Sync .github/workflows directory with azure-sdk-tools repository

azure-sdk · azure-sdk · commit 1863445893e6 · 2024-10-23T21:57:53.000Z
diff --git a/.github/workflows/event-processor.yml b/.github/workflows/event-processor.yml
@@ -0,0 +1,162 @@
+name: GitHub Event Processor
+
+on:
+  issues:
+    types: [edited, labeled, opened, reopened, unlabeled]
+  # issue_comment is used for both issues and pull_requests
+  # github.event.issue.pull_request will be non-null on pull request comments
+  issue_comment:
+    types: [created]
+  # synchronize is the pull_request_target event when changes are pushed
+  # pull request merged is the closed event with github.event.pull_request.merged = true
+  pull_request_target:
+    types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled]
+
+# This removes all unnecessary permissions, the ones needed will be set below.
+# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+permissions: {}
+
+jobs:
+  # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault.
+  # Because the azure/login step adds time costly pre/post Az CLI commands to any every job
+  # it's used in, split this into its own job so only the event that needs the Az CLI pays
+  # the cost.
+  event-handler-with-azure:
+    permissions:
+      issues: write
+      pull-requests: write
+      # For OIDC auth
+      id-token: write
+      contents: read
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
+    steps:
+      - name: 'Az CLI login'
+        uses: azure/login@v2
+        with:
+            client-id: ${{ secrets.AZURE_CLIENT_ID }}
+            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: 'Run Azure CLI commands'
+        run: |
+          LABEL_SERVICE_API_KEY=$(az keyvault secret show \
+            --vault-name issue-labeler \
+            -n issue-labeler-func-key \
+            -o tsv \
+            --query value)
+
+          echo "::add-mask::$LABEL_SERVICE_API_KEY"
+          echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV
+
+      # To run github-event-processor built from source, for testing purposes, uncomment everything
+      # in between the Start/End-Build From Source comments and comment everything in between the
+      # Start/End-Install comments
+      # Start-Install
+      - name: Install GitHub Event Processor
+        run: >
+          dotnet tool install
+          Azure.Sdk.Tools.GitHubEventProcessor
+          --version 1.0.0-dev.20240917.2
+          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
+          --global
+        shell: bash
+      # End-Install
+
+      # Testing checkout of sources from the Azure/azure-sdk-tools repository
+      # The ref: is the SHA from the pull request in that repository or the
+      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
+      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
+      # need to point to that fork
+      # Start-Build
+      # - name: Checkout tools repo for GitHub Event Processor sources
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: Azure/azure-sdk-tools
+      #     path: azure-sdk-tools
+      #     ref: <refs/pull/<PRNumber>/merge> or <sha>
+
+      # - name: Build and install GitHubEventProcessor from sources
+      #   run: |
+      #     dotnet pack
+      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
+      #   shell: bash
+      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
+      # End-Build
+
+      - name: Process Action Event
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }}
+        shell: bash
+        env:
+          # This is a temporary secret generated by github
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}
+
+      - name: Archive github event data
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: event
+          path: ${{ github.event_path }}
+
+  event-handler:
+    permissions:
+      issues: write
+      pull-requests: write
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }}
+    steps:
+      # To run github-event-processor built from source, for testing purposes, uncomment everything
+      # in between the Start/End-Build From Source comments and comment everything in between the
+      # Start/End-Install comments
+      # Start-Install
+      - name: Install GitHub Event Processor
+        run: >
+          dotnet tool install
+          Azure.Sdk.Tools.GitHubEventProcessor
+          --version 1.0.0-dev.20240917.2
+          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
+          --global
+        shell: bash
+      # End-Install
+
+      # Testing checkout of sources from the Azure/azure-sdk-tools repository
+      # The ref: is the SHA from the pull request in that repository or the
+      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
+      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
+      # need to point to that fork
+      # Start-Build
+      # - name: Checkout tools repo for GitHub Event Processor sources
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: Azure/azure-sdk-tools
+      #     path: azure-sdk-tools
+      #     ref: <refs/pull/<PRNumber>/merge> or <sha>
+
+      # - name: Build and install GitHubEventProcessor from sources
+      #   run: |
+      #     dotnet pack
+      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
+      #   shell: bash
+      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
+      # End-Build
+
+      - name: Process Action Event
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }}
+        shell: bash
+        env:
+          # This is a temporary secret generated by github
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Archive github event data
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: event
+          path: ${{ github.event_path }}
diff --git a/.github/workflows/event.yml b/.github/workflows/event.yml
@@ -0,0 +1,25 @@
+# NOTE: currently azure-sdk-actions only hosts check enforcer code.
+# If further functionality is added, this name should be updated to reflect
+# the more generic behavior
+name: Check Enforcer
+
+on:
+  check_suite:
+    types: [completed]
+  issue_comment:
+    types: [created]
+
+permissions: {}
+
+jobs:
+  event-handler:
+    permissions:
+      statuses: write # to set status (azure/azure-sdk-actions)
+      pull-requests: write # to read pull requests and write comments (azure/azure-sdk-actions)
+      checks: read # to read check status (azure/azure-sdk-actions)
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
+    runs-on: ubuntu-latest # This image is intentionally set to "latest", and not to a specific version
+    steps:
+      - uses: azure/azure-sdk-actions@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/scheduled-event-processor.yml b/.github/workflows/scheduled-event-processor.yml
@@ -0,0 +1,130 @@
+name: GitHub Scheduled Event Processor
+
+on:
+  schedule:
+    # These are generated/confirmed using https://crontab.cronhub.io/
+    # Close stale issues, runs every day at 1am - CloseStaleIssues
+    - cron: '0 1 * * *'
+    # Identify stale pull requests, every Friday at 5am - IdentifyStalePullRequests
+    - cron: '0 5 * * FRI'
+    # Close stale pull requests, every 6 hours at 02:30 AM, 08:30 AM, 02:30 PM and 08:30 PM - CloseStalePullRequests
+    - cron: '30 2,8,14,20 * * *'
+    # Identify stale issues, every 6 hours at 03:30 AM, 09:30 AM, 03:30 PM and 09:30 PM - IdentifyStaleIssues
+    - cron: '30 3,9,15,21 * * *'
+    # Close addressed issues, every 6 hours at 04:30 AM, 10:30 AM, 04:30 PM and 10:30 PM - CloseAddressedIssues
+    - cron: '30 4,10,16,22 * * *'
+    # Lock closed issues, every 6 hours at 05:30 AM, 11:30 AM, 05:30 PM and 11:30 PM - LockClosedIssues
+    - cron: '30 5,11,17,23 * * *'
+    # Enforce max life of issues, every M,W,F at 10:00 AM PST - EnforceMaxLifeOfIssues
+    # Note: GitHub uses UTC, to run at 10am PST, the cron task needs to be 6pm (1800 hours) UTC
+    #       When scheduling for multiple days the numeric days 0-6 (0=Sunday) must be used.
+    - cron: '0 18 * * 1,3,5'
+# This removes all unnecessary permissions, the ones needed will be set below.
+# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+permissions: {}
+
+jobs:
+  event-handler:
+    permissions:
+      issues: write
+      pull-requests: write
+    name: Handle ${{ github.event.schedule }} ${{ github.event.action }} event
+    runs-on: ubuntu-latest
+    steps:
+      # To run github-event-processor built from source, for testing purposes, uncomment everything
+      # in between the Start/End-Build From Source comments and comment everything in between the
+      # Start/End-Install comments
+      # Start-Install
+      - name: Install GitHub Event Processor
+        run: >
+          dotnet tool install
+          Azure.Sdk.Tools.GitHubEventProcessor
+          --version 1.0.0-dev.20240917.2
+          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
+          --global
+        shell: bash
+      # End-Install
+
+      # Testing checkout of sources from the Azure/azure-sdk-tools repository
+      # The ref: is the SHA from the pull request in that repository or the
+      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
+      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
+      # need to point to that fork
+      # Start-Build
+      # - name: Checkout tools repo for GitHub Event Processor sources
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: Azure/azure-sdk-tools
+      #     path: azure-sdk-tools
+      #     ref: <refs/pull/<PRNumber>/merge> or <sha>
+
+      # - name: Build and install GitHubEventProcessor from sources
+      #   run: |
+      #     dotnet pack
+      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
+      #   shell: bash
+      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
+      # End-Build
+
+      - name: Close Stale Issues Scheduled Event
+        if: github.event.schedule == '0 1 * * *'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} CloseStaleIssues
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Identify Stale PullRequests Scheduled Event
+        if: github.event.schedule == '0 5 * * FRI'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} IdentifyStalePullRequests
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Close Stale PullRequests Scheduled Event
+        if: github.event.schedule == '30 2,8,14,20 * * *'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} CloseStalePullRequests
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Identify Stale Issues Scheduled Event
+        if: github.event.schedule == '30 3,9,15,21 * * *'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} IdentifyStaleIssues
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Close Addressed Issues Scheduled Event
+        if: github.event.schedule == '30 4,10,16,22 * * *'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} CloseAddressedIssues
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Lock Closed Issues Scheduled Event
+        if: github.event.schedule == '30 5,11,17,23 * * *'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} LockClosedIssues
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enforce Max Life of Issues Scheduled Event
+        if: github.event.schedule == '0 18 * * 1,3,5'
+        run: |
+          github-event-processor ${{ github.event_name }} ${{ github.event_path }} EnforceMaxLifeOfIssues
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Archive github event data
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: event
+          path: ${{ github.event_path }}
