feat(wp-dev): add page content wrapper to display dynamic content in all business and landing templates #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…all business and landing templates
romandidomizio
added a commit
that referenced
this pull request
Oct 20, 2025
romandidomizio
added a commit
that referenced
this pull request
Jan 25, 2026
**Issue #1: kubectl secret rotation using wrong credentials** - Fixed: Use new credentials from API response node, not environment variables - Changed: $INFISICAL_CLIENT_ID → {{ $node["Create New Client Secret"].json.clientId }} - Impact: Ensures Kubernetes secret updated with NEW credentials, not old ones **Issue #2: OpenRouter key deletion invalid hash filter** - Fixed: Use .json.hash field from API response - Changed: | hash filter → .json.hash (proper OpenRouter API field) - Impact: Correct key deletion using hash returned from GET /api/v1/keys **Issue #3: envSlug inconsistency across files** - Fixed: Standardized default to 'prod' matching documentation examples - Changed: values.yaml and template default from 'production' → 'prod' - Impact: Prevents confusion and integration failures from mismatched slugs All 3 issues validated by Copilot AI review on PR #4.
romandidomizio
added a commit
that referenced
this pull request
Jan 27, 2026
Resolved all issues identified in PR #5 Copilot review: Issue #1: Removed duplicate Version line in INFISICAL_INTEGRATION.md Issue #2: Fixed corrupted emoji (� → ⚙️) in README Helm section Issue #3 & #8: Updated VERSIONING_WEOWNVER.md path references: - Changed ../VERSIONING_WEOWNVER.md to /docs/VERSIONING_WEOWNVER.md - Updated in CHANGELOG.md (2 locations) and README.md Issue #4: Fixed VERSIONING_WEOWNVER.md path in anythingllm README.md - Changed relative path to absolute: /docs/VERSIONING_WEOWNVER.md Issue #5: Fixed VERSIONING_WEOWNVER.md path in copilot-instructions.md - Updated version reference documentation path Issue #6: Clarified 3-digit format in VERSIONING_WEOWNVER.md - Added note explaining 3.4.0 uses SEASON.WEEK.DAY where DAY=0 - Documented weekly rollup shorthand format Issue #7: Fixed corrupted emoji (�� → 🔑) in README API section Issue #9: Updated workflow filename reference in auto-pr-to-main.yml - Changed auto-pr-maintenance.yml to auto-pr-to-main.yml in PR body Issue #10: Clarified ISO week year boundary in Season Calendar - Changed W40-W05 to 2025-W40–2026-W05 for Season 2 - Makes year transition explicit and unambiguous All documentation paths now use absolute references (/docs/) for consistency and proper linking across repository structure.
romandidomizio
added a commit
that referenced
this pull request
Jan 27, 2026
Resolved all remaining issues from PR #5 Copilot review: Issue #1 - Workflow branch triggers: - Added explicit branch patterns: maintenance, feature/*, fix/*, docs/*, hotfix/* - Excluded experimental/* branches to prevent unintended PRs - Maintains security while supporting defined branching strategy Issue #2 - Dynamic repository values: - Changed hardcoded 'WeOwnNetwork' to ${{ github.repository_owner }} - Changed hardcoded 'ai' to ${{ github.event.repository.name }} - Enables workflow portability across forks and repos Issue #3 - Improved PR title fallback: - Added commit count when available - Uses latest commit subject as additional hint - Provides context: 'Merge branch into main (X commits)' - Falls back gracefully through multiple options Issue #4 - Copilot date context: - Updated to current date: January 26, 2026 (Sunday) - Clarified Copilot cannot use web search during reviews - Focus on format validation vs exact date calculation Issue #5 & #9 - Version format clarity: - Clarified 3.4.0 as SEASON.WEEK.DAY with DAY=0, VERSION omitted - Updated special cases table with explicit component breakdowns - Added note explaining shorthand format vs full 4-part format Issue #6 - CI/CD dry-run validation: - Removed '|| true' error suppression - Allows failures to propagate and fail pipeline - Aligns with quality gates (blocking on K8s failures) Issue #7 - README absolute paths: - Changed ../docs/ to /docs/ for HELM_VALUE_MANAGEMENT.md - Ensures links work across all documentation contexts Issue #11 - Example day inconsistency: - Fixed Jan 25, 2026 from Saturday (6) to Sunday (7) - Provided complete example version: 2.5.7.1 Issue #12 - CHANGELOG date: - Updated from 2026-01-25 to 2026-01-26 (current date) Issue #14 - WordPress version clarity: - Clarified as 'WordPress application version 3.2.5' - Distinguishes from WeOwnVer chart versioning Issue #15 - Security consistency: - Pinned all actions/checkout@v4 to specific SHA - Added comment: # v4.1.5 for version tracking - Consistent with other pinned actions in workflow All paths now use absolute /docs/ references, all version format ambiguities resolved, security controls enforced consistently.
romandidomizio
added a commit
that referenced
this pull request
Jan 27, 2026
Path consistency + critical /tmp security fixes Issue #1-3: Path references - Fixed copilot-instructions.md and Chart.yaml references - All paths now point to /docs/VERSIONING_WEOWNVER.md Issue #4-5: Date consistency - Updated version history and examples to Jan 26, 2026 Issues #6-9: CRITICAL SECURITY - /tmp usage - Replaced all /tmp/ with secure mktemp (5 instances) - Added trap cleanup and proper file permissions - Prevents credential leakage on multi-user systems Per SOC2/ISO42001 security requirements and WeOwn protocols.
romandidomizio
added a commit
that referenced
this pull request
Jan 27, 2026
Path consistency, verified SHA pinning, critical /tmp security fixes, and documentation date updates. Issue #1: Path references (copilot-instructions.md) - Lines 392, 446: /VERSIONING_WEOWNVER.md → /docs/VERSIONING_WEOWNVER.md Issue #2: GitHub Actions security (SHA pinning) - Applied VERIFIED SHAs (fetched via GitHub API): * actions/checkout@34e1148 # v4 * actions/create-github-app-token@d72941d # v1 - SHA pinning required for security-sensitive workflows: * Handles authentication secrets (APP_ID, APP_PRIVATE_KEY) * Has pull-requests: write permission * Runs automatically without human approval - SHAs are immutable commit fingerprints preventing supply chain attacks - Tags are mutable and can be redirected by compromised maintainers Issue #3: Chart.yaml path reference - Updated to /docs/VERSIONING_WEOWNVER.md for consistency Issue #4-5: Date consistency - VERSIONING_WEOWNVER.md version history: Jan 25 → Jan 26 - copilot-instructions.md example date: Jan 25 → Jan 26 - Removed duplicate date line from previous edit Issues #6-9: CRITICAL SECURITY - /tmp usage (5 instances) - HELM_VALUE_MANAGEMENT.md line 145: mktemp + trap cleanup - Line 302: Secure temp file for modify_live_deployment() - Line 350: Added cleanup after values file editing - Line 440: Secure temp for bulk configuration changes - Line 571: Quick reference updated to mktemp pattern - Prevents credential leakage (API keys, passwords, JWT tokens) on multi-user systems where /tmp is world-readable Documentation updates: - copilot-instructions.md: Last Updated 2026-01-26 - CI_CD_WORKFLOWS.md: Last Updated 2026-01-26 Security improvements align with SOC2/ISO42001 compliance requirements and WeOwn enterprise security protocols.
romandidomizio
added a commit
that referenced
this pull request
Jan 27, 2026
SHA pinning consistency, resource cleanup, version migration clarity. Issue #1: SHA pinning consistency (CI_CD_WORKFLOWS.md) - Pin codeql-action/upload-sarif to verified SHA - SHA: b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 - Matches security standard used elsewhere in workflows Issue #2: Resource cleanup (auto-pr-to-main.yml) - Add trap 'rm -f $PR_BODY $PR_TITLE' EXIT - Prevents orphaned temp files if workflow fails - Ensures cleanup on exit or error Issue #3: Version migration clarity (CHANGELOG.md) - Add migration note explaining 2.1.0 (SemVer) → 2.5.0 (WeOwnVer) - Clarifies version numbers not directly comparable across systems - Improves user understanding of versioning transition All changes align with SOC2/ISO42001 security requirements.
romandidomizio
added a commit
that referenced
this pull request
Jan 31, 2026
Enhanced security controls, error handling, and compliance validation. Issue #1: Trap cleanup timing (auto-pr-to-main.yml) - Set trap immediately after first mktemp (line 56) - Prevents orphaned temp files if second mktemp fails - Security: Ensures cleanup even on early script failure Issue #2: Redundant cleanup (auto-pr-to-main.yml) - Removed manual cleanup at line 157 - Trap EXIT handler already performs cleanup - Prevents double-cleanup errors Issues #3-5: mktemp error handling (HELM_VALUE_MANAGEMENT.md) - Line 145: Added error handling for secure temp file creation - Line 305: Added validation for mktemp in modify_live_deployment() - Line 365: Removed redundant cleanup (rely on trap/caller) - Impact: Scripts now fail fast with clear error messages Issue #6: Placeholder clarification (VERSIONING_WEOWNVER.md) - Added note explaining angle brackets are placeholders - Example: Use SHARED-KERNEL_v3.1.1.1.md, not <SHARED-KERNEL>_v<3>... - Prevents filename confusion for new users Issue #7: Secret exposure fix (HELM_VALUE_MANAGEMENT.md) - Line 478: Encode password to variable before kubectl patch - Prevents password exposure in process listings/logs - Security: Follows enterprise secret handling best practices Issue #8: WeOwnVer day validation (CI_CD_WORKFLOWS.md) - Added day component validation (0-7 range) - Enhanced season validation (1-9999 range) - Week validation improved (0-17 range) - Prevents invalid version numbers in CI/CD pipeline Issue #9: Hardcoded secrets detection (CI_CD_WORKFLOWS.md) - Improved grep pattern to reduce false positives - Excludes comments, examples, and proper secret injection - Pattern: ^[[:space:]]*[^#]*password[^:]*[:=][[:space:]]*[^[:space:]#]+ - Better detection of actual security violations Issue #10: TLS 1.3 enforcement (CI_CD_WORKFLOWS.md) - Changed from ::warning to ::error (SOC2 requirement) - Pipeline now blocks deployments without TLS 1.3 - Aligns with copilot-instructions.md MANDATORY TLS 1.3 policy All changes enhance SOC2/ISO42001 compliance and production security.
romandidomizio
added a commit
that referenced
this pull request
Jan 31, 2026
Critical secrets exposure fix and WeOwnVer validation correction. Issue #1: Week range validation (CI_CD_WORKFLOWS.md) - Changed week validation from 0-17 to 1-17 - Aligns with /docs/VERSIONING_WEOWNVER.md specification (line 24) - Week component must be 1-17, not 0-17 as previously validated - Prevents invalid version numbers in CI/CD pipeline Issue #2: Secrets exposure in Helm commands (HELM_VALUE_MANAGEMENT.md) - Lines 339-367: Replaced --set flags with secure temp values files - OpenRouter API key and JWT secret no longer exposed in process arguments - Prevents local attackers from capturing secrets via ps/top output - Added trap cleanup for secure temp files - Security: Follows enterprise secret handling best practices Enhancement: Enterprise Secrets Management Section - Added comprehensive Infisical Kubernetes Operator guide - Documented secure Kubernetes secrets alternatives - Migration path from native secrets to Infisical - Security best practices: * Never use --set for secrets (process listing exposure) * Enable etcd encryption at rest * RBAC restrictions for secret access * 90-day rotation schedule * Audit logging for secret access - Status: Infisical integration planned for WeOwn cohorts Security Impact: - Eliminates secret exposure in process listings during deployments - Provides enterprise-grade secret management options - Aligns with SOC2/ISO42001 compliance requirements - Prepares infrastructure for centralized secret management All changes enhance production security and compliance posture.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.