upgrade@8022558879

ipfs · Feb 23, 2024 · 09c7ca5 · 09c7ca5
1 parent a3b4a0b
commit 09c7ca5
Show file tree

Hide file tree

Showing 26 changed files with 6,110 additions and 5,232 deletions.
diff --git a/.github/actions/git-config-user/action.yml b/.github/actions/git-config-user/action.yml
@@ -4,7 +4,13 @@ description: Configure git user
 runs:
   using: composite
   steps:
-    - run: |
+    - if: github.event_name == 'workflow_dispatch'
+      run: |
         git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com>"
         git config --global user.name "${GITHUB_ACTOR}"
       shell: bash
+    - if: github.event_name != 'workflow_dispatch'
+      run: |
+        git config --global user.name "github-actions[bot]"
+        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+      shell: bash
diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
@@ -23,7 +23,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Discover workspaces
         id: workspaces
         run: echo "this=$(ls github | jq --raw-input '[.[0:-4]]' | jq -sc add)" >> $GITHUB_OUTPUT
@@ -65,11 +65,12 @@ jobs:
         working-directory: terraform
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
         with:
           terraform_version: 1.2.9
+          terraform_wrapper: false
       - name: Initialize terraform
         run: terraform init
       - name: Terraform Plan Download
@@ -78,4 +79,6 @@ jobs:
           SHA: ${{ needs.prepare.outputs.sha }}
         run: gh run download -n "${TF_WORKSPACE}_${SHA}.tfplan" --repo "${GITHUB_REPOSITORY}"
       - name: Terraform Apply
-        run: terraform apply -lock-timeout=0s -no-color "${TF_WORKSPACE}.tfplan"
+        run: |
+          terraform show -json > $TF_WORKSPACE.tfstate.json
+          terraform apply -lock-timeout=0s -no-color "${TF_WORKSPACE}.tfplan"
diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml
@@ -30,7 +30,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Discover workspaces
         id: workspaces
         env:
@@ -69,7 +69,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
         with:

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -0,0 +1,69 @@
+name: Clean Up
+
+on:
+  workflow_dispatch:
+    inputs:
+      members:
+        description: 'The members added to the org recently (JSON Array)'
+        required: false
+        default: '[]'
+      repository-collaborators:
+        description: 'The repository collaborators added to the org recently (JSON Map)'
+        required: false
+        default: '{}'
+      team-members:
+        description: 'The team members added to the org recently (JSON Map)'
+        required: false
+        default: '{}'
+      cutoff:
+        description: 'The number of months to consider for inactivity'
+        required: false
+        default: '12'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  sync:
+    permissions:
+      contents: write
+    name: Clean Up
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_APP_ID: ${{ secrets.RO_GITHUB_APP_ID }}
+      GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RO_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RO_GITHUB_APP_INSTALLATION_ID }}
+      GITHUB_APP_PEM_FILE: ${{ secrets.RO_GITHUB_APP_PEM_FILE }}
+      TF_WORKSPACE: ${{ github.repository_owner }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Initialize scripts
+        run: npm install && npm run build
+        working-directory: scripts
+      - name: Remove inactive members
+        run: node lib/actions/remove-inactive-members.js
+        working-directory: scripts
+        env:
+          NEW_MEMBERS: ${{ github.event.inputs.members }}
+          NEW_REPOSITORY_COLLABORATORS: ${{ github.event.inputs['repository-collaborators'] }}
+          NEW_TEAM_MEMBERS: ${{ github.event.inputs['team-members'] }}
+          CUTOFF_IN_MONTHS: ${{ github.event.inputs.cutoff }}
+      - name: Check if github was modified
+        id: github-modified
+        run: |
+          if [ -z "$(git status --porcelain -- github)" ]; then
+            echo "this=false" >> $GITHUB_OUTPUT
+          else
+            echo "this=true" >> $GITHUB_OUTPUT
+          fi
+      - uses: ./.github/actions/git-config-user
+        if: steps.github-modified.outputs.this == 'true'
+      - if: steps.github-modified.outputs.this == 'true'
+        env:
+          SUFFIX: cleanup
+        run: |
+          git add --all -- github
+          git commit -m "cleanup@${GITHUB_RUN_ID}"
+          git checkout -B "${GITHUB_REF_NAME}-${SUFFIX}"
+          git push origin "${GITHUB_REF_NAME}-${SUFFIX}" --force
diff --git a/.github/workflows/fix.yml b/.github/workflows/fix.yml
@@ -36,7 +36,7 @@ jobs:
       skip-fix: ${{ steps.skip-fix.outputs.this }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: github.event_name == 'pull_request_target'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
@@ -64,7 +64,7 @@ jobs:
     if: needs.prepare.outputs.skip-fix == 'false'
     permissions:
       contents: read
-      pull-requests: read
+      pull-requests: write
     strategy:
       fail-fast: false
       matrix:
@@ -83,7 +83,7 @@ jobs:
       TF_VAR_write_delay_ms: 300
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: github.event_name == 'pull_request_target'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
@@ -97,13 +97,15 @@ jobs:
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
         with:
           terraform_version: 1.2.9
+          terraform_wrapper: false
       - name: Initialize terraform
         run: terraform init
         working-directory: terraform
       - name: Initialize scripts
         run: npm ci && npm run build
         working-directory: scripts
       - name: Fix
+        id: fix
         run: node lib/actions/fix-yaml-config.js
         working-directory: scripts
       - name: Upload YAML config
@@ -113,6 +115,15 @@ jobs:
           path: github/${{ env.TF_WORKSPACE }}.yml
           if-no-files-found: error
           retention-days: 1
+      # NOTE(galargh, 2024-02-15): This will only work if GitHub as Code is used for a single organization
+      - name: Comment on pull request
+        if: github.event_name == 'pull_request_target' && steps.fix.outputs.comment
+        uses: marocchino/sticky-pull-request-comment@fcf6fe9e4a0409cd9316a5011435be0f3327f1e1 # v2.3.1
+        with:
+          header: fix
+          number: ${{ github.event.pull_request.number }}
+          message: ${{ steps.fix.outputs.comment }}
+
   push:
     needs: [prepare, fix]
     permissions:
@@ -131,14 +142,14 @@ jobs:
           installation_id: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
           private_key: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
           token: ${{ steps.token.outputs.token }}
           path: head
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: base
       - name: Download YAML configs

diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
@@ -1,9 +1,14 @@
 name: Labels
 
 on:
-  schedule:
-    - cron: 0 0 * * 6 # https://crontab.guru/#0_0_*_*_6
   workflow_dispatch:
+    inputs:
+      source:
+        description: 'The source repository to sync labels from'
+        required: true
+      targets:
+        description: 'The target repositories to sync labels to (comma-separated)'
+        required: true
 
 defaults:
   run:
@@ -17,15 +22,18 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_APP_ID: ${{ secrets.RW_GITHUB_APP_ID }}
-      GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', matrix.workspace)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
+      GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
       GITHUB_APP_PEM_FILE: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
-      TF_WORKSPACE: ipfs
+      TF_WORKSPACE: ${{ github.repository_owner }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Initialize scripts
         run: npm install && npm run build
         working-directory: scripts
-      - name: Add need/author-input label
-        run: node lib/actions/add-need-author-input-label-to-all-repos.js
+      - name: Sync
+        run: node lib/actions/sync-labels.js
         working-directory: scripts
+        env:
+          SOURCE_REPOSITORY: ${{ github.event.inputs.source }}
+          TARGET_REPOSITORIES: ${{ github.event.inputs.targets }}
diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
@@ -25,7 +25,7 @@ jobs:
       workspaces: ${{ steps.workspaces.outputs.this }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: github.event_name == 'pull_request_target'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
@@ -70,7 +70,7 @@ jobs:
       TF_VAR_write_delay_ms: 300
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: github.event_name == 'pull_request_target'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
@@ -83,11 +83,14 @@ jobs:
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
         with:
           terraform_version: 1.2.9
+          terraform_wrapper: false
       - name: Initialize terraform
         run: terraform init
         working-directory: terraform
       - name: Plan terraform
-        run: terraform plan -refresh=false -lock=false -out="${TF_WORKSPACE}.tfplan" -no-color
+        run: |
+          terraform show -json > $TF_WORKSPACE.tfstate.json
+          terraform plan -refresh=false -lock=false -out="${TF_WORKSPACE}.tfplan" -no-color
         working-directory: terraform
       - name: Upload terraform plan
         uses: actions/upload-artifact@v3
@@ -109,7 +112,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.RO_AWS_SECRET_ACCESS_KEY }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: github.event_name == 'pull_request_target'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
@@ -156,6 +159,7 @@ jobs:
       - name: Comment on pull request
         uses: marocchino/sticky-pull-request-comment@fcf6fe9e4a0409cd9316a5011435be0f3327f1e1 # v2.3.1
         with:
+          header: plan
           number: ${{ github.event.pull_request.number }}
           message: |
             Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.

diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
@@ -24,7 +24,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Discover workspaces
         id: workspaces
         env:
@@ -63,7 +63,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
         with:
@@ -77,6 +77,10 @@ jobs:
           terraform workspace select "${TF_WORKSPACE_OPT}" || terraform workspace new "${TF_WORKSPACE_OPT}"
           echo "TF_WORKSPACE=${TF_WORKSPACE_OPT}" >> $GITHUB_ENV
         working-directory: terraform
+      - name: Pull terraform state
+        run: |
+          terraform show -json > $TF_WORKSPACE.tfstate.json
+        working-directory: terraform
       - name: Sync
         run: |
           npm ci
@@ -109,7 +113,7 @@ jobs:
           installation_id: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
           private_key: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ steps.token.outputs.token }}
       - uses: ./.github/actions/git-config-user

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
@@ -20,7 +20,7 @@ jobs:
       run:
         shell: bash
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: npm ci && npm run build
         working-directory: scripts
       - name: Update PRs

diff --git a/.github/workflows/upgrade.yml b/.github/workflows/upgrade.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   upgrade:
-    uses: protocol/github-mgmt-template/.github/workflows/upgrade_reusable.yml@master
+    uses: pl-strflt/github-mgmt-template/.github/workflows/upgrade_reusable.yml@master
     with:
       ref: inputs.ref
     secrets:

diff --git a/docs/EXAMPLE.yml b/docs/EXAMPLE.yml
@@ -74,7 +74,7 @@ repositories: # This group defines repositories (https://registry.terraform.io/p
     default_branch: master
     delete_branch_on_merge: false
     description: GitHub Management
-    homepage_url: https://github.com/protocol/github-mgmt-template
+    homepage_url: https://github.com/pl-strflt/github-mgmt-template
     is_template: false
     vulnerability_alerts: false
     archive_on_destroy: true
@@ -87,7 +87,7 @@ repositories: # This group defines repositories (https://registry.terraform.io/p
         branch: master
         path: /docs
     template:
-      owner: protocol
+      owner: pl-strflt
       repository: github-mgmt-template
     topics:
       - github