From af1a232fe88d7780dc27ec614b20aa5dc6c4fe1c Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 14 Oct 2024 11:38:50 +0200
Subject: [PATCH 1/5] ci: add a dependency reviewworkflow.

for background information, see

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review

and

https://github.com/actions/dependency-review-action

Signed-off-by: Michael Adam <obnox@samba.org>
---
 .github/workflows/dependency-review.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/workflows/dependency-review.yaml

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
new file mode 100644
index 00000000..b9d6d20f
--- /dev/null
+++ b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,14 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4

From 1ad4454d1d39b7cc3ab5a2d68c3b5f74ce75ca21 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 14 Oct 2024 11:42:34 +0200
Subject: [PATCH 2/5] ci add auto-assign action

This assigns an issue to a github user who comments '`/assign`

based on

https://github.com/rook/rook/blob/master/.github/workflows/auto-assign.yaml

Signed-off-by: Michael Adam <obnox@samba.org>
---
 .github/workflows/auto-assign.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/auto-assign.yaml

diff --git a/.github/workflows/auto-assign.yaml b/.github/workflows/auto-assign.yaml
new file mode 100644
index 00000000..54fc1e18
--- /dev/null
+++ b/.github/workflows/auto-assign.yaml
@@ -0,0 +1,22 @@
+name: Assign issue to contributor
+on:
+  issue_comment:
+    types: [created, edited]
+
+permissions:
+  contents: read
+
+jobs:
+  assign:
+    permissions:
+      # write permissions are needed to assign the issue.
+      issues: write
+    name: Run self assign job
+    runs-on: ubuntu-latest
+    steps:
+      - name: take the issue
+        uses: bdougie/take-action@1439165ac45a7461c2d89a59952cd7d941964b87 # main
+        with:
+          message: Thanks for taking this issue! Let us know if you have any questions!
+          trigger: /assign
+          token: ${{ secrets.GITHUB_TOKEN }}

From 3d42fae86239d9e7edabb6d1f68a8ab4d659e288 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 14 Oct 2024 11:59:45 +0200
Subject: [PATCH 3/5] Makefile: add a mod.check target

The mod.check target verifies and tidies the
go module dependencies.

Signed-off-by: Michael Adam <obnox@samba.org>
---
 Makefile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index 352de97d..3fef1fda 100644
--- a/Makefile
+++ b/Makefile
@@ -109,6 +109,14 @@ fmt: ## Run go fmt against code.
 vet: ## Run go vet against code.
 	go vet ./...
 
+.PHONY: mod.check
+mod.check:#check go module dependencies
+	@echo 'running "go mod verify"'
+	@go mod verify
+	@echo 'checking for modified files.'
+        # fail in case there are uncommitted changes
+	@ git diff --quiet || (echo "files were modified: " ; git status --porcelain ; false)
+
 .PHONY: test
 test: manifests generate fmt vet envtest ## Run tests.
 	OPERATOR_NAMESPACE="$${OPERATOR_NAMESPACE:=$(NAMESPACE)}" KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out

From ec2f11d780d628ade501c31be09592105a3d107a Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Wed, 16 Oct 2024 09:42:02 +0200
Subject: [PATCH 4/5] ci: add modcheck job to lint workflow

Signed-off-by: Michael Adam <obnox@samba.org>
---
 .github/workflows/lint.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 43209ec4..6799ffa9 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -103,3 +103,16 @@ jobs:
         ignore_paths: 'vendor'
         disable_matcher: false
         format: gcc
+
+  modcheck:
+    name: modcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: run mod check
+        run: make mod.check

From b3a2bc81172be698b4f18e2d61dd715e36fe40a7 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 15 Oct 2024 09:43:29 +0200
Subject: [PATCH 5/5] ci: add a stale workflow

This workflow periodically scans issues and PRs
to mark inactive items stale and close them after continued inactivity.

Based on the rook project's workflow:

https://github.com/rook/rook/blob/master/.github/workflows/stale.yaml

Signed-off-by: Michael Adam <obnox@samba.org>
---
 .github/workflows/stale.yaml | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/stale.yaml

diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
new file mode 100644
index 00000000..37f893ef
--- /dev/null
+++ b/.github/workflows/stale.yaml
@@ -0,0 +1,46 @@
+# Mark or close stale issues and PRs
+# based on the rook workflow:
+# https://github.com/rook/rook/blob/master/.github/workflows/stale.yaml
+
+name: "Mark or close stale issues and PRs"
+on:
+  schedule:
+    # Run the stalebot every day at 8pm UTC
+    - cron: "00 20 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write # for actions/stale to close stale issues
+      pull-requests: write # for actions/stale to close stale PRs
+    runs-on: ubuntu-22.04
+    if: github.repository == 'ceph/ceph-csi-operator'
+    steps:
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-issue-stale: 60
+          days-before-pr-stale: 30
+          days-before-close: 7
+          days-before-pr-close: 14
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has not had recent activity.
+            It will be closed in a week if no further activity occurs.
+            Thank you for your contributions.
+          stale-pr-message: >
+            This pull request has been automatically marked as stale because it has not had
+            recent activity. It will be closed in two weeks if no further activity occurs.
+            Thank you for your contributions.
+          close-issue-message: >
+            This issue has been automatically closed due to inactivity.
+            Please re-open if this still requires investigation.
+          close-pr-message: >
+            This pull request has been automatically closed due to inactivity.
+            Please re-open if these changes are still required.
+          stale-pr-label: "stale"
+          stale-issue-label: "wontfix"
+          exempt-issue-labels: "keepalive,security,reliability"
+          exempt-pr-labels: "keepalive,security,reliability"