Files
govoplan/docs/META_REPO_SCAN.md
Albrecht Degering 05ae81d641
Some checks failed
Dependency Audit / dependency-audit (push) Failing after 16s
Security Audit / security-audit (push) Failing after 11s
intermediate commit
2026-07-14 13:32:09 +02:00

2.9 KiB

Meta Repository Scan

Scan date: 2026-07-13.

This scan checked local repositories under /mnt/DATA/git listed in repositories.json.

Repository Inventory

repositories.json already lists every checked-out GovOPlaN repository.

Checked-out repositories not listed in repositories.json: none.

Repositories listed in repositories.json but not checked out locally: none.

The human-readable link index is docs/REPOSITORY_INDEX.md; the JSON file remains the machine-readable source of truth.

Meta-Owned Content

These items are correctly owned by the meta repository:

  • .gitea/workflows: cross-repository CI and audit workflows.
  • .gitleaks.toml: whole-workspace secret scan policy.
  • audit-reports: whole-workspace audit output.
  • dev/postgres: shared development PostgreSQL service.
  • dev/production-like: production-like product validation composition.
  • tools/checks: whole-product checks and audit launchers.
  • tools/gitea: issue/wiki/label/backlog tooling.
  • tools/launch: product launch entry points.
  • tools/release: release catalog, lock, push, and release console tooling.
  • tools/repo: repository bootstrap, status, and metadata tooling.

Module-Local Content That Should Stay Local

These paths look operational, but they are tied to one module's protocol or transport behavior and should stay in the owning repository for now:

  • govoplan-campaign/dev/mail-testbed: mail transport testbed for campaign.
  • govoplan-files/dev/connectors: WebDAV, Nextcloud, and SMB connector smoke environment for files.

The meta repo can later wrap these with aggregate commands, but the test-bed definitions should remain close to the module code unless they become a shared product deployment profile.

Generated Or Local-Only Content

These should not move to the meta repo; they should be ignored or cleaned:

  • __pycache__ directories under tools/gitea and module test beds.
  • .venv and .ruff_cache directories.
  • Populated .env files such as govoplan-campaign/dev/mail-testbed/.env.

Repo-Local Workflow Files

Most module repositories have .gitea/ISSUE_TEMPLATE installed. These are repo-local generated copies of the shared workflow templates and are fine to keep in each repository.

Repositories currently missing a .gitea directory in the local checkout:

  • govoplan-dashboard
  • govoplan-evaluation
  • govoplan-poll
  • govoplan-rest
  • govoplan-soap

If those repositories should use the shared issue templates, run the meta repo installer from govoplan/tools/gitea/gitea-install-workflow.py.

Do Not Move

The following stay in each module repository:

  • pyproject.toml and package dependency metadata.
  • Backend manifests and migrations.
  • Module-owned tests.
  • Module READMEs and module-specific docs.
  • WebUI package manifests and module frontend source.

Those files describe or implement the module itself. The meta repo should catalog and orchestrate them, not become the owner of module code.