From 2890ea39035ddb24b7b0a398d8f14911dd40423f Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Thu, 24 Aug 2023 15:39:44 -0400
Subject: [PATCH] feat: add more of the common automation

- add more of the common automation
- ensure customized scripts/files are not overwritten

Signed-off-by: Michael Dawson <mdawson@devrus.com>
---
 .github/.syncignore                        |  5 ++
 .github/CODEOWNERS                         |  1 +
 .github/workflows/approve-bot-pr.yml       | 88 ++++++++++++++++++++++
 .github/workflows/test-pull-request.yml    | 52 ++++++++++++-
 .github/workflows/update-github-config.yml | 81 ++++++++++++++++++++
 scripts/.util/git.sh                       | 21 ++++++
 scripts/integration.sh                     | 12 +++
 7 files changed, 259 insertions(+), 1 deletion(-)
 create mode 100644 .github/.syncignore
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/approve-bot-pr.yml
 create mode 100644 .github/workflows/update-github-config.yml
 create mode 100644 scripts/.util/git.sh

diff --git a/.github/.syncignore b/.github/.syncignore
new file mode 100644
index 0000000..b179372
--- /dev/null
+++ b/.github/.syncignore
@@ -0,0 +1,5 @@
+CODEOWNERS
+.github/workflows/update-dependencies.yml
+.github/workflows/create-draft-release.yml
+scripts/package.sh
+scripts/build.sh
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..7d687cf
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @paketo-community/nodejs-maintainers
diff --git a/.github/workflows/approve-bot-pr.yml b/.github/workflows/approve-bot-pr.yml
new file mode 100644
index 0000000..3f45a3d
--- /dev/null
+++ b/.github/workflows/approve-bot-pr.yml
@@ -0,0 +1,88 @@
+name: Approve Bot PRs and Enable Auto-Merge
+
+on:
+  workflow_run:
+    workflows: ["Test Pull Request"]
+    types:
+    - completed
+
+jobs:
+  download:
+    name: Download PR Artifact
+    if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-22.04
+    outputs:
+      pr-author: ${{ steps.pr-data.outputs.author }}
+      pr-number: ${{ steps.pr-data.outputs.number }}
+    steps:
+    - name: 'Download artifact'
+      uses: paketo-buildpacks/github-config/actions/pull-request/download-artifact@main
+      with:
+        name: "event-payload"
+        repo: ${{ github.repository }}
+        run_id: ${{ github.event.workflow_run.id }}
+        workspace: "/github/workspace"
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+    - id: pr-data
+      run: |
+        echo "author=$(cat event.json | jq -r '.pull_request.user.login')" >> "$GITHUB_OUTPUT"
+        echo "number=$(cat event.json | jq -r '.pull_request.number')" >> "$GITHUB_OUTPUT"
+
+  approve:
+    name: Approve Bot PRs
+    needs: download
+    if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Check Commit Verification
+      id: unverified-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Check for Human Commits
+      id: human-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-human-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Checkout
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: actions/checkout@v3
+
+    - name: Approve
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: paketo-buildpacks/github-config/actions/pull-request/approve@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Enable Auto-Merge
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      run: |
+        gh pr merge ${{ needs.download.outputs.pr-number }} --auto --rebase
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [download, approve]
+    if: ${{ always() && needs.download.result == 'failure' || needs.approve.result == 'failure' }}
+    steps:
+    - name: File Failure Alert Issue
+      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        label: "failure:approve-bot-pr"
+        comment_if_exists: true
+        issue_title: "Failure: Approve bot PR workflow"
+        issue_body: |
+          Approve bot PR workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+        comment_body: |
+          Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml
index 38869ab..b41bd1e 100644
--- a/.github/workflows/test-pull-request.yml
+++ b/.github/workflows/test-pull-request.yml
@@ -20,7 +20,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.19.x
+        go-version: 1.20.x
 
     - name: Checkout
       uses: actions/checkout@v3
@@ -28,6 +28,56 @@ jobs:
     - name: Run Unit Tests
       run: ./scripts/unit.sh
 
+    - name: Get builders from integration.json
+      id: builders
+      run: |
+        source "${{ github.workspace }}/scripts/.util/builders.sh"
+
+        builders="$(util::builders::list "${{ github.workspace }}/integration.json")"
+        printf "Output: %s\n" "${builders}"
+        printf "builders=%s\n" "${builders}" >> "$GITHUB_OUTPUT"
+
+  integration:
+    name: Integration Tests with Builders
+    runs-on: ubuntu-22.04
+    needs: unit
+    strategy:
+      matrix:
+        builder: ${{ fromJSON(needs.unit.outputs.builders) }}
+      fail-fast: false  # don't cancel all test jobs when one fails
+    steps:
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.20.x
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+
+    - name: Run Integration Tests
+      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      env:
+        GIT_TOKEN: ${{ github.token }}
+        TMPDIR: "${{ runner.temp }}"
+
+  roundup:
+    name: Integration Tests
+    if: ${{ always() }}
+    runs-on: ubuntu-22.04
+    needs: integration
+    steps:
+    - run: |
+        result="${{ needs.integration.result }}"
+        if [[ $result == "success" ]]; then
+          echo "Integration tests passed against all builders"
+          exit 0
+        else
+          echo "Integration tests failed on one or more builders"
+          exit 1
+        fi
+
   upload:
     name: Upload Workflow Event Payload
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/update-github-config.yml b/.github/workflows/update-github-config.yml
new file mode 100644
index 0000000..7499663
--- /dev/null
+++ b/.github/workflows/update-github-config.yml
@@ -0,0 +1,81 @@
+name: Update shared github-config
+
+on:
+  schedule:
+  - cron: '30 1 * * *'
+  workflow_dispatch: {}
+
+concurrency: github_config_update
+
+jobs:
+  build:
+    name: Create PR to update shared files
+    runs-on: ubuntu-22.04
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+
+    - name: Checkout github-config
+      uses: actions/checkout@v3
+      with:
+        repository: paketo-buildpacks/github-config
+        path: github-config
+
+    - name: Checkout Branch
+      uses: paketo-buildpacks/github-config/actions/pull-request/checkout-branch@main
+      with:
+        branch: automation/github-config/update
+
+    - name: Run the sync action
+      uses: paketo-buildpacks/github-config/actions/sync@main
+      with:
+        workspace: /github/workspace
+        config: /github/workspace/github-config/implementation
+
+    - name: Cleanup
+      run: rm -rf github-config
+
+    - name: Commit
+      id: commit
+      uses: paketo-buildpacks/github-config/actions/pull-request/create-commit@main
+      with:
+        message: "Updating github-config"
+        pathspec: "."
+        keyid: ${{ secrets.PAKETO_BOT_GPG_SIGNING_KEY_ID }}
+        key: ${{ secrets.PAKETO_BOT_GPG_SIGNING_KEY }}
+
+    - name: Push Branch
+      if: ${{ steps.commit.outputs.commit_sha != '' }}
+      uses: paketo-buildpacks/github-config/actions/pull-request/push-branch@main
+      with:
+        branch: automation/github-config/update
+
+    - name: Open Pull Request
+      if: ${{ steps.commit.outputs.commit_sha != '' }}
+      uses: paketo-buildpacks/github-config/actions/pull-request/open@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        title: "Updates github-config"
+        branch: automation/github-config/update
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [build]
+    if: ${{ always() && needs.build.result == 'failure' }}
+    steps:
+    - name: File Failure Alert Issue
+      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        label: "failure:update-github-config"
+        comment_if_exists: true
+        issue_title: "Failure: Update GitHub config workflow"
+        issue_body: |
+          Update GitHub config workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+        comment_body: |
+           Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
diff --git a/scripts/.util/git.sh b/scripts/.util/git.sh
new file mode 100644
index 0000000..71965bc
--- /dev/null
+++ b/scripts/.util/git.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -eu
+set -o pipefail
+
+# shellcheck source=SCRIPTDIR/print.sh
+source "$(dirname "${BASH_SOURCE[0]}")/print.sh"
+
+function util::git::token::fetch() {
+  if [[ -z "${GIT_TOKEN:-""}" ]]; then
+    util::print::title "Fetching GIT_TOKEN"
+
+    GIT_TOKEN="$(
+      lpass show Shared-CF\ Buildpacks/concourse-private.yml \
+        | grep buildpacks-github-token \
+        | cut -d ' ' -f 2
+    )"
+  fi
+
+  printf "%s" "${GIT_TOKEN}"
+}
diff --git a/scripts/integration.sh b/scripts/integration.sh
index 47283cc..2e9c2fd 100755
--- a/scripts/integration.sh
+++ b/scripts/integration.sh
@@ -12,6 +12,9 @@ source "${PROGDIR}/.util/tools.sh"
 # shellcheck source=SCRIPTDIR/.util/print.sh
 source "${PROGDIR}/.util/print.sh"
 
+# shellcheck source=SCRIPTDIR/.util/git.sh
+source "${PROGDIR}/.util/git.sh"
+
 # shellcheck source=SCRIPTDIR/.util/builders.sh
 source "${PROGDIR}/.util/builders.sh"
 
@@ -20,6 +23,11 @@ function main() {
   builderArray=()
   while [[ "${#}" != 0 ]]; do
     case "${1}" in
+    --use-token|-t)
+        shift 1
+        token::fetch
+        ;;
+
     --help | -h)
       shift 1
       usage
@@ -127,6 +135,10 @@ function images::pull() {
   done
 }
 
+function token::fetch() {
+  GIT_TOKEN="$(util::git::token::fetch)"
+  export GIT_TOKEN
+}
 
 function tests::run() {
   util::print::title "Run Buildpack Runtime Integration Tests"