Background
scripts/deploy/govcms-config-import currently treats every non-production environment the same way: it imports config/default/ and then overlays config/dev/ via drush config:import --partial.
That means there's no way to disable security-relevant modules such as shield on a developer's local machine without also disabling them on public Lagoon dev/staging/branch URLs — which defeats the point of having shield enabled there.
Proposal
Mirror the existing CONFIG_DEV_DIR pattern with a new optional CONFIG_LOCAL_DIR (default /app/config/local). Apply it as an additional drush config:import --partial step only when LAGOON_ENVIRONMENT_TYPE=local and the directory contains importable YAML.
Overlay order after this change:
config/default/ (always, full import)config/dev/ (any non-production env, partial)config/local/ (local env only, partial) — new
Why this shape
- Symmetric with the existing
CONFIG_DEV_DIR pattern — no new mental model.
- Opt-in / no-op for projects that don't add a
config/local/ directory.
- Gated on
LAGOON_ENVIRONMENT_TYPE=local, so public Lagoon dev/staging URLs can never pick up these overrides.
- Doesn't touch
drupal/settings/*, so it composes cleanly with any existing settings.local.php.
Acceptance criteria
Out of scope
- Settings-based runtime overrides (possible follow-up).
- Changing shield defaults in
config/default/.
- Adding opinionated local defaults to the scaffold itself.
References
Background
scripts/deploy/govcms-config-importcurrently treats every non-production environment the same way: it importsconfig/default/and then overlaysconfig/dev/viadrush config:import --partial.That means there's no way to disable security-relevant modules such as
shieldon a developer's local machine without also disabling them on public Lagoon dev/staging/branch URLs — which defeats the point of having shield enabled there.Proposal
Mirror the existing
CONFIG_DEV_DIRpattern with a new optionalCONFIG_LOCAL_DIR(default/app/config/local). Apply it as an additionaldrush config:import --partialstep only whenLAGOON_ENVIRONMENT_TYPE=localand the directory contains importable YAML.Overlay order after this change:
config/default/(always, full import)config/dev/(any non-production env, partial)config/local/(local env only, partial) — newWhy this shape
CONFIG_DEV_DIRpattern — no new mental model.config/local/directory.LAGOON_ENVIRONMENT_TYPE=local, so public Lagoon dev/staging URLs can never pick up these overrides.drupal/settings/*, so it composes cleanly with any existingsettings.local.php.Acceptance criteria
CONFIG_LOCAL_DIRenv var (default/app/config/local) added toscripts/deploy/govcms-config-import.drush config:import --partial --source=$CONFIG_LOCAL_DIRruns only whenLAGOON_ENVIRONMENT_TYPE=localAND the directory contains YAML.CONFIG_DEV_DIRoverlay (so local wins).production,development, branch envs, or when the directory is absent/empty.Out of scope
config/default/.References
scaffold-tooling/scripts/govcms-deploy
Line 84 in d2a68b4
scripts/deploy/govcms-config-import