chore(ci): update workflows (#2420)

Signed-off-by: ashing <[email protected]>

Author: ronething

.github/actions/markdown-link-check

@@ -24,15 +24,37 @@ on:
   pull_request:
     branches:
       - master
-      - release-v2-dev
+      - next
       - 1.8.0
   schedule:
     - cron: '25 5 * * 5'
 
 jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      go: ${{ steps.filter.outputs.go }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: ./.github/actions/paths-filter
+        id: filter
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            go:
+              - '*.go'
+              - '**/*.go'
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+
+    needs: changes
+    if: |
+      (needs.changes.outputs.go == 'true')
     strategy:
       fail-fast: false
       matrix:

.github/actions/paths-filter

@@ -0,0 +1,37 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+name: 'Dependency Review'
+on: 
+  pull_request:
+    branches:
+      - master
+      - next
+      - 1.8.0
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,115 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+name: lint-checker-ci
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+      - next
+      - 1.8.0
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      docs: ${{ steps.filter.outputs.docs }}
+      go: ${{ steps.filter.outputs.go }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: ./.github/actions/paths-filter
+        id: filter
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            docs:
+              - 'docs/**/*'
+              - '*.md'
+            go:
+              - '*.go'
+              - '**/*.go'
+              - 'go.mod'
+              - 'go.sum'
+              - 'Makefile'
+              - 'Dockerfile'
+              - 'test/e2e/**/*'
+              - 'conf/**'
+              - 'utils/**'
+              - ".github/**"
+
+  run-test:
+    needs: changes
+    if: |
+      (needs.changes.outputs.go == 'true')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go Env
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22'
+      - name: run gofmt
+        working-directory: ./
+        run: |
+          diffs=`gofmt -l .`
+          if [[ -n $diffs ]]; then
+              echo "Files are not formatted by gofmt:"
+              echo $diffs
+              exit 1
+          fi
+  markdownlint:
+    needs: changes
+    if: |
+      (needs.changes.outputs.docs == 'true')
+    name: 🍇 Markdown
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: 🚀 Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.7.x'
+      - run: npm install -g [email protected]
+      - run: markdownlint '**/*.md' --ignore node_modules --ignore CHANGELOG.md --ignore docs/en/latest/references/v2.md
+  markdown-link-check:
+    needs: changes
+    if: |
+      (needs.changes.outputs.docs == 'true')
+    runs-on: ubuntu-latest
+    name: Check Markdown links
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: ./.github/actions/markdown-link-check
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'yes'
+          config-file: 'link-check-config.json'
+          folder-path: 'docs/en'
+          file-path: './README.md, ./install.md, ./test/e2e/README.md'
+          max-depth: -1
+          file-extension: ".md"
+          check-modified-files-only: "no"

.github/workflows/dependency-review.yml

@@ -27,9 +27,8 @@ jobs:
       - name: Login to Registry
         uses: docker/login-action@v3
         with:
-          registry: ${{ secrets.DOCKER_REGISTRY }}
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push multi-arch image
         env:

.github/workflows/lint-checker.yml

@@ -0,0 +1,71 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+name: 'Close stale issues and PRs'
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 1 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
+    name: Prune Stale
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/stale@v5
+        with:
+          days-before-issue-stale: 90
+          days-before-issue-close: 30
+          stale-issue-message: >
+            This issue has been marked as stale due to 90 days of inactivity.
+            It will be closed in 30 days if no further activity occurs. If this issue is still
+            relevant, please simply write any comment. Even if closed, you can still revive the
+            issue at any time or discuss it on the [email protected] list.
+            Thank you for your contributions.
+          close-issue-message: >
+            This issue has been closed due to lack of activity. If you think that
+            is incorrect, or the issue requires additional review, you can revive the issue at
+            any time.
+          days-before-pr-stale: 60
+          days-before-pr-close: 30
+          stale-pr-message: >
+            This pull request has been marked as stale due to 60 days of inactivity.
+            It will be closed in 30 days if no further activity occurs. If you think
+            that's incorrect or this pull request should instead be reviewed, please simply
+            write any comment. Even if closed, you can still revive the PR at any time or
+            discuss it on the [email protected] list.
+            Thank you for your contributions.
+          close-pr-message: >
+            This pull request/issue has been closed due to lack of activity. If you think that
+            is incorrect, or the pull request requires review, you can revive the PR at any time.
+          # Issues with these labels will never be considered stale.
+          exempt-issue-labels: 'triage/accepted,discuss,good first issue'
+          exempt-pr-labels: 'triage/accepted'
+          exempt-all-milestones: true
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          ascending: true

.github/workflows/push-docker-v2-dev.yaml

@@ -0,0 +1,61 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: yamllint-checker
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+      - next
+      - 1.8.0
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      yaml: ${{ steps.filter.outputs.yaml }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: ./.github/actions/paths-filter
+        id: filter
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # focus on `samples/deploy` yaml files directory
+          filters: |
+            yaml:
+              - 'samples/deploy/**/*'
+  yamllint-checker:
+    needs: changes
+    if: |
+      (needs.changes.outputs.yaml == 'true')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - run: pip install yamllint==1.29.0
+      - name: 🚀 Run yamllint
+        run: yamllint samples/deploy  # focus on `samples/deploy` yaml files directory

.github/workflows/push-docker.yaml

@@ -0,0 +1,6 @@
+[submodule ".github/actions/paths-filter"]
+	path = .github/actions/paths-filter
+	url = https://github.com/dorny/paths-filter.git
+[submodule ".github/actions/markdown-link-check"]
+	path = .github/actions/markdown-link-check
+	url = https://github.com/gaurav-nelson/github-action-markdown-link-check.git