Auto-PR: feat(owncloud-docker): add oCIS copier template for DigitalOcean droplets

[weown-bot]

🤖 Automated Pull Request — authored by weown-bot (ecosystem service account)

Opened by: @ncimino
Last pushed by: @ncimino
Branch: feature/nik-owncloud-docker-template → main

Contributors on this branch:

• @ncimino (1 commit)

---

📋 Human Review Checklist — NIST CSF 2.0 Functions

Review per the 6 NIST CSF Functions. Frameworks referenced: NIST CSF 2.0, CIS Controls v8 IG1, CSA CCM v4, ISO/IEC 27001:2022, SOC 2, ISO/IEC 42001:2023. See docs/COMPLIANCE_ROADMAP.md.

🏛️ Govern (GV)

• CODEOWNERS correct for affected paths (.github/CODEOWNERS)
• ADR required/updated if an architectural decision is introduced
• Policy impact considered and documented
• All Copilot AI review comments addressed or explicitly deferred with rationale

🔍 Identify (ID)

• New assets inventoried (Helm values, container images, dependencies)
• SBOM regenerated if dependencies changed
• Risk register / threat model touched if threat surface changed (.github/SECURITY_ASSESSMENT.md)

🛡️ Protect (PR)

• Least privilege: RBAC, ServiceAccounts, scoped PATs (NIST PR.AC, CIS 5/6, ISO A.5.15-A.5.18)
• Secrets managed via Infisical (never --from-literal, never /tmp, always $(mktemp) — ISO A.8.24)
• NetworkPolicy present for new deployments (NIST PR.AC-5, CIS 12, CSA IVS)
• TLS 1.3 with strong cipher suites where applicable (NIST PR.DS-1, CIS 3)
• Container security: non-root UID 1000+, Pod Security restricted (NIST PR.IP, CIS 4)

🕵️ Detect (DE)

• Logs / metrics added for new components (NIST DE.CM, CIS 8/13)
• Alert rules updated if thresholds change
• Health checks (livenessProbe + readinessProbe) configured

🚨 Respond (RS)

• Runbook updated if operational behavior changes (.github/INCIDENT_RESPONSE.md)
• Incident response impact considered (escalation paths, on-call)

♻️ Recover (RC)

• Backup strategy covers new persistent data (NIST RC.RP, CIS 11, ISO A.8.13)
• Rollback procedure tested or documented
• DR impact assessed for new critical components

📚 Documentation & Versioning

• Relevant CHANGELOG.md updated (per-directory or repo-level /CHANGELOG.md)
• #WeOwnVer version bumped per docs/VERSIONING_WEOWNVER.md
• READMEs / ADRs / inline comments updated

---

📝 Recent Commits (full bodies for Copilot context)

bafa931 feat(owncloud-docker): add oCIS copier template for DigitalOcean droplets

Author: Nik
Date: Mon May 18 15:48:45 2026 -0600

Copier template for ownCloud Infinite Scale (oCIS) deployments following the
same patterns as anythingllm-docker, keycloak-docker, and wordpress-docker:
Caddy reverse proxy, Infisical runtime secret injection, skinny backups with
GFS retention, OpenTofu infrastructure provisioning, and cloud-init bootstrap.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

---

---

🔍 Copilot AI Review: Copilot is configured to auto-request review for bot-authored PRs. If an auto-created PR opens without an initial Copilot review, push a follow-up commit to the same open PR (review_on_push: true) to trigger review automatically.

👥 Required Reviewers: 1 human approval enforced by branch protection. requested automatically.

📚 Review Guidelines: .github/copilot-instructions.md (phase-aware compliance directives)

🛠️ Workflow Operations: .github/workflows/README.md

Auto-generated by .github/workflows/auto-pr-to-main.yml