paketo-buildpacks · paketo-bot · Dec 7, 2021 · Dec 7, 2021 · Dec 9, 2021 · Dec 14, 2021
@@ -1,14 +1,18 @@
 .github/.patch_files
-.github/.syncignore
-.github/CODEOWNERS
-.github/dependabot.yml
 .github/labels.yml
-.github/workflows/check-pr-labels.yml
+.github/CODEOWNERS
+.github/workflows
+.github/workflows/approve-bot-pr.yml
 .github/workflows/codeql-analysis.yml
-.github/workflows/label-pr.yml
 .github/workflows/lint.yml
-.github/workflows/synchronize-labels.yml
+.github/workflows/update-github-config.yml
+.github/workflows/create-draft-release.yml
 .github/workflows/test-pull-request.yml
+.github/workflows/lint-yaml.yml
+.github/workflows/synchronize-labels.yml
+.github/workflows/label-pr.yml
+.github/.syncignore
+.github/dependabot.yml
 .gitignore
 LICENSE
 NOTICE

@@ -0,0 +1 @@
+CODEOWNERS
@@ -1,7 +1,7 @@
+---
 version: 2
 updates:
 - package-ecosystem: gomod
   directory: "/"
   schedule:
     interval: daily
-  open-pull-requests-limit: 10
@@ -16,3 +16,27 @@
 - name: documentation
   description: This issue relates to writing documentation
   color: D4C5F9
+- name: help wanted
+  description: Extra attention is needed
+  color: 008672
+- name: semver:major
+  description: A change requiring a major version bump
+  color: 6b230e
+- name: semver:minor
+  description: A change requiring a minor version bump
+  color: cc6749
+- name: semver:patch
+  description: A change requiring a patch version bump
+  color: f9d0c4
+- name: good first issue
+  description: A good first issue to get started with
+  color: d3fc03
+- name: "failure:release"
+  description: An issue filed automatically when a release workflow run fails
+  color: f00a0a
+- name: "failure:update-github-config"
+  description: An issue filed automatically when a github config update workflow run fails
+  color: f00a0a
+- name: "failure:approve-bot-pr"
+  description: An issue filed automatically when a PR auto-approve workflow run fails
+  color: f00a0a
@@ -0,0 +1,88 @@
+name: Approve Bot PRs and Enable Auto-Merge
+
+on:
+  workflow_run:
+    workflows: ["Test Pull Request"]
+    types:
+    - completed
+
+jobs:
+  download:
+    name: Download PR Artifact
+    if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-22.04
+    outputs:
+      pr-author: ${{ steps.pr-data.outputs.author }}
+      pr-number: ${{ steps.pr-data.outputs.number }}
+    steps:
+    - name: 'Download artifact'
+      uses: paketo-buildpacks/github-config/actions/pull-request/download-artifact@main
+      with:
+        name: "event-payload"
+        repo: ${{ github.repository }}
+        run_id: ${{ github.event.workflow_run.id }}
+        workspace: "/github/workspace"
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+    - id: pr-data
+      run: |
+        echo "author=$(cat event.json | jq -r '.pull_request.user.login')" >> "$GITHUB_OUTPUT"
+        echo "number=$(cat event.json | jq -r '.pull_request.number')" >> "$GITHUB_OUTPUT"
+
+  approve:
+    name: Approve Bot PRs
+    needs: download
+    if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Check Commit Verification
+      id: unverified-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Check for Human Commits
+      id: human-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-human-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Checkout
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: actions/checkout@v3
+
+    - name: Approve
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: paketo-buildpacks/github-config/actions/pull-request/approve@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Enable Auto-Merge
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      run: |
+        gh pr merge ${{ needs.download.outputs.pr-number }} --auto --rebase
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [download, approve]
+    if: ${{ always() && needs.download.result == 'failure' || needs.approve.result == 'failure' }}
+    steps:
+    - name: File Failure Alert Issue
+      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        label: "failure:approve-bot-pr"
+        comment_if_exists: true
+        issue_title: "Failure: Approve bot PR workflow"
+        issue_body: |
+          Approve bot PR workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+        comment_body: |
+          Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
@@ -2,16 +2,20 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches:
+    - main
+    - v*
   pull_request:
-    branches: [ main ]
+    branches:
+    - main
+    - v*
   schedule:
-  - cron: '0 0 * * *' # Once a day at midnight
+  - cron: '24 18 * * *'  # daily at 18:24 UTC
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     strategy:
       fail-fast: false
@@ -21,15 +25,15 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
@@ -1,9 +1,13 @@
-name: Create Release
+name: Create or Update Draft Release
 
 on:
   push:
     branches:
     - main
+    - v*
+    - '!v*-*'
+  repository_dispatch:
+    types: [ version-bump ]
   workflow_dispatch:
     inputs:
       version:
@@ -15,29 +19,30 @@ concurrency: release
 jobs:
   unit:
     name: Unit Tests
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
     - name: Setup Go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v3
       with:
-        go-version: 1.16
+        go-version: 'stable'
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Run Unit Tests
-      run: go test -v -count=1 ./...
+      run: ./scripts/unit.sh
 
   release:
     name: Release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: unit
     steps:
     - name: Setup Go
-      uses: actions/setup-go@v2.1.3
+      uses: actions/setup-go@v3
       with:
-        go-version: 1.16.x
+        go-version: 'stable'
     - name: Checkout
-      uses: actions/checkout@v2
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+      uses: actions/checkout@v3
+      with:
+        fetch-tags: true
     - name: Reset Draft Release
       id: reset
       uses: paketo-buildpacks/github-config/actions/release/reset-draft@main
@@ -51,15 +56,16 @@ jobs:
       with:
         repo: ${{ github.repository }}
         token: ${{ github.token }}
+        ref-name: ${{ github.ref_name }}
     - name: Set Release Tag
       id: tag
       run: |
         tag="${{ github.event.inputs.version }}"
         if [ -z "${tag}" ]; then
           tag="${{ steps.semver.outputs.tag }}"
         fi
-        echo "::set-output name=tag::${tag}"
-    - name: Create Draft Release
+        echo "tag=${tag}" >> "$GITHUB_OUTPUT"
+    - name: Create Release
       uses: paketo-buildpacks/github-config/actions/release/create@main
       with:
         repo: ${{ github.repository }}
@@ -68,3 +74,22 @@ jobs:
         target_commitish: ${{ github.sha }}
         name: v${{ steps.tag.outputs.tag }}
         draft: true
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [ unit, release ]
+    if: ${{ always() && needs.unit.result == 'failure' || needs.release.result == 'failure' }}
+    steps:
+    - name: File Failure Alert Issue
+      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        label: "failure:release"
+        comment_if_exists: true
+        issue_title: "Failure: Create Draft Release workflow"
+        issue_body: |
+          Create Draft Release workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+        comment_body: |
+           Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
@@ -1,17 +1,34 @@
-name: Auto-label PR
+name: Set / Validate PR Labels
 on:
-  pull_request:
+  pull_request_target:
     branches:
     - main
+    - v*
+    types:
+    - synchronize
+    - opened
+    - reopened
+    - labeled
+    - unlabeled
 
-concurrency: pr_labels
+concurrency: pr_labels_${{ github.event.number }}
 
 jobs:
-  semver-label:
-    name: Semver Auto-Label
-    runs-on: ubuntu-latest
+  autolabel:
+    name: Ensure Minimal Semver Labels
+    runs-on: ubuntu-22.04
     steps:
+    - name: Check Minimal Semver Labels
+      uses: mheap/github-action-required-labels@v3
+      with:
+        count: 1
+        labels: semver:major, semver:minor, semver:patch
+        mode: exactly
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Auto-label Semver
+      if: ${{ failure() }}
       uses: paketo-buildpacks/github-config/actions/pull-request/auto-semver-label@main
       env:
         GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
@@ -0,0 +1,30 @@
+name: Lint Workflows
+
+on:
+  pull_request:
+    paths:
+    - '.github/**.yml'
+    - '.github/**.yaml'
+
+jobs:
+  lintYaml:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Checkout github-config
+      uses: actions/checkout@v3
+      with:
+        repository: paketo-buildpacks/github-config
+        path: github-config
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.8
+
+    - name: Install yamllint
+      run: pip install yamllint
+
+    - name: Lint YAML files
+      run: yamllint ./.github -c github-config/.github/.yamllint