beatz174-bit
81 lines
2.1 KiB
Markdown
81 lines
2.1 KiB
Markdown
# Codex instructions for this repository
|
|
|
|
This repository contains:
|
|
- Docker Compose infrastructure
|
|
- Terraform configuration
|
|
- Ansible configuration
|
|
|
|
## General rules
|
|
|
|
Prefer validation and linting over execution.
|
|
Do not make assumptions about runtime access.
|
|
Do not run destructive commands.
|
|
Do not install repo changes unless explicitly requested.
|
|
|
|
## Docker / Compose rules
|
|
|
|
This environment does not have Docker daemon access.
|
|
Do not use commands that require `/var/run/docker.sock`.
|
|
|
|
Allowed:
|
|
- `docker compose config`
|
|
- `docker compose -f <file> config`
|
|
- `./services-up.sh --profile all config`
|
|
|
|
Not allowed:
|
|
- `docker compose up`
|
|
- `docker compose down`
|
|
- `docker compose run`
|
|
- `docker compose exec`
|
|
- `docker build`
|
|
- `docker pull`
|
|
|
|
When validating Docker changes:
|
|
1. Prefer `./services-up.sh --profile all config` if available.
|
|
2. If that does not fit the task, use `docker compose -f ... config`.
|
|
3. Only create temporary placeholder env files if validation requires them.
|
|
4. Do not commit placeholder env files unless explicitly requested.
|
|
|
|
## Terraform rules
|
|
|
|
Allowed:
|
|
- `terraform fmt -check -recursive`
|
|
- `terraform init -backend=false -input=false`
|
|
- `terraform validate`
|
|
- `tflint`
|
|
|
|
Do not apply infrastructure changes unless explicitly requested.
|
|
Do not run:
|
|
- `terraform apply`
|
|
- `terraform destroy`
|
|
|
|
If `terraform init` fails because access to `registry.terraform.io` is forbidden, do not summarize the error vaguely. Report the exact stderr. Continue with:
|
|
- `terraform fmt -check -recursive`
|
|
- static review of changed `.tf` files
|
|
|
|
Only run `terraform validate` when provider installation is available locally or registry access succeeds.
|
|
|
|
## Ansible rules
|
|
|
|
Allowed:
|
|
- `ansible-lint`
|
|
- `ansible-playbook --syntax-check <playbook>`
|
|
|
|
Do not run playbooks against real hosts unless explicitly requested.
|
|
|
|
## Shell / YAML rules
|
|
|
|
Allowed:
|
|
- `shellcheck`
|
|
- `yamllint`
|
|
- `yq`
|
|
- `jq`
|
|
|
|
## Expected workflow
|
|
|
|
When making changes:
|
|
1. Edit the smallest necessary set of files.
|
|
2. Run the safest available validation commands.
|
|
3. Report validation results clearly.
|
|
4. If validation is blocked by missing secrets, env files, or remote/provider access, say so explicitly instead of guessing.
|