chore(github): auto-approve automated github workflows (#381)

* chore(github): update auto approve mechanism for some workflows

* chore(github): update auto approve mechanism for upgrade main deps

Author: krokoko

.github/workflows/auto-approve.yml

@@ -15,6 +15,7 @@ import { JsonPatch, awscdk } from 'projen';
 import { DependabotScheduleInterval, VersioningStrategy } from 'projen/lib/github';
 import { JobPermission } from 'projen/lib/github/workflows-model';
 import { NpmAccess } from 'projen/lib/javascript';
+import { buildUpgradeMainPRCustomJob } from './projenrc/github-jobs';
 import {
   buildMeritBadgerWorkflow,
   buildMonthlyIssuesMetricsWorkflow,
@@ -117,6 +118,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
   sampleCode: false,
   stale: true,
 });
+
 // Add some useful github workflows
 buildMeritBadgerWorkflow(project);
 buildMonthlyIssuesMetricsWorkflow(project);
@@ -127,6 +129,12 @@ runBanditWorkflow(project);
 runCommitLintWorkflow(project);
 buildCodeGenerationWorkflow(project);
 
+const workflowUpgradeMain = project.github?.tryFindWorkflow('upgrade-main');
+if (workflowUpgradeMain) {
+  // upgrade the PR job to use the custom one adding a label
+  workflowUpgradeMain.updateJob('pr', buildUpgradeMainPRCustomJob());
+}
+
 // Add specific overrides https://projen.io/docs/integrations/github/#actions-versions
 project.github?.actions.set('actions/checkout@v3', 'actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744');
 project.github?.actions.set('actions/download-artifact@v3', 'actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a');
@@ -139,7 +147,7 @@ project.github?.actions.set('amannn/[email protected]', 'amann
 project.github?.actions.set('aws-github-ops/github-merit-badger@main', 'aws-github-ops/github-merit-badger@70d1c47f7051d6e324d4ddc48d676ba61ef69a3e');
 project.github?.actions.set('codecov/codecov-action@v3', 'codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d');
 project.github?.actions.set('github/issue-metrics@v2', 'github/issue-metrics@6bc5254e72971dbb7462db077779f1643f772afd');
-project.github?.actions.set('hmarr/auto-approve-action@v3.2.1', 'hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4');
+project.github?.actions.set('hmarr/auto-approve-action@v4.0.0', 'hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363');
 project.github?.actions.set('minicli/[email protected]', 'minicli/action-contributors@20ec03af008cb51110a3137fbf77f59a4fd7ff5a');
 project.github?.actions.set('oss-review-toolkit/ort-ci-github-action@v1', 'oss-review-toolkit/ort-ci-github-action@7f23c1f8d169dad430e41df223d3b8409c7a156e');
 project.github?.actions.set('peter-evans/create-issue-from-file@v4', 'peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f');

.github/workflows/code-generation.yml

@@ -0,0 +1,92 @@
+/**
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+import { Job, JobPermission } from 'projen/lib/github/workflows-model';
+
+/**
+ * GitHub job used to replace the default one created by Projen
+ * as part of the upgrade-main action workflow. This job takes
+ * the same steps, and adds the auto-approve label
+ */
+export function buildUpgradeMainPRCustomJob() {
+  const pr: Job = {
+    name: 'Create Pull Request',
+    needs: ['upgrade'],
+    runsOn: ['ubuntu-latest'],
+    permissions: {
+      contents: JobPermission.READ,
+    },
+    if: '${{ needs.upgrade.outputs.patch_created }}',
+    steps: [
+      {
+        name: 'Checkout',
+        uses: 'actions/checkout@v3',
+        with: {
+          ref: 'main',
+        },
+      },
+      {
+        name: 'Download patch',
+        uses: 'actions/download-artifact@v3',
+        with: {
+          name: '.repo.patch',
+          path: '${{ runner.temp }}',
+        },
+      },
+      {
+        name: 'Apply patch',
+        run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."',
+      },
+      {
+        name: 'Set git identity',
+        run: [
+          'git config user.name "github-actions"',
+          'git config user.email "[email protected]"',
+        ].join('\n'),
+      },
+      {
+        name: 'Create Pull Request',
+        id: 'create-pr',
+        uses: 'peter-evans/create-pull-request@v4',
+        with: {
+          'token': '${{ secrets.PROJEN_GITHUB_TOKEN }}',
+          'commit-message': [
+            'chore(deps): upgrade dependencies\n',
+
+            'Upgrades project dependencies. See details in [workflow run].\n',
+
+            '[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n',
+
+            '------\n',
+
+            '*Automatically created by projen via the "upgrade-main" workflow*',
+          ].join('\n'),
+          'branch': 'github-actions/upgrade-main',
+          'title': 'chore(deps): upgrade dependencies',
+          'body': [
+            'Upgrades project dependencies. See details in [workflow run].\n',
+            '[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n',
+            '------\n',
+
+            '*Automatically created by projen via the "upgrade-main" workflow*',
+          ].join('\n'),
+          'author': 'github-actions <[email protected]>',
+          'committer': 'github-actions <[email protected]>',
+          'signoff': true,
+          'labels': 'auto-approve',
+        },
+      },
+    ],
+  };
+
+  return pr;
+}

.github/workflows/monthly-repo-metrics.yml

@@ -100,6 +100,7 @@ export function buildMonthlyIssuesMetricsWorkflow(project: AwsCdkConstructLibrar
           'token': '${{ secrets.PROJEN_GITHUB_TOKEN }}',
           'content-filepath': './issue_metrics.md',
           'assignees': 'krokoko',
+          'labels': 'auto-approve',
         },
       },
       {
@@ -120,6 +121,7 @@ export function buildMonthlyIssuesMetricsWorkflow(project: AwsCdkConstructLibrar
           'token': '${{ secrets.PROJEN_GITHUB_TOKEN }}',
           'content-filepath': './issue_metrics.md',
           'assignees': 'krokoko',
+          'labels': 'auto-approve',
         },
       },
     ],
@@ -147,15 +149,16 @@ export function buildMonthlyIssuesMetricsWorkflow(project: AwsCdkConstructLibrar
 export function buildAutoApproveWorkflow(project: AwsCdkConstructLibrary) {
   const autoapprove: Job = {
     runsOn: ['ubuntu-latest'],
-    if: "(github.event.pull_request.user.login == 'emerging-tech-cdk-constructs-bot' || github.event.pull_request.user.login == 'generative-ai-cdk-constructs-bot') && contains(github.event.pull_request.labels.*.name, 'auto-approve')",
+    if: "contains(github.event.pull_request.labels.*.name, 'auto-approve')",
     permissions: {
       pullRequests: JobPermission.WRITE,
     },
     steps: [
       {
-        uses: 'hmarr/auto-approve-action@v3.2.1',
+        uses: 'hmarr/auto-approve-action@v4.0.0',
         with: {
           'github-token': '${{ secrets.PROJEN_GITHUB_TOKEN }}',
+          'review-message': 'Auto approved automated PR',
         },
       },
     ],
@@ -576,6 +579,7 @@ export function buildCodeGenerationWorkflow(project: AwsCdkConstructLibrary) {
           'author': 'github-actions <[email protected]>',
           'committer': 'github-actions <[email protected]>',
           'signoff': true,
+          'labels': 'auto-approve',
         },
       },
     ],