vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore: pre-migration snapshot
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details

Browse Source 
Layer0, MCP servers, Terraform consolidation
This commit is contained in:
Vault Sovereign
2025-12-27 01:52:27 +00:00
parent 7f2e60e1c5
commit f0b8d962de
67 changed files with 14887 additions and 650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.gitlab-ci.yml
View File

@@ -41,6 +41,38 @@ infra_invariants:
- "terraform/**/*"
- "scripts/infra-invariants.sh"
# ============================================================================
# WAF + PLAN INVARIANTS
# ============================================================================
# Enforces WAF Intel regression + deterministic Terraform plan gating.
waf_plan_invariants:
stage: validate
image: hashicorp/terraform:latest
before_script:
- |
set -euo pipefail
if command -v apk >/dev/null 2>&1; then
apk add --no-cache python3 py3-pip
elif command -v apt-get >/dev/null 2>&1; then
apt-get update
apt-get install -y python3 python3-pip
rm -rf /var/lib/apt/lists/*
else
echo "No supported package manager found to install python3/pip." >&2
exit 1
fi
- python3 -m pip install --no-cache-dir -r requirements-dev.txt
script:
- bash scripts/waf-and-plan-invariants.sh
rules:
- changes:
- "mcp/waf_intelligence/**/*"
- "scripts/waf-and-plan-invariants.sh"
- "tests/test_waf_intelligence_analyzer.py"
- "requirements-dev.txt"
- "terraform/**/*"
# ============================================================================
# PYTHON SYNTAX CHECK
# ============================================================================