From d82d249108d4665bbb734f1430766c4edbcfd6ba Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Mon, 27 Sep 2021 03:40:52 -0700
Subject: [PATCH] Add CI workflow to synchronize with shared repository labels

On every push that changes relevant files, and periodically, configure the repository's issue and pull request labels
according to the universal, shared, and local label configuration files.
---
 .github/label-configuration-files/labels.yml |  36 +++++
 .github/workflows/manage-prs.yml             |   2 +-
 .github/workflows/sync-labels.yml            | 132 +++++++++++++++++++
 3 files changed, 169 insertions(+), 1 deletion(-)
 create mode 100644 .github/label-configuration-files/labels.yml
 create mode 100644 .github/workflows/sync-labels.yml

diff --git a/.github/label-configuration-files/labels.yml b/.github/label-configuration-files/labels.yml
new file mode 100644
index 00000000..8bf004df
--- /dev/null
+++ b/.github/label-configuration-files/labels.yml
@@ -0,0 +1,36 @@
+# Used by the "Sync Labels" workflow
+# See: https://github.com/Financial-Times/github-label-sync#label-config-file
+
+- name: "status: maintenance required"
+  color: "ff0000"
+  description: Infrastructure failure unrelated to request
+- name: "topic: invalid"
+  color: "ff0000"
+  description: Request could not be processed
+- name: "topic: modification"
+  color: "00ffff"
+  description: Change existing list entry
+- name: "topic: other"
+  color: "00ffff"
+  description: Something other than a library list request
+- name: "topic: release removal"
+  color: "00ffff"
+  description: Remove a library release
+- name: "topic: removal"
+  color: "00ffff"
+  description: Remove library from the list
+- name: "topic: rename"
+  color: "00ffff"
+  description: Change registered library name
+- name: "topic: security"
+  color: "ff0000"
+  description: Related to the protection of user data
+  notes: |
+    Vulnerability disclosures are made following the procedure at:
+    https://github.com/arduino/.github/blob/master/SECURITY.md
+- name: "topic: submission"
+  color: "00ffff"
+  description: Add library to the list
+- name: "topic: URL change"
+  color: "00ffff"
+  description: Change library repository URL
diff --git a/.github/workflows/manage-prs.yml b/.github/workflows/manage-prs.yml
index 424cf885..bbaba25b 100644
--- a/.github/workflows/manage-prs.yml
+++ b/.github/workflows/manage-prs.yml
@@ -173,7 +173,7 @@ jobs:
           repo: ${{ github.event.repository.name }}
           issue_number: ${{ github.event.pull_request.number }}${{ github.event.issue.number }}
           labels: |
-            - ${{ needs.parse.outputs.type }}
+            - "topic: ${{ needs.parse.outputs.type }}"
 
   parse-fail:
     needs:
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
new file mode 100644
index 00000000..fc5329f3
--- /dev/null
+++ b/.github/workflows/sync-labels.yml
@@ -0,0 +1,132 @@
+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels.md
+name: Sync Labels
+
+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  push:
+    paths:
+      - ".github/workflows/sync-labels.ya?ml"
+      - ".github/label-configuration-files/*.ya?ml"
+  pull_request:
+    paths:
+      - ".github/workflows/sync-labels.ya?ml"
+      - ".github/label-configuration-files/*.ya?ml"
+  schedule:
+    # Run daily at 8 AM UTC to sync with changes to shared label configurations.
+    - cron: "0 8 * * *"
+  workflow_dispatch:
+  repository_dispatch:
+
+env:
+  CONFIGURATIONS_FOLDER: .github/label-configuration-files
+  CONFIGURATIONS_ARTIFACT: label-configuration-files
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Download JSON schema for labels configuration file
+        id: download-schema
+        uses: carlosperate/download-file-action@v1.0.3
+        with:
+          file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json
+          location: ${{ runner.temp }}/label-configuration-schema
+
+      - name: Install JSON schema validator
+        run: |
+          sudo npm install \
+            --global \
+            ajv-cli \
+            ajv-formats
+
+      - name: Validate local labels configuration
+        run: |
+          # See: https://github.com/ajv-validator/ajv-cli#readme
+          ajv validate \
+            --all-errors \
+            -c ajv-formats \
+            -s "${{ steps.download-schema.outputs.file-path }}" \
+            -d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}"
+
+  download:
+    needs: check
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        filename:
+          # Filenames of the shared configurations to apply to the repository in addition to the local configuration.
+          # https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/sync-labels
+          - universal.yml
+
+    steps:
+      - name: Download
+        uses: carlosperate/download-file-action@v1.0.3
+        with:
+          file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }}
+
+      - name: Pass configuration files to next job via workflow artifact
+        uses: actions/upload-artifact@v2
+        with:
+          path: |
+            *.yaml
+            *.yml
+          if-no-files-found: error
+          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+
+  sync:
+    needs: download
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set environment variables
+        run: |
+          # See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+          echo "MERGED_CONFIGURATION_PATH=${{ runner.temp }}/labels.yml" >> "$GITHUB_ENV"
+
+      - name: Determine whether to dry run
+        id: dry-run
+        if: >
+          github.event == 'pull_request' ||
+          github.ref != format('refs/heads/{0}', github.event.repository.default_branch)
+        run: |
+          # Use of this flag in the github-label-sync command will cause it to only check the validity of the
+          # configuration.
+          echo "::set-output name=flag::--dry-run"
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Download configuration files artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+          path: ${{ env.CONFIGURATIONS_FOLDER }}
+
+      - name: Remove unneeded artifact
+        uses: geekyeggo/delete-artifact@v1
+        with:
+          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+
+      - name: Merge label configuration files
+        run: |
+          # Merge all configuration files
+          shopt -s extglob
+          cat "${{ env.CONFIGURATIONS_FOLDER }}"/*.@(yml|yaml) > "${{ env.MERGED_CONFIGURATION_PATH }}"
+
+      - name: Install github-label-sync
+        run: sudo npm install --global github-label-sync
+
+      - name: Sync labels
+        env:
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # See: https://github.com/Financial-Times/github-label-sync
+          github-label-sync \
+            --labels "${{ env.MERGED_CONFIGURATION_PATH }}" \
+            ${{ steps.dry-run.outputs.flag }} \
+            ${{ github.repository }}