From 1e05f989fa561734f445576f38075a0e2442b2e2 Mon Sep 17 00:00:00 2001
From: Fran Mulero <fmulero@vmware.com>
Date: Thu, 23 Mar 2023 10:45:53 +0100
Subject: [PATCH] [bitnami/containers] Reduce GitHub API requests (#27835)

* [bitnami/containers] Reduce GitHub API requests

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Use pr number as part of the temporary file

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Remove automated PRs from the 'Move closed issues' workflow

Signed-off-by: Fran Mulero <fmulero@vmware.com>

---------

Signed-off-by: Fran Mulero <fmulero@vmware.com>
---
 .github/workflows/assign-asset-label.yml | 11 ++++++-----
 .github/workflows/ci-pipeline.yml        | 11 ++++++-----
 .github/workflows/move-closed-issues.yml | 14 ++++----------
 .github/workflows/triage.yml             | 23 ++++++++++++++++++++++-
 4 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/assign-asset-label.yml b/.github/workflows/assign-asset-label.yml
index 9e85b30c77db..9b5c5e0efa40 100644
--- a/.github/workflows/assign-asset-label.yml
+++ b/.github/workflows/assign-asset-label.yml
@@ -13,12 +13,13 @@ jobs:
     steps:
       - id: get-asset
         name: Get modified assets
+        env:
+          DIFF_URL: "${{github.event.pull_request.diff_url}}"
+          TEMP_FILE: "${{runner.temp}}/pr-${{github.event.number}}.diff"
         run: |
-          # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
-          # and jitterbit/get-changed-files does not support pull_request_target
-          URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
-          files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL")
-          files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
+          # This request doesn't consume API calls.
+          curl -Lkso $TEMP_FILE $DIFF_URL
+          files_changed="$(sed -nr 's/[\-\+]{3} [ab]\/(.*)/\1/p' $TEMP_FILE | sort | uniq)"
           # Adding || true to avoid "Process exited with code 1" errors
           assets=($(echo "$files_changed" | xargs dirname | sed -nr "s|bitnami/([^/]*).*|\1|p" | sort | uniq || true))
 
diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
index a6d8a021f645..2ca333be016c 100644
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -33,12 +33,13 @@ jobs:
     steps:
       - id: get-containers
         name: Get modified containers
+        env:
+          DIFF_URL: "${{github.event.pull_request.diff_url}}"
+          TEMP_FILE: "${{runner.temp}}/pr-${{github.event.number}}.diff"
         run: |
-          # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
-          # and jitterbit/get-changed-files does not support pull_request_target
-          URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
-          files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL")
-          files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
+          # This request doesn't consume API calls.
+          curl -Lkso $TEMP_FILE $DIFF_URL
+          files_changed="$(sed -nr 's/[\-\+]{3} [ab]\/(.*)/\1/p' $TEMP_FILE | sort | uniq)"
           # Adding || true to avoid "Process exited with code 1" errors
           flavors=($(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*/[^/]*/[^/]*" | sort | uniq || true))
           assets=($(echo "$files_changed" | xargs dirname | sed -nr "s|bitnami/([^/]*)/.*|\1|p" | sort | uniq || true))
diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml
index 0a42da248ef8..fe86f9a692ae 100644
--- a/.github/workflows/move-closed-issues.yml
+++ b/.github/workflows/move-closed-issues.yml
@@ -18,18 +18,12 @@ jobs:
       - name: Send to the Solved column
         id: send-solved
         uses: peter-evans/create-or-update-project-card@v2
+        # Send to solve only the issues and PRs created by users or the automated PRs with human review required
+        if: |
+          (github.event.issue != null && github.event.issue.user.login != 'bitnami-bot') ||
+          (github.event.issue == null && (github.event.pull_request.user.login != 'bitnami-bot' || contains(github.event.pull_request.labels.*.name, 'review-required')))
         with:
           project-name: Support
           column-name: 'Solved'
           token: "${{ secrets.BITNAMI_BOT_TOKEN }}"
           issue-number: ${{ github.event_name != 'issues' && github.event.number || github.event.issue.number }}
-      - name: Remove cards from automated PRs
-        if: |
-          (github.event.issue != null && github.event.issue.user.login == 'bitnami-bot') ||
-          (github.event.issue == null && github.event.pull_request.user.login == 'bitnami-bot')
-        uses: actions/github-script@v6
-        with:
-          script: |
-            github.rest.projects.deleteCard({
-              card_id: ${{ steps.send-solved.outputs.card-id }}
-            });
diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml
index 8505ee9c5a71..acb4dc872b78 100644
--- a/.github/workflows/triage.yml
+++ b/.github/workflows/triage.yml
@@ -9,6 +9,9 @@ on:
     types:
       - reopened
       - opened
+permissions:
+  issues: write
+  pull-requests: write
 # Avoid concurrency over the same issue
 concurrency:
   group: card-movement-${{ github.event_name != 'issues' && github.event.number || github.event.issue.number }}
@@ -31,13 +34,31 @@ jobs:
         run: |
           author="${{ github.event.issue != null && github.event.issue.user.login || github.event.pull_request.user.login }}"
           number="${{ github.event_name != 'issues' && github.event.number || github.event.issue.number }}"
+          type="${{ github.event_name != 'issues' && 'pull_request' || 'issue' }}"
           echo "author=${author}" >> $GITHUB_OUTPUT
           echo "number=${number}" >> $GITHUB_OUTPUT
+          echo "type=${type}" >> $GITHUB_OUTPUT
       - name: Send to the board
+        if: ${{steps.get-issue.outputs.author != 'bitnami-bot' || steps.get-issue.outputs.type != 'pull_request'}}
         uses: peter-evans/create-or-update-project-card@v2
         with:
           project-name: Support
           # If the author comes from Bitnami, send it to Bitnami. Otherwise, all to Triage
           column-name: ${{ (contains(fromJson(env.BITNAMI_TEAM), steps.get-issue.outputs.author)) && 'From Bitnami' || 'Triage' }}
           token: "${{ secrets.BITNAMI_BOT_TOKEN }}"
-          issue-number: ${{ steps.get-issue.outputs.number }}
\ No newline at end of file
+          issue-number: ${{ steps.get-issue.outputs.number }}
+      # The project API is not efficient and requires several requests to create the project card. For that reason we decided to create
+      # a card for the automated PRs only when it is needed.
+      - name: From Bitnami labeling
+        if: ${{steps.get-issue.outputs.author == 'bitnami-bot' && steps.get-issue.outputs.type == 'pull_request'}}
+        uses: fmulero/labeler@1.0.5
+        with:
+          add-labels: 'automated, auto-merge'
+          remove-labels: on-hold, in-progress, triage, solved
+      - name: Verify labeling
+        if: ${{steps.get-issue.outputs.author == 'bitnami-bot' && steps.get-issue.outputs.type == 'pull_request'}}
+        uses: fmulero/labeler@1.0.5
+        with:
+          # Bitnami bot token is required to trigger CI workflows
+          repo-token: ${{ secrets.BITNAMI_BOT_TOKEN }}
+          add-labels: verify
\ No newline at end of file