206 lines
7.8 KiB
JSON
206 lines
7.8 KiB
JSON
{
|
||
"schema_version": "github_target_repo_approval_package_v1",
|
||
"status": "draft",
|
||
"source_snapshot": "docs/security/github-target-decision.snapshot.json",
|
||
"package_count": 7,
|
||
"approval_items": [
|
||
{
|
||
"github_repo": "owenhytsai/awoooi",
|
||
"source_key": "wooo/awoooi",
|
||
"risk": "HIGH",
|
||
"approval_action": "reconcile_refs_after_full_inventory",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "security-commander", "human-owner"],
|
||
"blocked_until": [
|
||
"Gitea server-side 全量 repo inventory status=ok",
|
||
"branches/tags/workflows/webhooks/secrets 名稱 inventory 完成",
|
||
"部署真相來源已決定",
|
||
"GitHub primary ADR 與 rollback plan 完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"產生 draft migration PR 或 ADR",
|
||
"更新 migration matrix 與 evidence"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 GitHub primary",
|
||
"直接停用 Gitea",
|
||
"搬 secret value"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITEA-GITHUB-MIGRATION-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "Gitea/GitHub main SHA、branches、tags 未對齊,必須先做 reconcile plan。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/clawbot-v5",
|
||
"source_key": "wooo/clawbot-v5",
|
||
"risk": "MEDIUM",
|
||
"approval_action": "reconcile_refs_after_full_inventory",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "human-owner"],
|
||
"blocked_until": [
|
||
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
|
||
"GitHub 缺 Gitea tag 的處理方式已決定"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"更新 migration matrix"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 primary",
|
||
"刪除任一端 repo"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/SOURCE-CONTROL-CLAWBOT-V5-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "GitHub repo 可見,但 main SHA 與 tag 狀態未對齊。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/wooo-aiops",
|
||
"source_key": "wooo/wooo-aiops",
|
||
"risk": "MEDIUM",
|
||
"approval_action": "reconcile_refs_after_full_inventory",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "human-owner"],
|
||
"blocked_until": [
|
||
"Gitea/GitHub main SHA 對齊或人工指定真相來源",
|
||
"GitHub-only branch 與 tags 的來源已釐清"
|
||
],
|
||
"allowed_after_approval": [
|
||
"產生 refs reconcile plan",
|
||
"更新 migration matrix"
|
||
],
|
||
"still_forbidden": [
|
||
"直接 push refs",
|
||
"直接切 primary",
|
||
"刪除 GitHub-only refs"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/SOURCE-CONTROL-WOOO-AIOPS-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "GitHub tags 比 Gitea 多,需先釐清真相來源。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/wooo-infra-config",
|
||
"source_key": "wooo/wooo-infra-config",
|
||
"risk": "MEDIUM",
|
||
"approval_action": "confirm_internal_remote_purpose",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "security-commander", "human-owner"],
|
||
"blocked_until": [
|
||
"110 internal remote 用途已確認",
|
||
"若 110 remote 為舊主控,已降級或移除",
|
||
"infra secrets 名稱 inventory 完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"標記 110 remote 為 mirror、legacy 或 active source",
|
||
"更新 canonical decision table"
|
||
],
|
||
"still_forbidden": [
|
||
"直接刪除 remote",
|
||
"直接同步 refs",
|
||
"搬 infra secret value"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-WOOO-INFRA-CONFIG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "GitHub 與本機 main 對齊,但 110 internal remote 不可讀,需判斷用途。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/ewoooc",
|
||
"source_key": "wooo/ewoooc / root/momo-pro-system / momo working trees",
|
||
"risk": "HIGH",
|
||
"approval_action": "create_or_grant_access_after_canonical_approval",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "security-commander", "human-owner"],
|
||
"blocked_until": [
|
||
"ewoooc/momo-pro-system canonical 關係人工確認",
|
||
"server-side refs diff 完成",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 mirror",
|
||
"自動合併 unrelated histories",
|
||
"刪除任一 momo/ewoooc working tree",
|
||
"切 GitHub primary"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GITEA-REPO-INVENTORY-SNAPSHOT.md",
|
||
"docs/security/LOCAL-REPO-CANONICAL-EWOOOC-MOMO-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "momo/ewoooc lineage sample 目前 unrelated,不能自動視為同 repo。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/bitan-pharmacy",
|
||
"source_key": "bitan-pharmacy",
|
||
"risk": "MEDIUM",
|
||
"approval_action": "create_or_grant_access_after_canonical_approval",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "human-owner"],
|
||
"blocked_until": [
|
||
"確認 repo 是否仍 active",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 repo",
|
||
"自動 push refs",
|
||
"刪除 110 remote"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "110 remote 與本機 main 對齊,可作 source candidate;GitHub target 未確認。"
|
||
},
|
||
{
|
||
"github_repo": "owenhytsai/tsenyang-website",
|
||
"source_key": "tsenyang-website",
|
||
"risk": "MEDIUM",
|
||
"approval_action": "create_or_grant_access_after_canonical_approval",
|
||
"approval_status": "pending",
|
||
"required_reviewers": ["migration-engineer", "human-owner"],
|
||
"blocked_until": [
|
||
"確認 repo 是否仍 active",
|
||
"GitHub repo owner 與 visibility 決策完成"
|
||
],
|
||
"allowed_after_approval": [
|
||
"決定建立 GitHub repo 或授權既有 private repo",
|
||
"產生 migration plan"
|
||
],
|
||
"still_forbidden": [
|
||
"自動建立 repo",
|
||
"自動 push refs",
|
||
"刪除 110 remote"
|
||
],
|
||
"evidence_refs": [
|
||
"docs/security/GIT-REMOTE-REFS-BITAN-TSENYANG-SNAPSHOT.md",
|
||
"docs/security/GITHUB-TARGET-VISIBILITY-DECISION-TABLE.md",
|
||
"docs/security/github-target-owner-decision-response.snapshot.json"
|
||
],
|
||
"notes": "110 remote 與本機 main 對齊,可作 source candidate;GitHub target 未確認。"
|
||
}
|
||
]
|
||
}
|