derberg · pull · Dec 13, 2023 · Dec 13, 2023 · Dec 13, 2023 · Dec 13, 2023
@@ -0,0 +1 @@
+node_modules
@@ -0,0 +1,110 @@
+env:
+  node: true
+  es6: true
+  browser: true
+
+plugins:
+  - sonarjs
+
+extends:
+  - eslint:recommended
+  - plugin:sonarjs/recommended
+
+parserOptions:
+  ecmaVersion: 2018
+  requireConfigFile: false
+
+rules:
+  # Ignore Rules
+  strict: 0
+  no-underscore-dangle: 0
+  no-mixed-requires: 0
+  no-process-exit: 0
+  no-warning-comments: 0
+  no-use-before-define: 0
+  curly: 0
+  no-multi-spaces: 0
+  no-alert: 0
+  consistent-return: 0
+  consistent-this: [0, self]
+  func-style: 0
+  max-nested-callbacks: 0
+  camelcase: 0
+  no-dupe-class-members: 0
+  security/detect-object-injection: 0
+  sonarjs/no-small-switch: 0
+  sonarjs/no-nested-template-literals: 0
+
+  # Warnings
+  no-debugger: 1
+  no-empty: 1
+  no-invalid-regexp: 1
+  no-unused-expressions: 1
+  no-native-reassign: 1
+  no-fallthrough: 1
+  sonarjs/cognitive-complexity: 1
+
+  # Errors
+  eqeqeq: 2
+  no-undef: 2
+  no-dupe-keys: 2
+  no-empty-character-class: 2
+  no-self-compare: 2
+  valid-typeof: 2
+  handle-callback-err: 2
+  no-shadow-restricted-names: 2
+  no-new-require: 2
+  no-mixed-spaces-and-tabs: 2
+  block-scoped-var: 2
+  no-else-return: 2
+  no-throw-literal: 2
+  no-void: 2
+  radix: 2
+  wrap-iife: [2, outside]
+  no-shadow: 0
+  no-path-concat: 2
+  valid-jsdoc: [0, {requireReturn: false, requireParamDescription: false, requireReturnDescription: false}]
+
+  # stylistic errors
+  no-spaced-func: 2
+  semi-spacing: 2
+  quotes: [2, 'single']
+  key-spacing: [2, { beforeColon: false, afterColon: true }]
+  indent: [2, 2]
+  no-lonely-if: 2
+  no-floating-decimal: 2
+  brace-style: [2, 1tbs, { allowSingleLine: true }]
+  comma-style: [2, last]
+  no-multiple-empty-lines: [2, {max: 1}]
+  no-nested-ternary: 2
+  operator-assignment: [2, always]
+  padded-blocks: [2, never]
+  quote-props: [2, as-needed]
+  keyword-spacing: [2, {'before': true, 'after': true, 'overrides': {}}]
+  space-before-blocks: [2, always]
+  array-bracket-spacing: [2, never]
+  computed-property-spacing: [2, never]
+  space-in-parens: [2, never]
+  space-unary-ops: [2, {words: true, nonwords: false}]
+  wrap-regex: 2
+  linebreak-style: 0
+  semi: [2, always]
+  arrow-spacing: [2, {before: true, after: true}]
+  no-class-assign: 2
+  no-const-assign: 2
+  no-this-before-super: 2
+  no-var: 2
+  object-shorthand: [2, always]
+  prefer-arrow-callback: 2
+  prefer-const: 2
+  prefer-spread: 2
+  prefer-template: 2
+
+overrides:
+  - files: 
+      - "test/**"
+    rules:
+      prefer-arrow-callback: 0
+      sonarjs/no-duplicate-string: 0
+      security/detect-object-injection: 0
+      security/detect-non-literal-fs-filename: 0
@@ -59,7 +59,9 @@ jobs:
                 body: `Hello, @${{ github.actor }}! 👋🏼
                        This PR is not up to date with the base branch and can't be merged.
                        Please update your branch manually with the latest version of the base branch.
-                       PRO-TIP: Add a comment to your PR with the text: \`/au\` or \`/autoupdate\` and our bot will take care of updating the branch in the future. The only requirement for this to work is to enable [Allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) option in your PR.
+                       PRO-TIP: To request an update from the upstream branch, simply comment \`/u\` or \`/update\` and our bot will handle the update operation promptly.
+                       
+                       The only requirement for this to work is to enable [Allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) option in your PR. Also the update will not work if your fork is located in an organization, not under your personal profile.
                        Thanks 😄`
               })
             }

@@ -1,34 +1,34 @@
-# This action is centrally managed in https://github.com/asyncapi/.github/
-# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
-
-# This workflow is designed to work with:
-# - autoapprove and automerge workflows for dependabot and asyncapibot.
-# - special release branches that we from time to time create in upstream repos. If we open up PRs for them from the very beginning of the release, the release branch will constantly update with new things from the destination branch they are opened against
-
-# It uses GitHub Action that auto-updates pull requests branches, whenever changes are pushed to their destination branch.
-# Autoupdating to latest destination branch works only in the context of upstream repo and not forks
-
-name: autoupdate
-
-on:
-  push:
-    branches-ignore:  
-      - 'version-bump/**'
-      - 'dependabot/**'
-      - 'bot/**'
-      - 'all-contributors/**'
-
-jobs:
-  autoupdate-for-bot:
-    if: startsWith(github.repository, 'asyncapi/')
-    name: Autoupdate autoapproved PR created in the upstream
-    runs-on: ubuntu-latest
-    steps:
-      - name: Autoupdating
-        uses: docker://chinthakagodawita/autoupdate-action:v1
-        env:
-          GITHUB_TOKEN: '${{ secrets.GH_TOKEN_BOT_EVE }}'
-          PR_FILTER: "labelled"
-          PR_LABELS: "autoupdate"
-          PR_READY_STATE: "ready_for_review"
-          MERGE_CONFLICT_ACTION: "ignore"
+# This action is centrally managed in https://github.com/asyncapi/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
+
+# This workflow is designed to work with:
+# - autoapprove and automerge workflows for dependabot and asyncapibot.
+# - special release branches that we from time to time create in upstream repos. If we open up PRs for them from the very beginning of the release, the release branch will constantly update with new things from the destination branch they are opened against
+
+# It uses GitHub Action that auto-updates pull requests branches, whenever changes are pushed to their destination branch.
+# Autoupdating to latest destination branch works only in the context of upstream repo and not forks
+
+name: autoupdate
+
+on:
+  push:
+    branches-ignore:  
+      - 'version-bump/**'
+      - 'dependabot/**'
+      - 'bot/**'
+      - 'all-contributors/**'
+
+jobs:
+  autoupdate-for-bot:
+    if: startsWith(github.repository, 'asyncapi/')
+    name: Autoupdate autoapproved PR created in the upstream
+    runs-on: ubuntu-latest
+    steps:
+      - name: Autoupdating
+        uses: docker://chinthakagodawita/autoupdate-action:v1
+        env:
+          GITHUB_TOKEN: '${{ secrets.GH_TOKEN_BOT_EVE }}'
+          PR_FILTER: "labelled"
+          PR_LABELS: "autoupdate"
+          PR_READY_STATE: "ready_for_review"
+          MERGE_CONFLICT_ACTION: "ignore"
@@ -0,0 +1,126 @@
+# This workflow is centrally managed at https://github.com/asyncapi/.github/
+# Don't make changes to this file in this repository, as they will be overwritten with
+# changes made to the same file in the abovementioned repository.
+
+# The purpose of this workflow is to allow Bounty Team members
+# (https://github.com/orgs/asyncapi/teams/bounty_team) to issue commands to the
+# organization's global AsyncAPI bot related to the Bounty Program, while at the
+# same time preventing unauthorized users from misusing them.
+
+name: Bounty Program commands
+
+on:
+  issue_comment:
+    types:
+      - created
+
+env:
+  BOUNTY_PROGRAM_LABELS_JSON: |
+    [
+      {"name": "bounty", "color": "0e8a16", "description": "Participation in the Bounty Program"}
+    ]
+
+jobs:
+  guard-against-unauthorized-use:
+    if: >
+      github.actor != ('aeworxet' || 'thulieblack') &&
+      (
+        startsWith(github.event.comment.body, '/bounty' )
+      )
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command
+        uses: actions/github-script@v6
+
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const commentText = `❌ @${{github.actor}} is not authorized to use the Bounty Program's commands.
+            These commands can only be used by members of the [Bounty Team](https://github.com/orgs/asyncapi/teams/bounty_team).`;
+
+            console.log(`❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command.`);
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: commentText
+              })
+
+  add-label-bounty:
+    if: >
+      github.actor == ('aeworxet' || 'thulieblack') &&
+      (
+        startsWith(github.event.comment.body, '/bounty' )
+      )
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Add label `bounty`
+        uses: actions/github-script@v6
+
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const BOUNTY_PROGRAM_LABELS = JSON.parse(process.env.BOUNTY_PROGRAM_LABELS_JSON);
+            let LIST_OF_LABELS_FOR_REPO = await github.rest.issues.listLabelsForRepo({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                });
+
+            LIST_OF_LABELS_FOR_REPO = LIST_OF_LABELS_FOR_REPO.data.map(key => key.name);
+
+            if (!LIST_OF_LABELS_FOR_REPO.includes(BOUNTY_PROGRAM_LABELS[0].name)) {
+              await github.rest.issues.createLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                name: BOUNTY_PROGRAM_LABELS[0].name,
+                color: BOUNTY_PROGRAM_LABELS[0].color,
+                description: BOUNTY_PROGRAM_LABELS[0].description
+              });
+            }
+
+            console.log('Adding label `bounty`...');
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: [BOUNTY_PROGRAM_LABELS[0].name]
+            })
+
+  remove-label-bounty:
+    if: >
+      github.actor == ('aeworxet' || 'thulieblack') &&
+      (
+        startsWith(github.event.comment.body, '/unbounty' )
+      )
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Remove label `bounty`
+        uses: actions/github-script@v6
+
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const BOUNTY_PROGRAM_LABELS = JSON.parse(process.env.BOUNTY_PROGRAM_LABELS_JSON);
+            let LIST_OF_LABELS_FOR_ISSUE = await github.rest.issues.listLabelsOnIssue({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                });
+
+            LIST_OF_LABELS_FOR_ISSUE = LIST_OF_LABELS_FOR_ISSUE.data.map(key => key.name);
+
+            if (LIST_OF_LABELS_FOR_ISSUE.includes(BOUNTY_PROGRAM_LABELS[0].name)) {
+              console.log('Removing label `bounty`...');
+              github.rest.issues.removeLabel({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                name: [BOUNTY_PROGRAM_LABELS[0].name]
+              })
+            }
@@ -26,9 +26,10 @@ jobs:
         run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
       - if: steps.packagejson.outputs.exists == 'true'
         name: Bumping latest version of this package in other repositories
-        uses: derberg/npm-dependency-manager-for-your-github-org@26a4f13d740254719971325046822a169aaa7441 # using v5.-.- https://github.com/derberg/npm-dependency-manager-for-your-github-org/releases/tag/v5.0.0
+        uses: derberg/npm-dependency-manager-for-your-github-org@1eafd3bf3974f21d395c1abac855cb04b295d570 # using v6.-.- https://github.com/derberg/npm-dependency-manager-for-your-github-org/releases/tag/v6
         with:
           github_token: ${{ secrets.GH_TOKEN }}
           committer_username: asyncapi-bot
           committer_email: info@asyncapi.io
-          repos_to_ignore: html-template # this is temporary until react component releases 1.0, then it can be removed
+          repos_to_ignore: spec,bindings,saunter,server-api
+          custom_id: "dependency update from asyncapi bot"
@@ -31,9 +31,11 @@ jobs:
         
                     At the moment the following comments are supported in pull requests:
 
+                    - \`/please-take-a-look\` or \`/ptal\` - This comment will add a comment to the PR asking for attention from the reviewrs who have not reviewed the PR yet.
                     - \`/ready-to-merge\` or \`/rtm\` - This comment will trigger automerge of PR in case all required checks are green, approvals in place and do-not-merge label is not added
                     - \`/do-not-merge\` or \`/dnm\` - This comment will block automerging even if all conditions are met and ready-to-merge label is added
-                    - \`/autoupdate\` or \`/au\` - This comment will add \`autoupdate\` label to the PR and keeps your PR up-to-date to the target branch's future changes. Unless there is a merge conflict or it is a draft PR.`
+                    - \`/autoupdate\` or \`/au\` - This comment will add \`autoupdate\` label to the PR and keeps your PR up-to-date to the target branch's future changes. Unless there is a merge conflict or it is a draft PR. (Currently only works for upstream branches.)
+                    - \`/update\` or \`/u\` - This comment will update the PR with the latest changes from the target branch. Unless there is a merge conflict or it is a draft PR. NOTE: this only updates the PR once, so if you need to update again, you need to call the command again.`
             })
 
   create_help_comment_issue: