Skip to content

DEV-736 Document artifact repo quarantine #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Wentzel-DevDocs wants to merge 1 commit into
base: gh-pages
Choose a base branch
from
Open

DEV-736 Document artifact repo quarantine #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# devdocsorg.github.io

## SOC 2 repository status

This repository is classified for DEV-736 as a legacy static artifact repository.
The checked-in surface is generated GitHub Pages output: static HTML, images,
fonts, JavaScript worker files, schemas, sitemap data, `.nojekyll`, and a `CNAME`
for `docs.devdocs.work`. No application source tree, package manifest, CI
workflow, server runtime, database client, or deployment pipeline definition is
present in this checkout.

Production boundary status: treat this repository as a production-adjacent
hosting boundary while GitHub Pages or the `docs.devdocs.work` custom domain can
serve from it. It should not be used as the authoritative documentation source or
as a place to make product changes.

Operational rule: do not edit hosted content here except for emergency rollback
or explicitly approved retirement work. Make source documentation changes in the
canonical documentation repository, then publish through the approved pipeline.

See [compliance/DEV-736-artifact-repo-quarantine.md](compliance/DEV-736-artifact-repo-quarantine.md)
for the quarantine, lockdown, retirement, and acceptance checklist.
77 changes: 77 additions & 0 deletions compliance/DEV-736-artifact-repo-quarantine.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# DEV-736 Artifact Repository Quarantine

## Scope

DEV-736 covers the duplicate `devdocsorg.github.io` repository and its GitHub
Pages artifact surface. This document is intentionally documentation-only and
does not change hosted content, routing, domain configuration, or generated
assets.

## Classification

- Repository type: legacy static artifact repository.
- Contents observed: generated HTML, CSS, JavaScript, workers, images, schemas,
sitemap data, `.nojekyll`, and `CNAME`.
- Canonical source status: not canonical source of truth. No source application
tree, dependency manifest, build command, test command, CI workflow, or release
pipeline was present in this checkout.
- Secrets status: no secrets are required for this repository to serve static
artifacts. Repository settings should still be checked for GitHub Actions
secrets, Pages deploy keys, environment secrets, and third-party integration
tokens before archival or deletion.

## Production Boundary Status

This repository must be treated as production-adjacent until ownership confirms
that it no longer serves public traffic. The root `CNAME` currently points Pages
configuration at `docs.devdocs.work`; while that domain or GitHub Pages remains
active, this repository is inside the documentation hosting control boundary.

No new production functionality should be developed here. Changes should be
limited to quarantine documentation, access control, retirement mechanics, or
emergency rollback approved by the repository owner.

## Required Lockdown Steps

1. Identify and record the canonical documentation source repository and current
deployment pipeline owner.
2. Confirm whether `docs.devdocs.work` or any other public URL still resolves to
artifacts from this repository.
3. Freeze content edits in this repository except for approved retirement or
emergency rollback work.
4. Restrict write/admin access to repository owners responsible for retirement.
5. Confirm branch protection or equivalent review requirements for the serving
branch until retirement is complete.
6. Review repository settings for Actions secrets, environment secrets, deploy
keys, webhooks, GitHub Pages settings, and third-party integrations; remove
anything no longer required.
7. Disable GitHub Pages for this repository after traffic has been migrated or
confirmed inactive.
8. Remove or repoint the custom domain only after DNS and Pages migration have
been validated.
9. Archive or delete the repository after retention, evidence, and rollback
requirements are satisfied.

## Retirement Evidence

Capture the following evidence before closing DEV-736:

- Canonical documentation repository and pipeline link.
- Screenshot or export of repository access controls after lockdown.
- Screenshot or export of GitHub Pages status after disablement or migration.
- DNS validation showing `docs.devdocs.work` no longer depends on this
repository, if applicable.
- Confirmation that repository secrets, deploy keys, webhooks, and integrations
were reviewed and removed or explicitly retained with owner approval.
- Archive/delete decision, retention rationale, and approval record.

## Acceptance Criteria

- Repository README clearly labels this repo as a legacy static artifact repo.
- Production boundary status is documented and acknowledges the current
`docs.devdocs.work` Pages surface.
- Required lockdown and retirement steps are documented.
- Evidence requirements for SOC 2 closure are documented.
- Hosted static content behavior is unchanged by this patch.
- No secrets or environment files are required, introduced, or inspected by this
documentation patch.