Copilot/vscode mkptm08w tpm2

.github/auto_assign.yml

@@ -0,0 +1,17 @@
+# Set to true to add reviewers to pull requests
+addReviewers: true
+
+# Set to true to add assignees to pull requests
+addAssignees: false
+
+# A list of reviewers to be added to pull requests (GitHub user name)
+reviewers:
+  - phantsure
+  - anuragc617
+  - tiwarishub
+  - vsvipul
+  - bishal-pdmsft
+
+# A number of reviewers added to the pull request
+# Set 0 to add all the reviewers (default: 0)
+numberOfReviewers: 1

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/labeler.yml

@@ -0,0 +1,3 @@
+# Add 'code-scanning' label to any changes within 'code-scanning' folder or any subfolders
+code-scanning:
+- code-scanning/**/*

.github/pull_request_template.md

@@ -1,31 +1,61 @@
-Thank you for sending in this pull request. Please make sure you take a look at the [contributing file](https://github.com/actions/starter-workflows/blob/master/CONTRIBUTING.md). Here's a few things for you to consider in this pull request:
+<!--
+IMPORTANT:
 
-- [ ] Include a good description of the workflow.
-- [ ] Links to the language or tool will be nice (unless its really obvious)
+This repository contains configuration for what users see when they click on the `Actions` tab and the setup page for Code Scanning.
 
-In the workflow and properties files:
+It is not:
+* A playground to try out scripts
+* A place for you to create a workflow for your repository
+-->
 
-- [ ] The workflow filename of CI workflows should be the name of the language or platform, in lower case.  Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").
+## Pre-requisites
 
-  The workflow filename of publishing workflows should be the name of the language or platform, in lower case, followed by "-publish".
-- [ ] Includes a matching `ci/properties/*.properties.json` file.
-- [ ] Use sentence case for the names of workflows and steps, for example "Run tests".
-- [ ] The name of CI workflows should only be the name of the language or platform: for example "Go" (not "Go CI" or "Go Build")
-- [ ] Include comments in the workflow for any parts that are not obvious or could use clarification.
-- [ ] CI workflows should run on `push` to `branches: [ master ]` and `pull_request` to `branches: [ master ]`.
+- [ ] Prior to submitting a new workflow, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner).
 
-  Packaging workflows should run on `release` with `types: [ created ]`.
+---
 
-Some general notes:
+### **Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.**
 
-- [ ] This workflow must only use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**
+---
 
-  This workflow must only use actions that are produced by the language or ecosystem that the workflow supports.  These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions).  Workflows using these actions must reference the action using the full 40 character hash of the action's commit instead of a tag.  Additionally, workflows must include the following comment at the top of the workflow file:
+## Tasks
+
+**For _all_ workflows, the workflow:**
+
+- [ ] Should be contained in a `.yml` file with the language or platform as its filename, in lower, [_kebab-cased_](https://en.wikipedia.org/wiki/Kebab_case) format (for example, [`docker-image.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-image.yml)).  Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").
+- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
+- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
+- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
+- [ ] Should specify least privileged [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
+
+**For _CI_ workflows, the workflow:**
+
+- [ ] Should be preserved under [the `ci` directory](https://github.com/actions/starter-workflows/tree/main/ci).
+- [ ] Should include a matching `ci/properties/*.properties.json` file (for example, [`ci/properties/docker-publish.properties.json`](https://github.com/actions/starter-workflows/blob/main/ci/properties/docker-publish.properties.json)).
+- [ ] Should run on `push` to `branches: [ $default-branch ]` and `pull_request` to `branches: [ $default-branch ]`.
+- [ ] Packaging workflows should run on `release` with `types: [ created ]`.
+- [ ] Publishing workflows should have a filename that is the name of the language or platform, in lower case, followed by "-publish" (for example, [`docker-publish.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml)).
+
+**For _Code Scanning_ workflows, the workflow:**
+
+- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/code-scanning).
+- [ ] Should include a matching `code-scanning/properties/*.properties.json` file (for example, [`code-scanning/properties/codeql.properties.json`](https://github.com/actions/starter-workflows/blob/main/code-scanning/properties/codeql.properties.json)), with properties set as follows:
+  - [ ] `name`: Name of the Code Scanning integration.
+  - [ ] `creator`: Name of the organization/user producing the Code Scanning integration.
+  - [ ] `description`: Short description of the Code Scanning integration.
+  - [ ] `categories`: Array of languages supported by the Code Scanning integration.
+  - [ ] `iconName`: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in [the `icons` directory](https://github.com/actions/starter-workflows/tree/main/icons).
+- [ ] Should run on `push` to `branches: [ $default-branch, $protected-branches ]` and `pull_request` to `branches: [ $default-branch ]`. We also recommend a `schedule` trigger of `cron: $cron-weekly` (for example, [`codeql.yml`](https://github.com/actions/starter-workflows/blob/c59b62dee0eae1f9f368b7011cf05c2fc42cf084/code-scanning/codeql.yml#L14-L21)).
+
+**Some general notes:**
+
+- [ ] This workflow must _only_ use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**
+- [ ] This workflow must _only_ use actions that are produced by the language or ecosystem that the workflow supports.  These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions).  We require that these actions be referenced using the full 40 character hash of the action's commit instead of a tag.  Additionally, workflows must include the following comment at the top of the workflow file:
     ```
     # This workflow uses actions that are not certified by GitHub.
     # They are provided by a third-party and are governed by
     # separate terms of service, privacy policy, and support
     # documentation.
     ```
-- [ ] This workflow must not send data to any 3rd party service except for the purposes of installing dependencies.
-- [ ] This workflow must not use a paid service or product.
+- [ ] Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
+- [ ] Automation and CI workflows cannot be dependent on a paid service or product.

.github/workflows/auto-assign-issues.yml

@@ -0,0 +1,15 @@
+name: Issue assignment
+
+on:
+    issues:
+        types: [opened]
+
+jobs:
+    auto-assign:
+        runs-on: ubuntu-latest
+        steps:
+            - name: 'Auto-assign issue'
+              uses: pozil/auto-assign-issue@v1.11.0
+              with:
+                  assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft
+                  numOfAssignee: 1

.github/workflows/auto-assign.yml

@@ -0,0 +1,10 @@
+name: 'Auto Assign'
+on:
+  pull_request_target:
+    types: [opened, ready_for_review]
+
+jobs:
+  add-reviews:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: kentaro-m/auto-assign-action@v1.2.2

.github/workflows/label-feature.yml

@@ -0,0 +1,21 @@
+name: Close as a feature
+on:
+  issues:
+    types: [labeled]
+
+jobs:
+  build:
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+    - name: Close Issue
+      uses: peter-evans/close-issue@v3
+      if: contains(github.event.issue.labels.*.name, 'feature')
+      with:
+        comment: |
+          Thank you 🙇 for this request. This request has been classified as a feature by the maintainers.
+
+          We take all the requests for features seriously and have passed this on to the internal teams for their consideration.
+
+          Because any feature requires further maintenance and support in the long term by this team, we would like to exercise caution into adding new features. If this feature is something that can be implemented independently, please consider forking this repository and adding the feature.

.github/workflows/label-support.yml

@@ -0,0 +1,21 @@
+name: Close as a support issue
+on:
+  issues:
+    types: [labeled]
+
+jobs:
+  build:
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+    - name: Close Issue
+      uses: peter-evans/close-issue@v3
+      if: contains(github.event.issue.labels.*.name, 'support')
+      with:
+        comment: |
+          Sorry, but we'd like to keep issues related to code in this repository. Thank you 🙇 
+
+          If you have questions about writing workflows or action files, then please [visit the GitHub Community Forum's Actions Board](https://github.community/t5/GitHub-Actions/bd-p/actions)
+
+          If you are having an issue or question about GitHub Actions then please [contact customer support](https://help.github.com/en/articles/about-github-actions#contacting-support)

.github/workflows/labeler-triage.yml

@@ -0,0 +1,16 @@
+name: "Pull Request Labeler"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/lint.yaml

@@ -0,0 +1,31 @@
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+
+  pre-commit:
+    name: pre-commit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Cache pre-commit
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
+
+      - name: Install pre-commit
+        run: pip3 install pre-commit
+
+      - name: Run pre-commit
+        run: pre-commit run --all-files --show-diff-on-failure --color always

.github/workflows/stale.yml

@@ -0,0 +1,22 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "21 4 * * *"
+
+jobs:
+  stale:
+
+    permissions:
+      issues: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v8
+      with:
+        stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.'
+        stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
+        days-before-stale: 90 

.github/workflows/sync_ghes.yaml → .github/workflows/sync-ghes.yaml

@@ -1,26 +1,35 @@
+name: Sync workflows for GHES
+
 on:
   push:
-    branches:
-    - master
+    branches: [ main ]
 
 jobs:
   sync:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - run: |
         git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
         git config user.email "cschleiden@github.com"
         git config user.name "GitHub Actions"
-    - uses: actions/setup-node@v1
+    - uses: actions/setup-node@v3
       with:
-        node-version: '12'
+        node-version: '16'
+        cache: 'npm'
+        cache-dependency-path: script/sync-ghes/package-lock.json
     - name: Check starter workflows for GHES compat
       run: |
         npm ci
         npx ts-node-script ./index.ts
       working-directory: ./script/sync-ghes
     - run: |
         git add -A
-        git commit -m "Updating GHES workflows"
-    - run: git push
+        if [ -z "$(git status --porcelain)" ]; then
+          echo "No changes to commit"
+        else
+          git commit -m "Updating GHES workflows"
+        fi
+    - run: git push

.github/workflows/validate-data.yaml

@@ -0,0 +1,25 @@
+name: Validate Data
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  validate-data:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: script/validate-data/package-lock.json
+
+      - name: Validate workflows
+        run: |
+          npm ci
+          npx ts-node-script ./index.ts
+        working-directory: ./script/validate-data

.pre-commit-config.yaml

@@ -0,0 +1,6 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: trailing-whitespace
+    files: (automation/|ci/|code-scanning/|deployments/|pages/).*(yaml|yml|json)$

CODEOWNERS

@@ -0,0 +1,5 @@
+* @actions/actions-workflow-development-reviewers @actions/starter-workflows
+
+/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
+/code-scanning/dependency-review.yml @actions/actions-workflow-development-reviewers @actions/advanced-security-dependency-graph @actions/starter-workflows
+/pages/ @actions/pages @actions/actions-workflow-development-reviewers @actions/starter-workflows

CONTRIBUTING.md

@@ -4,17 +4,21 @@
 
 Hi there 👋 We are excited that you want to contribute a new workflow to this repo. By doing this you are helping people get up and running with GitHub Actions and that's cool 😎.
 
-Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](https://github.com/actions/starter-workflows/blob/master/LICENSE).
+Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](https://github.com/actions/starter-workflows/blob/main/LICENSE).
 
 Please note that this project is released with a [Contributor Code of Conduct](
-https://github.com/actions/.github/blob/master/CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
+https://github.com/actions/.github/blob/main/CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
+
+**At this time we are only accepting new starter workflows for Code Scanning**
+
+### Previous guidelines for new starter workflows.
 
 Before merging a new workflow, the following requirements need to be met:
 
 - Should be as simple as is needed for the service.
 - There are many programming languages and tools out there. Right now we don't have a page that allows for a really large number of workflows, so we do have to be a little choosy about what we accept. Less popular tools or languages might not be accepted.
-- Should not send data to any 3rd party service except for the purposes of installing dependencies.
-- Cannot use an Action that isn't in the `actions` organization.
-- Cannot be to a paid service or product.
+- Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
+- Automation and CI workflows cannot be dependent on a paid service or product.
+- We require that Actions outside of the `actions` organization be pinned to a specific SHA.
 
 Thank you

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 GitHub
+Copyright (c) 2020 GitHub
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,5 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE. THIS LICENSE DOES NOT GRANT YOU RIGHTS TO USE ANY CONTRIBUTORS'
+NAME, LOGO, OR TRADEMARKS.