sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c92fe1261b5dfc79e71828c80ac6bfa9dafc8822
orion/.audit-rules/change_management.yaml
Samir Boulahtit b382090771
Some checks failed
CI / ruff (push) Successful in 12s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details
refactor: remove GitLab CI config and docs after full Gitea migration 
- Delete .gitlab-ci.yml (replaced by .gitea/workflows/ci.yml)
- Delete docs/deployment/gitlab.md (superseded by gitea.md)
- Update audit rules to reference .gitea/workflows/*.yml
- Update validate_audit.py to check Gitea CI paths
- Clean up GitLab references in gitea.md, mkdocs.yml, .dockerignore
- Mark IPv6 AAAA records as completed in hetzner docs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 19:28:35 +01:00

233 lines
6.1 KiB
YAML
Raw Blame History

# Change Management Rules
# =======================
# Ensures proper version control, approval workflows, and rollback capability.
# Critical for maintaining system stability and audit trail.
rules:
# ===================
# VERSION CONTROL
# ===================
- id: CHANGE-VC-001
name: "Git repository required"
description: "All code must be in version control"
severity: critical
check:
type: file_exists
paths:
- ".git"
message: "Git repository required"
- id: CHANGE-VC-002
name: "Gitignore configured"
description: "Sensitive files must be excluded from version control"
severity: high
check:
type: file_exists
paths:
- ".gitignore"
message: ".gitignore file required"
- id: CHANGE-VC-003
name: "Secrets excluded from VCS"
description: "Secret files must be in .gitignore"
severity: critical
check:
type: pattern_required
paths:
- ".gitignore"
patterns:
- "\\.env"
- "\\*\\.pem"
- "\\*\\.key"
- "secrets"
message: "Secret files must be excluded from version control"
# ===================
# CODE REVIEW
# ===================
- id: CHANGE-REV-001
name: "Pull request template"
description: "PR template ensures consistent review information"
severity: medium
check:
type: file_exists
paths:
- ".github/PULL_REQUEST_TEMPLATE.md"
- "CONTRIBUTING.md"
message: "Pull request template recommended"
- id: CHANGE-REV-002
name: "Branch protection documentation"
description: "Main branch should require reviews"
severity: high
check:
type: documentation
message: "Document branch protection rules"
- id: CHANGE-REV-003
name: "Code owners defined"
description: "Critical paths should have designated owners"
severity: medium
check:
type: file_exists
paths:
- ".github/CODEOWNERS"
- "CODEOWNERS"
message: "Consider defining code owners for critical paths"
# ===================
# CI/CD PIPELINE
# ===================
- id: CHANGE-CI-001
name: "Automated testing in CI"
description: "Tests must run automatically on changes"
severity: high
check:
type: file_exists
paths:
- ".github/workflows/ci.yml"
- ".github/workflows/test.yml"
- ".gitea/workflows/*.yml"
message: "CI workflow for automated testing required"
- id: CHANGE-CI-002
name: "Security scanning in CI"
description: "Security scans should run in CI pipeline"
severity: high
check:
type: pattern_recommended
paths:
- ".github/workflows/*.yml"
- ".gitea/workflows/*.yml"
patterns:
- "security|bandit|safety|snyk|trivy"
message: "Consider security scanning in CI pipeline"
- id: CHANGE-CI-003
name: "Linting and code quality"
description: "Code quality checks should run in CI"
severity: medium
check:
type: pattern_required
paths:
- ".github/workflows/*.yml"
- ".gitea/workflows/*.yml"
patterns:
- "ruff|flake8|pylint|mypy|lint"
message: "Code quality checks required in CI"
# ===================
# DEPLOYMENT
# ===================
- id: CHANGE-DEP-001
name: "Environment separation"
description: "Development, staging, and production must be separate"
severity: high
check:
type: pattern_required
paths:
- "app/core/config.py"
- "app/core/environment.py"
patterns:
- "ENVIRONMENT|development|staging|production"
message: "Environment separation required"
- id: CHANGE-DEP-002
name: "Deployment automation"
description: "Deployments should be automated and repeatable"
severity: medium
check:
type: file_exists
paths:
- ".github/workflows/release.yml"
- ".github/workflows/deploy.yml"
- ".gitea/workflows/*.yml"
- "Dockerfile"
message: "Automated deployment process recommended"
- id: CHANGE-DEP-003
name: "Infrastructure as code"
description: "Infrastructure should be version controlled"
severity: medium
check:
type: file_exists
paths:
- "docker-compose.yml"
- "Dockerfile"
- "terraform/"
- "kubernetes/"
message: "Infrastructure as code recommended"
# ===================
# ROLLBACK CAPABILITY
# ===================
- id: CHANGE-ROLL-001
name: "Database migration versioning"
description: "Database changes must be versioned and reversible"
severity: high
check:
type: file_exists
paths:
- "alembic/"
- "alembic.ini"
message: "Database migration tool required"
- id: CHANGE-ROLL-002
name: "Migration downgrade support"
description: "Database migrations should support rollback"
severity: medium
check:
type: pattern_required
paths:
- "alembic/versions/*.py"
patterns:
- "def downgrade"
message: "Migration downgrade functions required"
- id: CHANGE-ROLL-003
name: "Container versioning"
description: "Container images should be versioned"
severity: medium
check:
type: pattern_recommended
paths:
- "Dockerfile"
- ".github/workflows/*.yml"
- ".gitea/workflows/*.yml"
patterns:
- "tag|version|:v"
message: "Container image versioning recommended"
# ===================
# CHANGE DOCUMENTATION
# ===================
- id: CHANGE-DOC-001
name: "Changelog maintained"
description: "Changes should be documented in changelog"
severity: medium
check:
type: file_exists
paths:
- "CHANGELOG.md"
- "CHANGES.md"
- "HISTORY.md"
message: "Consider maintaining a changelog"
- id: CHANGE-DOC-002
name: "Release documentation"
description: "Releases should be documented"
severity: low
check:
type: pattern_recommended
paths:
- ".github/workflows/release.yml"
patterns:
- "release|changelog|notes"
message: "Consider automated release notes"
Reference in New Issue View Git Blame Copy Permalink