core/php-devops
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
php-devops/TODO.md
darbs-claude 5fbe70d424 docs: add phase 0 environment assessment and TODO 
- FINDINGS.md: full assessment of core-devops architecture, PHP tooling
  gaps (no composer.json — meta repo), shell script syntax checks,
  security controls review, and dev vs main divergence summary
- TODO.md: phased task list covering merge from dev, shellcheck/BATS
  integration, CI pipeline, and documentation improvements

Closes #1

Co-Authored-By: Clotho <clotho@lthn.ai>
2026-02-21 00:02:43 +00:00

48 lines
1.9 KiB
Markdown
Raw Blame History

# TODO — core-devops
**Updated:** 2026-02-21 (Phase 0 assessment)
**See:** [FINDINGS.md](FINDINGS.md) for full assessment details.
---
## Phase 1 — Immediate (main branch health)
- [ ] Merge `dev``main` after review (dev is 20+ commits ahead)
- [ ] Update `VERSION` in `scripts/install-core.sh` to auto-detect latest release (fix is on `dev`)
- [ ] Verify `COMPOSER_EXPECTED_SIG` in `scripts/install-deps.sh` is current
- [ ] Update `GO_VERSION` in `scripts/install-deps.sh` to 1.24.x
## Phase 2 — Shell script quality
- [ ] Install `shellcheck` in CI and run against all `.sh` files
- [ ] Add BATS (Bash Automated Testing System) tests for `install-deps.sh` and `install-core.sh`
- [ ] Fix `${var,,}` bash 4+ syntax in `install-core.sh` for macOS bash 3 compatibility (fix on `dev`)
- [ ] Add GitHub Actions workflow to lint shell scripts on push
## Phase 3 — CI/CD for this repo
- [ ] Add `.github/workflows/ci.yml` to run `shellcheck` and BATS tests
- [ ] Add `scripts/install-core.sh` smoke test in CI (build-from-source path)
- [ ] Enable CodeQL scanning (workflow exists on `dev`)
- [ ] Add Trivy/Gitleaks security scanning (workflows on `dev`)
## Phase 4 — Documentation
- [ ] Merge VitePress docs site from `dev` (`.vitepress/`, `doc/`)
- [ ] Add architecture diagram to README
- [ ] Document `.core/` folder spec for package maintainers
- [ ] Add SECURITY.md (exists on `dev`)
- [ ] Add CONTRIBUTING.md (exists on `dev`)
## Phase 5 — Workspace tooling
- [ ] Confirm `core` CLI v0.1.0 is released and binaries are available on GitHub
- [ ] Add `core doctor --fix` smoke test to CI
- [ ] Validate `repos.yaml` schema in CI (YAML lint + custom validation)
- [ ] Add `make test` target that runs shell script tests
## Deferred
- [ ] TLS certificate pinning for script downloads (currently relies on system CA store)
- [ ] Separate trust root for binary checksums (currently same origin as binaries)
- [ ] GPG signing of `core` CLI release tags
Reference in a new issue View git blame Copy permalink