77 lines
11 KiB
Markdown
77 lines
11 KiB
Markdown
# GitHub Primary Readiness Gate
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-05-17 |
|
||
| 狀態 | 草案,blocked by default |
|
||
| Schema | `docs/schemas/source_control_primary_readiness_gate_v1.schema.json` |
|
||
| Snapshot | `docs/security/source-control-primary-readiness-gate.snapshot.json` |
|
||
| Rollback ADR | `docs/security/source-control-primary-rollback-adr.snapshot.json` |
|
||
| GitHub target owner response | `docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md` |
|
||
| Ref truth owner response | `docs/security/SOURCE-CONTROL-REF-TRUTH-OWNER-RESPONSE.md` |
|
||
| Workflow / secret owner response | `docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md` |
|
||
| Owner response validation rollup | `docs/security/SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md` |
|
||
| 模式 | `primary_readiness_gate_only` |
|
||
| runtime 執行授權 | `false` |
|
||
|
||
## 0. 核心結論
|
||
|
||
`source_control_primary_readiness_gate_v1` 是 S4.0 的 GitHub primary readiness gate 草案。
|
||
|
||
它只回答一件事:如果長期方向要把 Gitea 降成本地 mirror / fallback,並把 GitHub 做成 primary,AwoooP 在任何切換前必須看到哪些 parity、owner、rollback 與人工批准 evidence。
|
||
|
||
它不是 cutover plan,也不是 refs sync plan。目前 `primary_ready_count=0`、`github_primary_switch_authorized=false`。
|
||
|
||
## 1. 目前狀態
|
||
|
||
| 指標 | 數量 |
|
||
|------|------|
|
||
| Candidate repos | 8 |
|
||
| In-scope repos | 7 |
|
||
| External scope review | 1 |
|
||
| Primary ready | 0 |
|
||
| Blocked in-scope | 7 |
|
||
| Approval required | 7 |
|
||
|
||
## 2. 全域 Gate
|
||
|
||
| Gate | 目前狀態 | 說明 |
|
||
|------|----------|------|
|
||
| Gitea authenticated inventory | blocked | private/internal 全量 repo list 尚未完成;S4.9 owner response request packet、template status ledger、audit event templates、redaction examples、display sections 與 collection checks 已可顯示,但 S4.7 owner coverage attestation response 仍未收到,audit events emitted 仍為 0;S4.13 已集中顯示四包 owner response validation、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes,但 total accepted response 仍為 0、reviewer audit emitted 仍為 0 |
|
||
| refs truth / branch-tag parity | blocked | 3 個 mapped repos 仍有 refs drift;S4.11 已補 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,received / accepted response 皆為 0、audit events emitted 仍為 0 |
|
||
| workflow / runner / secret name parity | missing evidence | S4.1 已建立 inventory 契約;S4.12 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,received / accepted response 皆為 0、audit events emitted 仍為 0;尚未有實際 redacted workflow、webhook、runner、secret 名稱 snapshot |
|
||
| owner / visibility / canonical | pending review | 7 個 in-scope targets 仍需人工決策;S4.10 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,received / accepted response 皆為 0 |
|
||
| rollback ADR | pending review | S4.4 已建立 rollback ADR 草案;7 個 in-scope repos 仍需 owner approval、dry-run 與 validation window |
|
||
|
||
## 3. AwoooP 可做
|
||
|
||
1. 顯示每個 repo 的 readiness state、blockers 與 evidence refs。
|
||
2. 顯示 `primary_ready_count=0`。
|
||
3. 將 7 個 in-scope repos 維持在 approval / review lane。
|
||
4. 顯示哪些 evidence 仍缺:Gitea authenticated inventory、S4.7 owner coverage attestation、S4.9 owner response request packet / template status ledger / audit event templates / redaction examples / display sections / collection checks / owner response、S4.10 GitHub target owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.11 refs truth owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.12 workflow / secret name owner response request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks / owner response、S4.13 validation rollup / evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes、workflow/runner/secret name inventory、rollback ADR。
|
||
5. 連到 S4.10 `github_target_owner_decision_response_v1` 顯示 1 個 owner response request packet、7 個 owner response template statuses、3 個 owner response audit event templates、5 個 owner response redaction examples、6 個 owner response collection checks、6 個 intake preflight checks、7 個 owner decision response templates、8 個 acceptance checks、10 個 rejection rules,且 received / accepted response 皆為 0。
|
||
6. 連到 S4.11 `source_control_ref_truth_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 refs owner response templates、8 個 acceptance checks、10 個 rejection rules,且 received / accepted response 皆為 0、audit events emitted 仍為 0。
|
||
7. 連到 `source_control_workflow_secret_name_inventory_v1` 顯示 8 個 candidate repos 的 inventory lane 缺口與 S4.2 local evidence;只保存 secret 名稱與 owner,不保存 value。
|
||
8. 連到 S4.12 `source_control_workflow_secret_name_owner_response_v1` 顯示 1 個 owner response request packet、5 個 template statuses、3 個 audit event templates、5 個 redaction examples、6 個 collection checks、6 個 intake preflight checks、5 個 owner response templates、8 個 acceptance checks、10 個 rejection rules,且 received / accepted response 皆為 0、audit events emitted 仍為 0。
|
||
9. 連到 S4.13 `source_control_owner_response_validation_rollup_v1` 顯示四包 owner response validation 狀態:22 個 templates、10 個 cross-packet checks、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received / accepted / rejected response 皆為 0、reviewer audit emitted 仍為 0。
|
||
10. 連到 `source_control_primary_rollback_adr_v1` 顯示 7 個 in-scope repos 的 rollback owner、trigger 與 validation window 草案。
|
||
11. 把狀態寫入 Audit evidence 與 Operator Console。
|
||
|
||
## 4. AwoooP 不可做
|
||
|
||
1. 不建立 GitHub repo。
|
||
2. 不修改 repo visibility。
|
||
3. 不 sync refs、不 delete refs、不 force push。
|
||
4. 不切 GitHub primary。
|
||
5. 不停用、刪除、封存或降級 Gitea repo。
|
||
6. 不搬移或保存 secret value。
|
||
7. 不顯示 repo、refs、primary switch 類 action button。
|
||
|
||
## 5. 階段定位
|
||
|
||
S4.0 只是把「切換前一定要看見什麼」先定義清楚。
|
||
|
||
S4.4 已補上 rollback ADR 草案,但它只是 owner review 的資料包,不是切換批准。S4.7 已補上 Gitea coverage owner attestation,S4.9 已補上 Gitea owner response request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、收件包、preflight 與 outcome lanes,S4.10 已補上 GitHub target owner decision response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,S4.11 已補上 refs truth owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,S4.12 已補上 workflow / secret 名稱 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包,S4.13 已補上四包 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes;它們只是 scope decision、response 收件提示、metadata audit template、脫敏範例、只讀收件檢查、只讀 preflight、只讀顯示順序、只讀 evidence routing、只讀狀態語義、人工審查提示、結果分類、脫敏稽核格式、稽核顯示邊界、只讀稽核檢查、安全 metadata 顯示範例、metadata retention 邊界、只讀 retention 驗證、跨 Session 只讀交接、交接消費檢查、平行 Session 同步檢查、衝突 lane、復原前檢查、復原結果分類與驗收框架,不是 audit production ingestion、migration approval、repo creation approval、visibility change approval、refs sync approval、delete approval、force-push approval、secret value collection approval、workflow modification approval 或 primary approval。`owner_approved_count=0`、`dry_run_completed_count=0`、`active_cutover_count=0`。
|
||
|
||
這讓長期回到 GitHub 的方向可以繼續往前,但仍維持低摩擦:目前只 mirror、只顯示、只留痕,不執行。
|