diff --git a/.github/fabricbot.json b/.github/fabricbot.backup similarity index 100% rename from .github/fabricbot.json rename to .github/fabricbot.backup diff --git a/.github/workflows/event-processor.config b/.github/workflows/event-processor.config new file mode 100644 index 000000000000..3bfc0b9d4322 --- /dev/null +++ b/.github/workflows/event-processor.config @@ -0,0 +1,26 @@ +{ + "InitialIssueTriage": "On", + "ManualIssueTriage": "On", + "ServiceAttention": "On", + "CXPAttention": "On", + "ManualTriageAfterExternalAssignment": "On", + "RequireAttentionForNonMilestone": "On", + "AuthorFeedbackNeeded": "On", + "IssueAddressed": "On", + "IssueAddressedReset": "On", + "AuthorFeedback": "On", + "ReopenIssue": "On", + "DeclineToReopenIssue": "On", + "IssueAddressedCommands": "On", + "PullRequestTriage": "On", + "ResetApprovalsForUntrustedChanges": "On", + "ReopenPullRequest": "On", + "ResetIssueActivity": "On", + "ResetPullRequestActivity": "On", + "CloseStaleIssues": "On", + "CloseStalePullRequests": "On", + "IdentifyStaleIssues": "On", + "IdentifyStalePullRequests": "On", + "CloseAddressedIssues": "On", + "LockClosedIssues": "On" +} diff --git a/.github/workflows/event-processor.yml b/.github/workflows/event-processor.yml new file mode 100644 index 000000000000..67b80217f928 --- /dev/null +++ b/.github/workflows/event-processor.yml @@ -0,0 +1,100 @@ +name: GitHub Event Processor + +on: + issues: + types: [edited, labeled, opened, reopened, unlabeled] + # issue_comment is used for both issues and pull_requests + # github.event.issue.pull_request will be non-null on pull request comments + issue_comment: + types: [created] + # synchronize is the pull_request_target event when changes are pushed + # pull request merged is the closed event with github.event.pull_request.merged = true + pull_request_target: + types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled] + pull_request_review: + types: [submitted] + +# This removes all unnecessary permissions, the ones needed will be set below. +# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token +permissions: {} + +jobs: + event-handler: + permissions: + issues: write + pull-requests: write + # For OIDC auth + id-token: write + contents: read + name: Handle ${{ github.event_name }} ${{ github.event.action }} event + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: 'Az CLI login' + if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: 'Run Azure CLI commands' + if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} + run: | + LABEL_SERVICE_API_KEY=$(az keyvault secret show \ + --vault-name issue-labeler \ + -n issue-labeler-func-key \ + -o tsv \ + --query value) + + echo "::add-mask::$LABEL_SERVICE_API_KEY" + echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV + + # To run github-event-processor built from source, for testing purposes, uncomment everything + # in between the Start/End-Build From Source comments and comment everything in between the + # Start/End-Install comments + # Start-Install + - name: Install GitHub Event Processor + run: > + dotnet tool install + Azure.Sdk.Tools.GitHubEventProcessor + --version 1.0.0-dev.20230317.6 + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json + --global + shell: bash + working-directory: .github/workflows + # End-Install + + # Testing checkout of sources from the Azure/azure-sdk-tools repository + # The ref: is the SHA from the pull request in that repository or the + # refs/pull//merge for the latest on any given PR. If the repository + # is a fork eg. /azure-sdk-tools then the repository down below will + # need to point to that fork + # Start-Build + # - name: Checkout tools repo for GitHub Event Processor sources + # uses: actions/checkout@v3 + # with: + # repository: Azure/azure-sdk-tools + # path: azure-sdk-tools + # ref: /merge> or + + # - name: Build and install GitHubEventProcessor from sources + # run: | + # dotnet pack + # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor + # shell: bash + # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor + # End-Build + + - name: Process Action Event + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + # This is a temporary secret generated by github + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }} diff --git a/.github/workflows/scheduled-event-processor.yml b/.github/workflows/scheduled-event-processor.yml new file mode 100644 index 000000000000..558aec671a7e --- /dev/null +++ b/.github/workflows/scheduled-event-processor.yml @@ -0,0 +1,125 @@ +name: GitHub Scheduled Event Processor + +on: + schedule: + # Close stale issues, runs every day at 1am - CloseStaleIssues + - cron: '0 1 * * *' + # Identify stale pull requests, every Friday at 5am - IdentifyStalePullRequests + - cron: '0 5 * * FRI' + # Close stale pull requests, every 6 hours at 02:30 AM, 08:30 AM, 02:30 PM and 08:30 PM - CloseStalePullRequests + - cron: '30 2,8,14,20 * * *' + # Identify stale issues, every 6 hours at 03:30 AM, 09:30 AM, 03:30 PM and 09:30 PM - IdentifyStaleIssues + - cron: '30 3,9,15,21 * * *' + # Close addressed issues, every 6 hours at 04:30 AM, 10:30 AM, 04:30 PM and 10:30 PM - CloseAddressedIssues + - cron: '30 4,10,16,22 * * *' + # Lock closed issues, every 6 hours at 05:30 AM, 11:30 AM, 05:30 PM and 11:30 PM - LockClosedIssues + - cron: '30 5,11,17,23 * * *' +# This removes all unnecessary permissions, the ones needed will be set below. +# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token +permissions: {} + +jobs: + event-handler: + permissions: + issues: write + pull-requests: write + name: Handle ${{ github.event.schedule }} ${{ github.event.action }} event + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + # To run github-event-processor built from source, for testing purposes, uncomment everything + # in between the Start/End-Build From Source comments and comment everything in between the + # Start/End-Install comments + # Start-Install + - name: Install GitHub Event Processor + run: > + dotnet tool install + Azure.Sdk.Tools.GitHubEventProcessor + --version 1.0.0-dev.20230317.6 + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json + --global + shell: bash + working-directory: .github/workflows + # End-Install + + # Testing checkout of sources from the Azure/azure-sdk-tools repository + # The ref: is the SHA from the pull request in that repository or the + # refs/pull//merge for the latest on any given PR. If the repository + # is a fork eg. /azure-sdk-tools then the repository down below will + # need to point to that fork + # Start-Build + # - name: Checkout tools repo for GitHub Event Processor sources + # uses: actions/checkout@v3 + # with: + # repository: Azure/azure-sdk-tools + # path: azure-sdk-tools + # ref: /merge> or + + # - name: Build and install GitHubEventProcessor from sources + # run: | + # dotnet pack + # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor + # shell: bash + # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor + # End-Build + + - name: Close Stale Issues Scheduled Event + if: github.event.schedule == '0 1 * * *' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json CloseStaleIssues + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Identify Stale PullRequests Scheduled Event + if: github.event.schedule == '0 5 * * FRI' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json IdentifyStalePullRequests + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Close Stale PullRequests Scheduled Event + if: github.event.schedule == '30 2,8,14,20 * * *' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json CloseStalePullRequests + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Identify Stale Issues Scheduled Event + if: github.event.schedule == '30 3,9,15,21 * * *' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json IdentifyStaleIssues + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Close Addressed Issues Scheduled Event + if: github.event.schedule == '30 4,10,16,22 * * *' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json CloseAddressedIssues + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Lock Closed Issues Scheduled Event + if: github.event.schedule == '30 5,11,17,23 * * *' + run: | + echo $GITHUB_PAYLOAD > payload.json + github-event-processor ${{ github.event_name }} payload.json LockClosedIssues + shell: bash + env: + GITHUB_PAYLOAD: ${{ toJson(github.event) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}