From 0ad4acce555c78ab03be2fc48d246363fbd625d5 Mon Sep 17 00:00:00 2001
From: Nara Kasbergen <nara.kasbergen@gmail.com>
Date: Thu, 22 Dec 2022 13:59:10 +0100
Subject: [PATCH] chore: add/improve GitHub Actions workflows

Adds the standard community management workflows we've been using
in our other repositories. Also ensures that the team-tf-cdk
account is used as the author of automated PRs, and that
appropriate labels are added to dependency PRs.
---
 .gitattributes                     |  2 ++
 .github/workflows/build.yml        |  4 +--
 .github/workflows/lock.yml         | 19 ++++++++++++
 .github/workflows/stale.yml        | 30 +++++++++++++++++++
 .github/workflows/upgrade-main.yml |  9 +++---
 .gitignore                         |  2 ++
 .projen/files.json                 |  2 ++
 .projenrc.ts                       | 34 ++++++++++++++++++++++
 projenrc/lock-issues.ts            | 46 ++++++++++++++++++++++++++++++
 9 files changed, 142 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/lock.yml
 create mode 100644 .github/workflows/stale.yml
 create mode 100644 projenrc/lock-issues.ts

diff --git a/.gitattributes b/.gitattributes
index d1ca0d3..95841aa 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -5,8 +5,10 @@
 /.gitattributes linguist-generated
 /.github/pull_request_template.md linguist-generated
 /.github/workflows/build.yml linguist-generated
+/.github/workflows/lock.yml linguist-generated
 /.github/workflows/pull-request-lint.yml linguist-generated
 /.github/workflows/release.yml linguist-generated
+/.github/workflows/stale.yml linguist-generated
 /.github/workflows/upgrade-main.yml linguist-generated
 /.gitignore linguist-generated
 /.npmignore linguist-generated
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 03d6f68..240df06 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -62,8 +62,8 @@ jobs:
         run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
       - name: Set git identity
         run: |-
-          git config user.name "github-actions"
-          git config user.email "github-actions@github.com"
+          git config user.name "team-tf-cdk"
+          git config user.email "github-team-tf-cdk@hashicorp.com"
       - name: Push changes
         run: |2-
             git add .
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
new file mode 100644
index 0000000..6a68bfd
--- /dev/null
+++ b/.github/workflows/lock.yml
@@ -0,0 +1,19 @@
+# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
+
+name: lock
+on:
+  schedule:
+    - cron: 20 2 * * *
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+    steps:
+      - uses: dessant/lock-threads@v4.0.0
+        with:
+          issue-comment: I'm going to lock this issue because it has been closed for at least 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please [open a new issue](https://github.com/hashicorp/terraform-cdk-action/issues/new) so we can investigate further.
+          issue-inactive-days: 30
+          pr-comment: I'm going to lock this pull request because it has been closed for at least 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems related to this change, please [open a new issue](https://github.com/hashicorp/terraform-cdk-action/issues/new) so we can investigate further.
+          pr-inactive-days: 30
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000..cc16f4d
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,30 @@
+# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
+
+name: stale
+on:
+  schedule:
+    - cron: 0 1 * * *
+  workflow_dispatch: {}
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-stale: -1
+          days-before-close: -1
+          days-before-pr-stale: 60
+          days-before-pr-close: 30
+          stale-pr-message: Hi there! 👋 We haven't heard from you in 60 days and would like to know if you're still working on this or need help. If we don't hear from you before then, I'll auto-close this PR in 30 days.
+          close-pr-message: I'm closing this pull request because we haven't heard back in 90 days. ⌛️ If you're still working on this, feel free to reopen the PR or create a new one!
+          stale-pr-label: stale
+          exempt-pr-labels: backlog
+          days-before-issue-stale: 30
+          days-before-issue-close: 30
+          stale-issue-message: Hi there! 👋 We haven't heard from you in 30 days and would like to know if the problem has been resolved or if you still need help. If we don't hear from you before then, I'll auto-close this issue in 30 days.
+          close-issue-message: I'm closing this issue because we haven't heard back in 60 days. ⌛️ If you still need help, feel free to reopen the issue!
+          stale-issue-label: stale
+          exempt-issue-labels: backlog
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
index 4ed87e6..cdbe2bf 100644
--- a/.github/workflows/upgrade-main.yml
+++ b/.github/workflows/upgrade-main.yml
@@ -56,8 +56,8 @@ jobs:
         run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
       - name: Set git identity
         run: |-
-          git config user.name "github-actions"
-          git config user.email "github-actions@github.com"
+          git config user.name "team-tf-cdk"
+          git config user.email "github-team-tf-cdk@hashicorp.com"
       - name: Create Pull Request
         id: create-pr
         uses: peter-evans/create-pull-request@v3
@@ -75,6 +75,7 @@ jobs:
             *Automatically created by projen via the "upgrade-main" workflow*
           branch: github-actions/upgrade-main
           title: "chore(deps): upgrade dependencies"
+          labels: automerge,dependencies
           body: |-
             Upgrades project dependencies. See details in [workflow run].
 
@@ -83,6 +84,6 @@ jobs:
             ------
 
             *Automatically created by projen via the "upgrade-main" workflow*
-          author: github-actions <github-actions@github.com>
-          committer: github-actions <github-actions@github.com>
+          author: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
+          committer: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
           signoff: true
diff --git a/.gitignore b/.gitignore
index 1b36485..49c82c0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 !/.projen/deps.json
 !/.projen/files.json
 !/.github/workflows/pull-request-lint.yml
+!/.github/workflows/stale.yml
 !/package.json
 !/.npmignore
 logs
@@ -48,4 +49,5 @@ junit.xml
 !/dist/
 !/action.yml
 !/LICENSE
+!/.github/workflows/lock.yml
 !/src/inputs.ts
diff --git a/.projen/files.json b/.projen/files.json
index 0c9ed44..2d998c6 100644
--- a/.projen/files.json
+++ b/.projen/files.json
@@ -4,8 +4,10 @@
     ".gitattributes",
     ".github/pull_request_template.md",
     ".github/workflows/build.yml",
+    ".github/workflows/lock.yml",
     ".github/workflows/pull-request-lint.yml",
     ".github/workflows/release.yml",
+    ".github/workflows/stale.yml",
     ".github/workflows/upgrade-main.yml",
     ".gitignore",
     ".npmignore",
diff --git a/.projenrc.ts b/.projenrc.ts
index 0b9058f..e24c368 100644
--- a/.projenrc.ts
+++ b/.projenrc.ts
@@ -4,6 +4,7 @@ import {
   RunsUsing,
 } from "projen-github-action-typescript";
 import { CustomizedLicense } from "./projenrc/customized-license";
+import { LockIssues } from "./projenrc/lock-issues";
 
 const inputs = {
   cdktfVersion: {
@@ -65,6 +66,38 @@ const project = new GitHubActionTypeScriptProject({
   prettier: true,
   projenrcTs: true,
   licensed: false, // we do supply our own license file with a custom header
+  depsUpgradeOptions: {
+    workflowOptions: {
+      labels: ["automerge", "dependencies"],
+    },
+  },
+  workflowGitIdentity: {
+    name: "team-tf-cdk",
+    email: "github-team-tf-cdk@hashicorp.com",
+  },
+  stale: true,
+  staleOptions: {
+    issues: {
+      staleLabel: "stale",
+      daysBeforeStale: 30,
+      staleMessage:
+        "Hi there! 👋 We haven't heard from you in 30 days and would like to know if the problem has been resolved or if " +
+        "you still need help. If we don't hear from you before then, I'll auto-close this issue in 30 days.",
+      daysBeforeClose: 30,
+      closeMessage:
+        "I'm closing this issue because we haven't heard back in 60 days. ⌛️ If you still need help, feel free to reopen the issue!",
+    },
+    pullRequest: {
+      staleLabel: "stale",
+      daysBeforeStale: 60,
+      staleMessage:
+        "Hi there! 👋 We haven't heard from you in 60 days and would like to know if you're still working on this or need help. " +
+        "If we don't hear from you before then, I'll auto-close this PR in 30 days.",
+      daysBeforeClose: 30,
+      closeMessage:
+        "I'm closing this pull request because we haven't heard back in 90 days. ⌛️ If you're still working on this, feel free to reopen the PR or create a new one!",
+    },
+  },
 
   actionMetadata: {
     author: "HashiCorp, Inc.",
@@ -99,6 +132,7 @@ const project = new GitHubActionTypeScriptProject({
 });
 
 new CustomizedLicense(project);
+new LockIssues(project);
 
 new TextFile(project, "src/inputs.ts", {
   committed: true,
diff --git a/projenrc/lock-issues.ts b/projenrc/lock-issues.ts
new file mode 100644
index 0000000..9b15e84
--- /dev/null
+++ b/projenrc/lock-issues.ts
@@ -0,0 +1,46 @@
+import { javascript } from "projen";
+import { JobPermission } from "projen/lib/github/workflows-model";
+
+/**
+ * Automatically locks issues and PRs after 30 days.
+ */
+export class LockIssues {
+  constructor(project: javascript.NodeProject) {
+    const workflow = project.github?.addWorkflow("lock");
+
+    if (!workflow) throw new Error("no workflow defined");
+
+    workflow.on({
+      schedule: [{ cron: "20 2 * * *" }],
+    });
+
+    workflow.addJob("lock", {
+      runsOn: ["ubuntu-latest"],
+      permissions: {
+        pullRequests: JobPermission.WRITE,
+        issues: JobPermission.WRITE,
+      },
+      steps: [
+        {
+          uses: "dessant/lock-threads@v4.0.0",
+          with: {
+            "issue-comment":
+              `I'm going to lock this issue because it has been closed for at least 30 days.
+              This helps our maintainers find and focus on the active issues.
+              If you've found a problem that seems similar to this, please 
+              [open a new issue](https://github.com/hashicorp/terraform-cdk-action/issues/new) 
+              so we can investigate further.`.replace(/\s+/g, " "),
+            "issue-inactive-days": 30,
+            "pr-comment":
+              `I'm going to lock this pull request because it has been closed for at least 30 days.
+              This helps our maintainers find and focus on the active issues.
+              If you've found a problem that seems related to this change, please 
+              [open a new issue](https://github.com/hashicorp/terraform-cdk-action/issues/new) 
+              so we can investigate further.`.replace(/\s+/g, " "),
+            "pr-inactive-days": 30,
+          },
+        },
+      ],
+    });
+  }
+}