diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 316a4896..1659d164 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,8 +1,8 @@ # CODEOWNERS file for managing repository permissions # Format: path-pattern @username @org/team-name -# Maintainers: Default owners for all files -* @juanmrad @vinaysrao1 @pawiecz @cassidyjames @julietshen @dom-notion +# Divine maintainers +* @mbradley @notthatkindofdrliz -# Docs contributors -docs/ @roostorg/roosters +# Upstream ROOST maintainers (for upstream sync PRs) +# * @juanmrad @vinaysrao1 @pawiecz @cassidyjames @julietshen @dom-notion diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 6682497c..07beef1f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -14,3 +14,7 @@ Are there any special things that have to be done before this can be deployed to prod (e.g., other blocking PRs; manual load testing/validation that needs to be done on staging; etc.)? If so, please note them here. --> + +## Public Artifact Review + +- [ ] Titles, descriptions, branch names, screenshots, and linked artifacts avoid partner, customer, brand, campaign, or other sensitive external names unless explicitly approved diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml new file mode 100644 index 00000000..1b512353 --- /dev/null +++ b/.github/workflows/build-and-push.yaml @@ -0,0 +1,66 @@ +name: Build and Push Docker Images + +on: + push: + branches: + - main + - 'divine/*' + tags: + - 'v*' + +env: + REGISTRY: ghcr.io + ORG: divinevideo + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + strategy: + matrix: + include: + - image: coop-server + context: . + dockerfile: Dockerfile + target: build_server + - image: coop-worker + context: . + dockerfile: Dockerfile + target: build_worker_runner + - image: coop-client + context: ./client + dockerfile: client/Dockerfile + + steps: + - uses: actions/checkout@v4 + + - uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: docker/metadata-action@v5 + id: meta + with: + images: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image }} + tags: | + type=ref,event=branch + type=sha,prefix= + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} + + - uses: docker/setup-buildx-action@v3 + + - uses: docker/build-push-action@v5 + with: + context: ${{ matrix.context }} + file: ${{ matrix.dockerfile }} + target: ${{ matrix.target || '' }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/semantic_pr.yml b/.github/workflows/semantic_pr.yml new file mode 100644 index 00000000..39950a65 --- /dev/null +++ b/.github/workflows/semantic_pr.yml @@ -0,0 +1,12 @@ +name: Semantic PR + +on: + pull_request_target: + types: [opened, edited, synchronize, reopened] + +permissions: + pull-requests: read + +jobs: + semantic-pull-request: + uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/semantic_pull_request.yml@v1 diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 00000000..0857d709 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,50 @@ +# COOP (Content Operations & Oversight Platform) + +Divine's moderation review surface. Fork of [roostorg/coop](https://github.com/roostorg/coop). + +## Cross-Repo Coordination + +This repo is **Layer 4** (human review surface) in the moderation pipeline. Read the coordination doc at session start: +`~/code/support-trust-safety/docs/moderation/auto-hide-evolution-plan.md` + +When you make decisions or discover constraints that affect other layers, update that doc and flag it for the user. + +## Architecture + +COOP receives flagged content from Osprey (rules engine) via REST API submission. Human moderators review items in the Manual Review Tool (MRT), then take actions (Ban User, Delete Content, Hide Content, Age Restrict) that fire webhooks to the relay-manager adapter. + +``` +Osprey verdict (flag_for_review) → COOP REST API → MRT queue +Moderator decision → COOP webhook → adapter → relay-manager RPC +``` + +## Divine Integration Points + +- **Item Type:** "User Report" with fields for report metadata + media (VIDEO/IMAGE) +- **Actions:** CUSTOM_ACTION webhooks to adapter service +- **Adapter:** `support-trust-safety/scripts/coop-webhook-adapter.mjs` translates webhooks to relay-manager RPC +- **Bridge import:** `support-trust-safety/scripts/coop-bridge-import.sh` pulls Kind 1984 reports from staging relay + +## Deployment + +Images build via GitHub Actions to `ghcr.io/divinevideo/coop-server`, `coop-worker`, `coop-client`. +K8s manifests live in `divine-iac-coreconfig/k8s/applications/coop/`. + +## Staging Dependencies + +- **PostgreSQL:** shared CNPG cluster in `postgres-clusters` namespace +- **Redis:** shared sentinel cluster in `redis-clusters` namespace +- **ClickHouse:** ClickHouse operator available; needs a ClickHouseInstallation CR +- **ScyllaDB:** not available on cluster; env vars stubbed with dummy values (MRT workflow does not require Scylla on the critical path) + +## Local Dev + +```bash +docker compose up -d postgres redis clickhouse scylla +docker compose run migrations +# Then run server and client separately or via docker compose +``` + +## Upstream Sync + +Pull from `upstream` (roostorg/coop), push divine-specific changes to `origin` (divinevideo/coop).