Changing the config
The OpenWoo config is not edited live in a tenant and is not
imported from a hand-edited export. The single source of truth is
config/woo.configuration.json in this repo. Anyone changing the config
follows this flow — no exceptions:
git switch -c feat/<what-changed>- Make/obtain a fresh export → drop it in the repo as
raw-<date>.json(git-ignored, never committed). make sanitize RAW=raw-<date>.json— strips the postgres runtime pollution intoconfig/woo.configuration.json.make lint && make test— the gate. Fix any dangling refs / pollution.make functional(local) — prove it imports into a clean Nextcloud (see functional test).- Review the diff, open a PR. CI runs
lint+test+ secret scan. - Merge → tag a release. Nextcloud-base consumes the tag (see design).
This is the whole point of the repo: errors are caught here, in review and CI, before the config can reach a tenant.
De gate uit stap 4 werkt — dit blok draait hem als geteste bewering bij elke push (uitvoerbare documentatie):
```bash verify make lint >/dev/null
## Make targets
```bash
make lint # CI gate: fail on runtime pollution / dangling refs
make sanitize # strip pollution from config/woo.configuration.json in place
make sanitize RAW=fresh-export.json # clean a fresh export into the canonical config
make test # run unit tests
make functional # local layer-2: import into ephemeral Nextcloud (needs docker)
What the sanitizer strips and what the linter enforces is specified in the sanitizer & linter reference.