Some checks failed
Docker Build & Push / build (push) Failing after 1m57s
- Remove .woodpecker.yml - Add .forgejo/workflows/docker-build.yml - Update copilot-instructions.md: Woodpecker -> Forgejo Actions
71 lines
3.2 KiB
Markdown
71 lines
3.2 KiB
Markdown
# GitHub Copilot – Project Instructions
|
||
|
||
## Project
|
||
MediaWiki deployment for rd13 – a self-hosted wiki running in Docker, served via a reverse proxy, with a MariaDB backend.
|
||
|
||
## Stack
|
||
- Language: PHP (MediaWiki core + extensions), YAML, Dockerfile
|
||
- Framework: MediaWiki
|
||
- Database: MariaDB
|
||
- Infrastructure: Docker Compose, Forgejo (self-hosted Git), Forgejo Actions (act_runner), Forgejo Container Registry, Linux Server (remote via VS Code Server)
|
||
|
||
## Architecture
|
||
- Pattern: Containerised deployment (App + DB as separate services)
|
||
- Key constraints: No application code changes – configuration and infrastructure only
|
||
- Image published to: `192.168.178.6:8083/cschulz/rd13_media_wiki:latest` (Forgejo Container Registry)
|
||
- Extensions live in: `wikidata/extensions/`
|
||
- Wiki config: `wikidata/LocalSettings.php`
|
||
- Upload config: `wikidata/uploads.ini`
|
||
|
||
## Conventions
|
||
- Branch naming: `feat/<ticket>-description`, `fix/<ticket>-description`
|
||
- Commit format: Conventional Commits (`feat|fix|chore|docs|refactor|ci`)
|
||
- Secrets: never in `docker-compose.yml` or `LocalSettings.php` – use `.env` files or Docker secrets
|
||
- CI/CD: Forgejo Actions pipeline defined in `.forgejo/workflows/docker-build.yml`
|
||
- Images: always pin with a specific tag, avoid `:latest` in production compose files
|
||
|
||
## Engineering Process
|
||
|
||
### Before starting any task
|
||
1. Clarify requirements – user story + acceptance criteria vorhanden?
|
||
2. Impact analysis – welche bestehenden Komponenten sind betroffen?
|
||
3. Architecture check – passt die geplante Lösung zur bestehenden Architektur?
|
||
4. Test strategy – wie wird das Feature getestet?
|
||
|
||
### Definition of Ready (DoR)
|
||
A task can only be started when:
|
||
- [ ] Acceptance criteria are clear and unambiguous
|
||
- [ ] Non-functional requirements defined (performance, security, scalability)
|
||
- [ ] Architectural approach agreed upon
|
||
- [ ] No unresolved external blockers
|
||
|
||
### Definition of Done (DoD)
|
||
A task is only done when ALL of the following are true:
|
||
- [ ] Change implements the acceptance criteria
|
||
- [ ] No secrets or credentials in code or config
|
||
- [ ] OWASP Top 10 reviewed
|
||
- [ ] Relevant documentation updated (README, if applicable)
|
||
- [ ] Commit message follows Conventional Commits
|
||
- [ ] Docker image builds successfully (`docker buildx build --platform linux/amd64 .`)
|
||
- [ ] No dead config, no TODOs left behind (or tracked as issues)
|
||
|
||
## Testing Strategy
|
||
- No unit/integration tests (deployment-only repo)
|
||
- Validation: `docker compose config` for compose syntax
|
||
- Build test: Forgejo Actions runs `docker buildx build` (dry-run) on PRs, build+push on merge to `main`
|
||
|
||
## Security
|
||
- No secrets in code or config files – use environment variables / `.env`
|
||
- MediaWiki `$wgSecretKey` and DB passwords must come from env or secrets
|
||
- Validate all extension configurations before enabling
|
||
- Principle of least privilege for all container permissions
|
||
- Dependency vulnerabilities: check before adding new extensions or base image versions
|
||
|
||
## Documentation Standards
|
||
- Code comments: explain WHY, not WHAT
|
||
- Architecture decisions: write ADR in `docs/adr/` (template: `docs/adr/000-template.md`)
|
||
|
||
## Non-Functional Requirements
|
||
- Availability: 99% (self-hosted, single node)
|
||
- Data retention: persistent volumes for `wikidata/` and `mdbdata/`
|
||
- Response time: < 2s for wiki page loads
|