Merge branch 'main' into blgm-patch-1

cloudfoundry · Jan 30, 2024 · fb639a1 · fb639a1
2 parents 4fe1ec1 + 56205d2
commit fb639a1
Show file tree

Hide file tree

Showing 20 changed files with 823 additions and 577 deletions.
diff --git a/.github/workflows/org-inactive-user-management.yml b/.github/workflows/org-inactive-user-management.yml
@@ -0,0 +1,39 @@
+name: 'Delete Inactive Users in Github Organization'
+
+on:
+  schedule:
+  - cron: '0 0 1 * *'
+  workflow_dispatch:
+  push:
+    branches:
+      - "add-inactive-user-removal-automation"
+
+jobs:
+  org-config-generation-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+      - uses: actions/checkout@v4
+        with:
+          path: community
+      - name: Clean inactive github org users
+        id: uds
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r community/org/requirements.txt
+          python community/org/org_user_management.py
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          INACTIVE_USER_MANAGEMENT_TAG_USERS: ${{ secrets.INACTIVE_USER_MANAGEMENT_TAG_USERS }}
+      - name: Create Pull Request
+        if: ${{ steps.uds.outputs.inactive_users_pr_description }}
+        uses: peter-evans/create-pull-request@v5
+        with:
+          path: community
+          add-paths: org/contributors.yml
+          commit-message: Delete inactive users
+          branch: delete-inactive-users
+          title: 'Inactive users to be deleted'
+          body: ${{ steps.uds.outputs.inactive_users_pr_description }}
diff --git a/.github/workflows/org-management-check-prs.yml b/.github/workflows/org-management-check-prs.yml
@@ -10,10 +10,10 @@ jobs:
   org-config-generation-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.9
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           path: community
       - name: Generate github org configuration

diff --git a/.github/workflows/org-management-peribolos-dump.yml b/.github/workflows/org-management-peribolos-dump.yml
@@ -19,13 +19,13 @@ jobs:
           - ${{ github.workspace }}/ghproxy-cache:/cache
     steps:
       - name: ghproxy-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/ghproxy-cache
           key: ghproxy-cache-${{ github.run_number }}
           restore-keys: |
             ghproxy-cache-
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # full clone so a PR can be created if needed
           path: community
@@ -44,7 +44,7 @@ jobs:
           # args: --dump-full --dump cloudfoundry --github-app-id=${{ secrets.GH_APP_ID }} --github-app-private-key-path=private_key > org/cloudfoundry.yml
           args: -c "/ko-app/peribolos --dump-full --dump cloudfoundry --github-endpoint http://ghproxy:8888 --github-token-path=token > community/org/cloudfoundry.yml"
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           path: community
           add-paths: org/cloudfoundry.yml

diff --git a/.github/workflows/org-management.yml b/.github/workflows/org-management.yml
@@ -9,7 +9,7 @@ on:
       - 'toc/working-groups/*.md'
       - '.github/workflows/org-management.yml'
   schedule:
-    - cron: '0 */5 * * *'
+    - cron: '0 */7 * * *'
 
 jobs:
   peribolos:
@@ -28,16 +28,16 @@ jobs:
           - ${{ github.workspace }}/ghproxy-cache:/cache
     steps:
       - name: ghproxy-cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/ghproxy-cache
           key: ghproxy-cache-${{ github.run_number }}
           restore-keys: |
             ghproxy-cache-
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.9
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           path: community
       - name: Generate github org configuration
@@ -73,6 +73,47 @@ jobs:
             --fix-team-members
             --fix-team-repos
             --allow-repo-archival
+  branchprotector:
+    needs: peribolos
+    runs-on: ubuntu-latest
+    concurrency:
+      group: peribolos
+    services:
+      ghproxy:
+        image: rkoster/ghproxy
+        options: >-
+          --mount type=bind,source=/etc/passwd,target=/etc/passwd,readonly
+          --mount type=bind,source=/etc/group,target=/etc/group,readonly
+        ports:
+          - 8888:8888
+        volumes:
+          - ${{ github.workspace }}/ghproxy-cache:/cache
+    steps:
+      - name: ghproxy-cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/ghproxy-cache
+          key: ghproxy-cache-${{ github.run_number }}
+          restore-keys: |
+            ghproxy-cache-
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+      - uses: actions/checkout@v4
+        with:
+          path: community
+      - name: Generate github org configuration
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r community/org/requirements.txt
+          python community/org/org_management.py -o cloudfoundry.out.yml -b branchprotection.out.yml
+      - name: write github private key
+        run: |
+          echo "${GH_PRIVATE_KEY}" > private_key
+          echo "${GH_TOKEN}" > token
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          GH_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }}
       - name: branchprotector
         id: branchprotector
         uses: docker://gcr.io/k8s-prow/branchprotector

diff --git a/.github/workflows/project-sync.yml b/.github/workflows/project-sync.yml
@@ -8,7 +8,7 @@ jobs:
   configs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: matrix
         run: |
           echo "::set-output name=matrix::$(./org/generate_working_group_projects_sync_config.sh)"

diff --git a/.github/workflows/remove-individual-access.yml b/.github/workflows/remove-individual-access.yml
@@ -0,0 +1,28 @@
+name: 'Remove individual access to repos'
+on:
+  push:
+    branches:
+      - main
+  schedule:
+  - cron: '0 */1 * * *'
+
+jobs:
+  remove-individual-access-to-repos:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: community
+      - name: Remove individual access to repos
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: |
+          set -e
+          set -o pipefail
+
+          ./community/toc/working-groups/parsable-working-groups.sh | jq -r .[].areas[].repositories[] | grep -E '^cloudfoundry/' | while read -r repo; do
+              gh api "repos/${repo}/collaborators?affiliation=direct" | jq -r .[].login | while read -r user; do
+                  echo "remove ${user} from ${repo}"
+                  gh api -X delete "/repos/${repo}/collaborators/${user}"
+              done
+          done