Merge main into dependabot/npm_and_yarn/browserify-sign-4.2.2

.github/PULL_REQUEST_TEMPLATE.md

@@ -7,7 +7,7 @@
 
 ## Security
 <!---
-Tag *@RenoFi/security* in this PR if any of the following are true:
+Tag this PR with *security* label, if any of the following are true:
 
 - [ ] This PR introduces a NEW third party dependency
 - [ ] Contains authentication or authorization checks as part of the code

.github/workflows/auto-approve.yml

@@ -1,13 +1,14 @@
 name: Auto approve dependency upgrades and hot-fix PRs
 on:
   pull_request_target:
-    types: [labeled, unlabeled, edited, ready_for_review, review_requested, auto_merge_enabled]
-
+    types:
+      - labeled
+      - ready_for_review
 jobs:
   auto-approve:
     runs-on: ubuntu-latest
     steps:
       - uses: hmarr/auto-approve-action@v3
-        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' || github.actor == 'renofidev' || contains(toJson(github), 'HOTFIX-AUTO-APPROVE')
+        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' || github.actor == 'renofidev' || contains(github.event.pull_request.labels.*.name, 'HOTFIX-AUTO-APPROVE') || contains(github.event.pull_request.labels.*.name, 'self-approve') || contains(github.event.pull_request.labels.*.name, 'dependencies')
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/auto-merge.yml

@@ -1,22 +1,31 @@
 name: automerge
 on:
+  pull_request_target:
+    types:
+      - labeled
   pull_request_review:
     types:
       - submitted
   check_suite:
     types:
       - completed
-  label:
-    types:
-      - created
   status: {}
 jobs:
   automerge:
     runs-on: ubuntu-latest
     steps:
       - name: automerge
-        uses: pascalgn/[email protected]
+        uses: pascalgn/[email protected]
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          MERGE_METHOD: squash
+          MERGE_DELETE_BRANCH: true
+          MERGE_LABELS: "automerge,!automerge blocked"
+      - name: automerge-dependencies
+        uses: pascalgn/[email protected]
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           MERGE_METHOD: squash
           MERGE_DELETE_BRANCH: true
+          MERGE_LABELS: "dependencies,!automerge blocked"
+          MERGE_REMOVE_LABELS: ""

.github/workflows/ci.yml

@@ -7,20 +7,18 @@ on:
     branches: [ main ]
 
 jobs:
-  build:
-
+  ci_tests_node:
     runs-on: ubuntu-latest
-
     strategy:
       matrix:
-        node-version: [14.x, 16.x]
-
+        node-version: ['14.x', '16.x']
+    name: Node ${{ matrix.node-version }}
     steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
-      with:
-        node-version: ${{ matrix.node-version }}
-        cache: 'npm'
-    - run: npm ci
-    - run: npm test
+      - uses: actions/checkout@v2
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      - run: npm ci
+      - run: npm test

.github/workflows/slack-messages.yml

@@ -0,0 +1,17 @@
+name: post-slack-message
+on:
+  pull_request_target:
+    types:
+      - labeled
+jobs:
+  post-slack-message:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Post a slack message when PR contains security changes
+        uses: slackapi/[email protected]
+        if: github.event.label.name == 'security'
+        with:
+          channel-id: 'C026ZFU7H4K' # latacora slack channel
+          slack-message: "Pull Request with security changes: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}