_WEB_README MCP-Servers.-.-. MCP-Servers MINIFICATION MONITORING_SCRIPTS NEW_SCRIPTS QUICKSTART_ORG_PROJECTS SITE_MONITORING WIKI_STANDARDS WORKFLOW_STANDARDS api-automation-index.- api-automation-index api-definitions-default-index.- api-definitions-default-index api-definitions-sync-index.- api-definitions-sync-index api-deploy-index.- api-deploy-index api-fix-index.- api-fix-index api-index.- api-index api-maintenance-index.- api-maintenance-index api-plugin-index.- api-plugin-index api-tests-index.- api-tests-index api-tests-sample-index.- api-tests-sample-index api-validate-index.- api-validate-index automation-README.- automation-README automation-branch-version-automation.- automation-branch-version-automation automation-push-files.- automation-push-files automation-repo-cleanup.- automation-repo-cleanup client-repos.-.- client-repos standards-mokostandards-file-spec.- standards-mokostandards-file-spec templates-client-waas templates-dolibarr templates-generic templates-mcp workflows-README.- workflows-README workflows-auto-release.- workflows-auto-release workflows-branch-protection.- workflows-branch-protection workflows-build-release.- workflows-build-release workflows-cascade-dev.- workflows-cascade-dev workflows-changelog-management.- workflows-changelog-management workflows-demo-deployment.- workflows-demo-deployment workflows-dev-branch-tracking.- workflows-dev-branch-tracking workflows-dev-deployment.- workflows-dev-deployment workflows-index.- workflows-index workflows-release-system.- workflows-release-system workflows-renovate.- workflows-renovate workflows-reusable-workflows.- workflows-reusable-workflows workflows-rs-deployment.- workflows-rs-deployment workflows-secret-scanning.- workflows-secret-scanning workflows-shared-workflows.- workflows-shared-workflows workflows-standards-compliance.- workflows-standards-compliance workflows-static-analysis.- workflows-static-analysis workflows-sub-issue-management.- workflows-sub-issue-management workflows-update-server.- workflows-update-server workflows-workflow-architecture.- workflows-workflow-architecture
Clone
3
workflows-shared-workflows
Jonathan Miller edited this page 2026-05-20 01:26:28 +00:00
Table of Contents

Home

moko-platform

Shared Workflow Templates

These workflows are synced to every governed repository via bulk_sync.php. They live in templates/workflows/shared/ and are registered in all platform definitions.

Workflow Summary

Workflow Triggers Purpose
deploy-dev.yml dev/**, alpha/**, beta/**, rc/**, develop (src/** only) SFTP deploy to dev server (dev=development, alpha/beta auto-bump patch, rc=rc tag)
deploy-demo.yml main, master (src/** only) SFTP deploy to demo server (stable tag) + update files
sync-version-on-merge.yml push to main Auto-bump patch version, propagate to all headers
auto-release.yml push to main Build & Release: every push tags + updates platform version/badges; minor (XX.YY.00) creates version branch + new Release; patch updates existing Release
auto-dev-issue.yml branch creation (dev/**, rc/**) Auto-create tracking issue (dev=feature, rc=release)
repository-cleanup.yml schedule (1st + 15th) + dispatch Recurring maintenance: labels, branches, logs, workflows, doc indexes
enterprise-firewall-setup.yml push to main Configure trusted domain access for enterprise environments
repo_health.yml every push + PR Platform-specific health checks (Dolibarr: module descriptor; Joomla: XML manifest)

moko-platform-only workflows (not synced)

Workflow Triggers Purpose
composer-validate.yml every push + PR Validate composer.json schema, version consistency, autoload paths, bin scripts, enterprise dep pattern
standards-compliance.yml push + PR 28-job, 4-tier compliance check
bulk-repo-sync.yml dispatch Sync standards to all governed repos

sync-version-on-merge.yml

Trigger: Every push to main/master

What it does:

  1. If README.md was NOT part of the push, auto-increments the patch version (e.g., 04.00.7204.00.73)
  2. Reads the VERSION from README.md FILE INFORMATION block
  3. Runs update_version_from_readme.php to propagate to all file headers and badges
  4. Commits updated files with [skip ci]

Requirements: secrets.GH_TOKEN with write access

Skips: Commits by gitea-actions[bot], commits with [skip ci]

auto-release.yml

Trigger: Every push to main/master (skips bot commits and [skip ci])

What it does on every push:

  1. Reads version from README.md
  2. Creates or updates version/XX branch (patches force-update existing branch)
  3. Sets platform version (Dolibarr $this->version, Joomla <version>)
  4. Updates [VERSION: XX.YY.ZZ] badges in markdown files
  5. Writes update files (Dolibarr update.txt, Joomla updates.xml with <tag>stable</tag>)
  6. Creates git tag vXX.YY.ZZ

Additional steps on minor releases (patch == 00): 7. Creates new GitHub Release with changelog notes

On patch releases (patch != 00): 7. Updates the existing minor release (appends patch notes, updates title)

Protection: Workflow files are protected by CODEOWNERS (requires @jmiller review) and a file path restriction ruleset. Only bypass actors can modify .gitea/workflows/.

Version What happens
01.02.00 Full release: version branch + tag + new GitHub Release
01.02.01 Patch: tag + update existing v01.02.00 Release with patch notes
01.02.02 Patch: tag + update existing Release again
01.03.00 Full release: new version branch + tag + new GitHub Release

Requirements: secrets.GH_TOKEN with write access

enterprise-firewall-setup.yml

Trigger: Push to main

What it does: Configures trusted domain access rules for enterprise network environments. Ensures governed repositories can access required external services through corporate firewalls.

Deploy Workflows

See dedicated docs:

Note: deploy-rs.yml has been retired (v04.06.00). RS deployment is now via the release pipeline only. See RS Deployment (deprecated).

Common Features (both deploy workflows)

  • Permission check: jmiller and gitea-actions[bot] hardcoded as authorized; others need admin/maintain role
  • Chore skip: PRs from chore/ branches do not deploy
  • Suffix required: {ENV}_FTP_SUFFIX must be set or deployment is skipped
  • Clear before upload: Remote folder is always cleared before uploading
  • .ftpignore support: Gitignore-style file exclusion
  • Failure tracking: Creates/updates a deploy-failure issue on error

Version Handling by Environment

Environment Module Version
Dev (dev/**) "development" — Dolibarr $this->version and Joomla <version> set to literal "development"
Alpha (alpha/**) XX.YY.ZZ-alpha — version with -alpha suffix (auto-bumps patch)
Beta (beta/**) XX.YY.ZZ-beta — version with -beta suffix (auto-bumps patch)
RC (rc/**) XX.YY.ZZ-rc — version with -rc suffix
Demo (main) Real version from README.md

Update Server Files by Environment

Environment Dolibarr update.txt Joomla updates.xml <tag>
Dev (dev/**) development development
Alpha (alpha/**) XX.YY.ZZ-alpha alpha
Beta (beta/**) XX.YY.ZZ-beta beta
RC (rc/**) XX.YY.ZZ-rc release-candidate
Release (main via auto-release) XX.YY.ZZ vXX

See update-server.md for the full update server specification.

auto-dev-issue.yml

Trigger: Branch creation matching dev/** or rc/**

What it does: Auto-creates a tracking issue when a new dev/** or rc/** branch is pushed. Assigns jmiller.

Branch type Title prefix Label
dev/** feat(XX.YY.ZZ) type: feature
rc/** rc(XX.YY.ZZ) type: release

Skips if an issue for that version already exists.

repository-cleanup.yml

Trigger: Schedule (1st + 15th of each month at 6:00 AM UTC) + manual dispatch

What it does (always):

  • Deletes 25 retired workflow files
  • Checks for version drift across all files
  • Creates .gitea/workflows/custom/ directory if missing

What it does (toggleable):

  • Reset labels to 58-label standard set (manual only, off by default)
  • Delete old sync branches
  • Clean cancelled/stale workflow runs
  • Delete workflow logs older than 30 days
  • Strip copyright blocks from issue templates
  • Rebuild docs/ index files

Custom Workflows

Every governed repo has a .gitea/workflows/custom/ directory that is never touched by sync or cleanup. Place repo-specific workflows here:

.gitea/workflows/
├── deploy-dev.yml              ← Synced (overwritten on sync)
├── auto-release.yml            ← Synced (overwritten on sync)
├── repository-cleanup.yml      ← Synced (overwritten on sync)
└── custom/                     ← SAFE — never touched
    ├── README.md
    └── my-custom-workflow.yml

repo_health.yml (platform-specific)

Trigger: Every push and PR (no path filter)

What it does: Platform-specific health checks in addition to shared guardrails (release vars, scripts governance, repo artifacts, extended checks).

Dolibarr (crm-module) checks

  • Module descriptor (src/core/modules/mod*.class.php) exists
  • $this->numero is set and non-zero
  • $this->version is not hardcoded
  • url_last_version points to update.txt (not update.json)
  • url_last_version references /main/ on main branch
  • src/README.md exists (module store requirement)
  • update.txt exists in root

Joomla (waas-component) checks

  • XML manifest with <extension> tag exists
  • <version>, <name>, <author>, <namespace> tags present
  • Extension type attribute is valid
  • Language .ini files exist
  • updates.xml exists in root
  • index.html directory listing protection in src/, src/admin/, src/site/

composer-validate.yml (moko-platform only)

Trigger: Every push and PR

What it does: Validates the composer.json integrity for the moko-platform enterprise library:

  • Schema validation (composer validate --strict)
  • Lock file freshness
  • Dependency resolution (dry run)
  • Security advisories (composer audit)
  • Version consistency: composer.json version = README.md VERSION = STANDARDS_VERSION in RepositorySynchronizer.php
  • All autoload paths (PSR-4, classmap, files) exist on disk
  • All bin scripts exist
  • Enterprise dep constraint uses dev-version/XX pattern (not dev-main)

Note: Governed repos can manually set dev-main for bleeding-edge installs, but the sync system always corrects this to dev-version/XX on the next sync run.

Composer Enterprise Dependency

On every sync, the RepositorySynchronizer checks if the remote composer.json requires mokoconsulting-tech/enterprise. If missing or stale (dev-main), it adds/updates it to "dev-version/XX" — always pinned to the current version branch, never bleeding-edge main.

Governed repos can manually override to dev-main for bleeding-edge testing, but this will be corrected on the next sync.

Repo: moko-platform · moko-platform wiki

Field Value
Minimum Version 04.07.00
Platform all
Applies To All repositories
Revision Date Author Description
1.0 2026-05-08 Moko Consulting Initial version