rou-cru · rou-cru · Jan 11, 2026 · Jan 11, 2026 · Jan 20, 2026 · Jan 20, 2026
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -19,7 +19,7 @@ body:
       options:
         - label: I have searched existing issues to ensure this is not a duplicate
           required: true
-        - label: I have read the documentation at https://rou-cru.github.io/idp-blueprint/
+        - label: I have read the documentation at https://idp-blueprint.roura.xyz/
           required: true
         - label: I am using the latest version from the main branch
           required: false

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: 📖 Documentation
-    url: https://rou-cru.github.io/idp-blueprint/
+    url: https://idp-blueprint.roura.xyz/
     about: Read the comprehensive documentation for the IDP Blueprint
   - name: 💬 Discussions
     url: https://github.com/rou-cru/idp-blueprint/discussions

diff --git a/.github/ISSUE_TEMPLATE/documentation.yml b/.github/ISSUE_TEMPLATE/documentation.yml
@@ -19,7 +19,7 @@ body:
       options:
         - label: I have searched existing issues to ensure this is not a duplicate
           required: true
-        - label: I have checked the documentation site at https://rou-cru.github.io/idp-blueprint/
+        - label: I have checked the documentation site at https://idp-blueprint.roura.xyz/
           required: true
 
   - type: dropdown
@@ -67,7 +67,7 @@ body:
     attributes:
       label: Page URL or File Path
       description: Link to the documentation page or file path
-      placeholder: "https://rou-cru.github.io/idp-blueprint/guides/getting-started or Docs/src/content/docs/guides/example.md"
+      placeholder: "https://idp-blueprint.roura.xyz/guides/getting-started or Docs/src/content/docs/guides/example.md"
     validations:
       required: false
 

diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -19,7 +19,7 @@ body:
       options:
         - label: I have searched existing issues to ensure this is not a duplicate
           required: true
-        - label: I have read the documentation at https://rou-cru.github.io/idp-blueprint/
+        - label: I have read the documentation at https://idp-blueprint.roura.xyz/
           required: true
         - label: This feature aligns with the IDP Blueprint's goals (GitOps, Observability, Security, Policy)
           required: true

diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -19,8 +19,7 @@ github-actions:
           - ".github/dependabot.yml"
           - ".github/labeler.yml"
           - ".github/ISSUE_TEMPLATE/**/*"
-          - ".github/PULL_REQUEST_TEMPLATE.md"
-          - ".github/CODEOWNERS"
+          - ".github/pull_request_template.md"
 
 # Task Automation
 automation:
@@ -42,50 +41,47 @@ configuration:
 argocd:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/argocd/**/*"
-          - "Stacks/argocd/**/*"
+          - "IT/argocd/**/*"
+          - "K8s/**/argocd*/**/*"
           - "**/argocd-*.yaml"
 
 # Cilium / Networking
 cilium:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/cilium/**/*"
+          - "IT/cilium/**/*"
           - "**/cilium-*.yaml"
 
 # Vault / Secrets
 vault:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/vault/**/*"
-          - "Stacks/vault/**/*"
+          - "IT/vault/**/*"
+          - "K8s/**/vault/**/*"
           - "**/vault-*.yaml"
 
 # External Secrets
 external-secrets:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/external-secrets/**/*"
+          - "IT/external-secrets/**/*"
+          - "K8s/**/external-secrets/**/*"
           - "**/external-secret*.yaml"
           - "**/secret-store*.yaml"
 
 # Kyverno / Policies
 kyverno:
   - changed-files:
       - any-glob-to-any-file:
-          - "Policies/**/*"
-          - "Stacks/kyverno/**/*"
+          - "K8s/policies/**/*"
           - "**/kyverno-*.yaml"
           - "**/*policy*.yaml"
 
 # Observability
 observability:
   - changed-files:
       - any-glob-to-any-file:
-          - "Stacks/prometheus/**/*"
-          - "Stacks/grafana/**/*"
-          - "Stacks/loki/**/*"
-          - "Stacks/fluent-bit/**/*"
+          - "K8s/observability/**/*"
           - "**/prometheus-*.yaml"
           - "**/grafana-*.yaml"
           - "**/loki-*.yaml"
@@ -94,16 +90,15 @@ observability:
 cicd:
   - changed-files:
       - any-glob-to-any-file:
-          - "Stacks/argo-workflows/**/*"
-          - "Stacks/sonarqube/**/*"
+          - "K8s/cicd/**/*"
           - "**/argo-workflow*.yaml"
           - "**/sonarqube-*.yaml"
 
 # cert-manager
 cert-manager:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/cert-manager/**/*"
+          - "IT/cert-manager/**/*"
           - "**/cert-manager-*.yaml"
           - "**/certificate*.yaml"
           - "**/clusterissuer*.yaml"
@@ -112,7 +107,7 @@ cert-manager:
 gateway:
   - changed-files:
       - any-glob-to-any-file:
-          - "Bootstrap/gateway/**/*"
+          - "IT/gateway/**/*"
           - "**/gateway*.yaml"
           - "**/httproute*.yaml"
 
@@ -121,6 +116,7 @@ k3d:
   - changed-files:
       - any-glob-to-any-file:
           - "Task/k3d.yaml"
+          - "IT/k3d-cluster.yaml"
           - ".devcontainer/**/*"
           - "**/k3d-*.yaml"
 
@@ -145,7 +141,6 @@ security:
       - any-glob-to-any-file:
           - "SECURITY.md"
           - ".config/lint/.trufflehog-ignore"
-          - "Policies/**/*"
           - "**/rbac*.yaml"
           - "**/networkpolicy*.yaml"
 

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+## Summary
+- What does this change do?
+- Any user-facing or breaking changes?
+
+## Testing
+- [ ] Not run (explain why)
+- [ ] Added/updated automated tests
+- [ ] Manually tested (`<commands>`)
+
+## Checklist
+- [ ] Docs updated if needed
+- [ ] Conventional commit in title
+- [ ] Linked issue (if relevant)
diff --git a/.github/workflows/auto-merge.yaml b/.github/workflows/auto-merge.yaml
@@ -0,0 +1,83 @@
+name: Auto Merge with CodeRabbit
+
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize, ready_for_review, review_requested]
+  workflow_run:
+    workflows: ["CI Pipeline", "Documentation"]
+    types: [completed]
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+  statuses: read
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.head.repo.full_name == github.repository || github.event.workflow_run.event == 'pull_request'
+    steps:
+      - name: Get PR context
+        id: ctx
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const pr = context.payload.pull_request
+              ? context.payload.pull_request
+              : await (async () => {
+                  // workflow_run path
+                  const run = context.payload.workflow_run
+                  const prData = run.pull_requests && run.pull_requests[0]
+                  if (!prData) return null
+                  const { data } = await github.rest.pulls.get({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    pull_number: prData.number,
+                  })
+                  return data
+                })()
+
+            if (!pr) {
+              core.setFailed('No pull_request context available')
+              return
+            }
+
+            // basic guards
+            if (pr.draft) {
+              core.setOutput('status', 'skip-draft')
+              return
+            }
+            if (pr.state !== 'open') {
+              core.setOutput('status', 'skip-closed')
+              return
+            }
+            if (pr.mergeable_state === 'behind') {
+              core.setOutput('status', 'skip-behind')
+              return
+            }
+            if (!pr.mergeable_state || pr.mergeable_state === 'unknown') {
+              core.setOutput('status', 'skip-unknown')
+              core.info('Mergeable state is unknown, waiting for GitHub to compute it')
+              return
+            }
+            const acceptableStates = ['clean', 'unstable', 'has_hooks']
+            if (!acceptableStates.includes(pr.mergeable_state)) {
+              core.setOutput('status', `skip-${pr.mergeable_state}`)
+              core.info(`Mergeable state '${pr.mergeable_state}' not acceptable for auto-merge`)
+              return
+            }
+
+            core.setOutput('pr-number', pr.number.toString())
+            core.setOutput('mergeable_state', pr.mergeable_state || 'unknown')
+            core.setOutput('status', 'ready')
+
+      - name: Enable auto-merge
+        if: steps.ctx.outputs.status == 'ready' &&
+            steps.ctx.outputs.mergeable_state != 'behind' &&
+            steps.ctx.outputs.mergeable_state != 'unknown'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ steps.ctx.outputs.pr-number }}
+          merge-method: squash