Bump Endjin.PRAutoflow (#123)

Co-authored-by: dependjinbot <[email protected]>

.github/config/pr-autoflow.json

@@ -1,4 +1,4 @@
 {
   "AUTO_MERGE_PACKAGE_WILDCARD_EXPRESSIONS": "[\"Endjin.*\",\"Corvus.*\"]",
-  "AUTO_RELEASE_PACKAGE_WILDCARD_EXPRESSIONS": "[\"Corvus.*\"]"
+  "AUTO_RELEASE_PACKAGE_WILDCARD_EXPRESSIONS": "[\"Corvus.AzureFunctionsKeepAlive\",\"Corvus.Configuration\",\"Corvus.ContentHandling\",\"Corvus.Deployment\",\"Corvus.DotLiquidAsync\",\"Corvus.EventStore\",\"Corvus.Extensions\",\"Corvus.Extensions.CosmosDb\",\"Corvus.Extensions.Newtonsoft.Json\",\"Corvus.Extensions.System.Text.Json\",\"Corvus.Identity\",\"Corvus.Leasing\",\"Corvus.Monitoring\",\"Corvus.Retry\",\"Corvus.Tenancy\"]"
 }

.github/workflows/auto_merge.yml

@@ -24,19 +24,62 @@ on:
   status: {}
 
 jobs:
+  check_pr_from_fork:
+    name: Check PR from fork
+    runs-on: ubuntu-18.04
+    outputs: 
+      is_forked_pr: ${{ steps.check_pr_source.outputs.result }}
+    steps:
+      - name: Check PR source
+        id: check_pr_source
+        uses: actions/github-script@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # For PR-based events returns 'true' when the HEAD originates from a forked repo
+          # We do this to avoid security issues
+          script: |
+            return ( !(context.payload.pull_request) ? false : (
+              context.payload.pull_request.head.repo.full_name !== context.payload.pull_request.base.repo.full_name)
+            );
+
   auto_merge:
     name: Auto-squash the PR
     runs-on: ubuntu-18.04
-    # Don't process PRs from forked repos
-    if:
-      github.event.pull_request.head.repo.full_name == github.repository
+    # Don't run when the triggering event originates from a forked repos
+    needs: check_pr_from_fork
+    if: |
+      needs.check_pr_from_fork.outputs.is_forked_pr == 'false'
     steps:
       - name: Generate token
         id: generate_token
         uses: tibdex/github-app-token@v1
         with:
           app_id: ${{ secrets.ENDJIN_BOT_APP_ID }}
           private_key: ${{ secrets.ENDJIN_BOT_PRIVATE_KEY }}
+      # This may not be strictly required, but should keep unmerged, closed PRs cleaner
+      - name: Remove 'autosquash' label from closed PRs
+        id: remove_autosquash_label_from_closed_prs
+        uses: actions/github-script@v2
+        with:
+          github-token: '${{ steps.generate_token.outputs.token }}'
+          script: |
+            const pulls = await github.search.issuesAndPullRequests({
+              q: 'is:pr is:closed label:autosquash',
+            });
+            core.info(`pulls: ${pulls.data.items}`)
+            const repoUrl = `https://api.github.com/repos/${context.payload.repository.owner.login}/${context.payload.repository.name}`
+            const prs_to_unlabel = pulls.data.items.
+                                          filter(function (x) { return x.repository_url == repoUrl; }).
+                                          map(p=>p.number);
+            for (const i of prs_to_unlabel) {
+              core.info(`Removing label 'autosquash' from issue #${i}`)
+              github.issues.removeLabel({
+                owner: context.payload.repository.owner.login,
+                repo: context.payload.repository.name,
+                issue_number: i,
+                name: 'autosquash'
+              });
+            }
       - uses: endjin/[email protected]
         with:
           github_token: '${{ steps.generate_token.outputs.token }}'

.github/workflows/auto_release.yml

@@ -182,7 +182,7 @@ jobs:
     - name: Create SemVer tag
       uses: actions/github-script@v2
       with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
+        github-token: ${{ steps.generate_token.outputs.token }}
         script: |
           const uri_path = '/repos/' + context.payload.repository.owner.login + '/' + context.payload.repository.name + '/git/refs'
           const tag = await github.request(('POST ' + uri_path), {