5.6 KiB
Meta Repository Migration Audit
This audit records which existing GovOPlaN files should move toward the
govoplan meta repository and which should remain with their current runtime
owner.
Website Repository Rename
The former govoplan-web repository has been renamed to
addideas-govoplan-website. It is a public website and catalog publication
target, not an installable GovOPlaN runtime module.
Resolved target name:
addideas-govoplan-website
The rename happened server-side in Gitea first. Local checkout paths, remotes, docs, and release/catalog defaults should use the new name.
The renamed repository should remain categorized as website, not module.
Move To govoplan
These are whole-product/operator concerns and should be owned by the meta repository.
Release Orchestration
Former location:
- core-local release and catalog helper scripts
Target shape:
- command entry points live in
govoplan/tools - repository lists come from
govoplan/repositories.json - generated catalogs are written to the renamed public site repository
- core keeps only runtime catalog validation/signing primitives used by the installer
Cross-Repository Gitea Workflow Tooling
Former location:
- core-local Gitea helper scripts
- source issue templates copied into each repo under
.gitea/ - the shared label taxonomy JSON file
Target shape:
- source templates and label taxonomy live in
govoplan - sync/import/migration helpers live in
govoplan/tools - generated/copy-installed
.gitea/files may remain in each repository because Gitea reads them repository-locally - repo-specific AGENTS or issue guidance can remain repo-local when it contains module-specific instructions
Whole-Product CI
Former location:
- core-local whole-product workflow definitions
Target shape:
- whole-product workflows live in
govoplan/.gitea/workflows - workflows bootstrap or use sibling checkouts based on
repositories.json - core keeps core-only workflows if needed later
Notes:
- Gitea workflows are repository-local, so moving them changes which repository triggers the job.
- The workflow scripts must stop assuming the checked-out repository is
govoplan-core.
Security Audit Toolbox
Former location:
- core-local security audit toolbox files
- core-local audit dependency and Gitleaks configuration files
Reason to move:
- the tool already supports
--scope govoplan - the
govoplanscan mounts the parent directory and scans sibling repos - this is an operator/security workspace function, not runtime core behavior
Target shape:
govoplan/tools/checks/security-audit/govoplan/tools/checks/check-security-audit.shgovoplan/requirements-audit.txtgovoplan/.gitleaks.toml
Whole-Product Docker
Former locations:
- core-local shared development Docker profiles
- website-local public-site Compose profile
Target shape:
- shared development and production-like composition move under
govoplan/dev - deploy/public-site composition can live under
govoplan/docker - module-specific testbeds stay module-local:
govoplan-campaign/dev/mail-testbed/docker-compose.ymlgovoplan-files/dev/connectors/docker-compose.yml
Keep In Core
These are runtime/kernel concerns and should stay in govoplan-core.
- installer/runtime code under
govoplan_core.core.module_installer - module discovery, registry, route aggregation, and lifecycle contracts
- catalog validation primitives used by the runtime installer
- configuration package validation and safety contracts
- database/session primitives and migration orchestration APIs
- core WebUI shell and module contribution contracts
Canonical operator entry points should be in govoplan.
Keep In Public Site Repository
After the rename, the website repository should keep:
- Vite/React public website source
- screenshots/content source notes
- static catalog assets under
public/catalogs/... - website-specific catalog asset validator if it validates static publication contents
- website Dockerfile and simple site-serving compose, unless a whole-product
deployment compose takes over in
govoplan
It should not own:
- release version bumping
- cross-repository tagging
- catalog generation/signing keys
- installer logic
- module orchestration
Rename Follow-Up References
Known references reviewed after the server-side rename:
govoplan/repositories.jsongovoplan/docs/REPOSITORY_STRUCTURE.mdgovoplan/docker/README.mdgovoplan-core/docs/RELEASE_DEPENDENCIES.mdgovoplan-core/docs/MODULE_ARCHITECTURE.md- moved release helper references
- moved Gitea helper references
- public site
README.md,package.json,package-lock.json,docker-compose.yml, and catalog key rotation runbook
Suggested Migration Order
- Update local checkout path, remote, repository manifest, and docs.
- Move Gitea helper scripts and source templates from core to meta.
- Move release/catalog command entry points from core to meta and convert
repository discovery to
repositories.json. - Move whole-product Gitea Actions workflows to meta.
- Move security audit toolbox to meta.
- Move/wrap whole-product Docker composition in meta.
- Remove core compatibility wrappers once docs and workflows use
govoplan.
Current State
Completed in the meta repository:
- canonical tools live in
govoplan/tools - release/catalog/Gitea/security-audit tools have been moved from core to meta
- whole-product Gitea workflows have been moved to
govoplan/.gitea/workflows - shared PostgreSQL and production-like Docker profiles live under
govoplan/dev - core-local wrappers for moved commands have been removed
- the meta
scriptscompatibility layer has been removed; usegovoplan/tools