chore(ci-deps): Update files based on repository configuration (#217)

pleo-file-distributor[bot] · web-flow · commit 433a6936086e · 2024-05-02T12:14:25.000+01:00
Co-authored-by: pleo-file-distributor[bot] &lt;114988919+pleo-file-distributor[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/close-stale-prs.yaml b/.github/workflows/close-stale-prs.yaml
@@ -0,0 +1,36 @@
+# THIS CODE WAS AUTOGENERATED. DO NOT MODIFY THIS FILE DIRECTLY
+# THE SOURCE CODE LIVES IN A DIFFERENT REPOSITORY:
+#   - centralized-templates
+# FILE STEWARD: @pleo-io/team-devx,@pleo-bot-auto-approver
+
+# Warn and later close PRs that have had no activity for a specified amount of time.
+# This reminds us that code in most cases only provide value once merged.
+
+name: "Close Stale PRs"
+on:
+  schedule:
+    - cron: "0 9,16 * * *"
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        with:
+          stale-pr-label: stale
+          exempt-pr-labels: never-stale,dependencies
+          stale-pr-message: |
+            This PR is marked as stale since it has been open for 30 days with no activity. 
+
+            Remove the stale label or make a comment, otherwise the PR will be closed in 7 days.
+          close-pr-message: "This PR was closed because it has been stale for 7 days with no activity."
+          days-before-issue-stale: -1
+          days-before-pr-stale: 30
+          days-before-issue-close: -1
+          days-before-pr-close: 7
+          start-date: "2023-01-12"
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -30,13 +30,15 @@ env:
   GRADLE_SCRIPT_PATH: ./gradlew
   setWizCliDepsScanPath: .
   setWizCliDepsPolicy: Pleo-Default-vulnerabilities-policy
+  runWizCliDepsScan: false
 
 jobs:
   preflight:
     name: Determine if CodeQL should run
     runs-on: ubuntu-latest
     outputs:
       should_run_analyze: ${{ steps.maybe_skip_analyze.outputs.should_run_analyze }}
+      should_run_wiz_cli: ${{ steps.maybe_skip_wiz_cli.outputs.should_run_wiz_cli }}
       working_language: ${{steps.working_language_step.outputs.WORKING_LANGUAGE}}
     steps:
       - uses: winterjung/split@a211a1c46e35fcdc4097d59dd6282d4a9859651b # v2
@@ -67,12 +69,24 @@ jobs:
             echo "Running CodeQL analysis"
             echo "should_run_analyze=true" >> "$GITHUB_OUTPUT"
           fi
+      - id: maybe_skip_wiz_cli
+        name: Check if Wiz-CLI Deps Scan should run
+        shell: bash
+        run: |
+          if [[ "${{ env.runWizCliDepsScan }}" == "true" ]]; then
+            echo "should_run_wiz_cli=true" >> "$GITHUB_OUTPUT"
+          else
+              echo "should_run_wiz_cli=false" >> "$GITHUB_OUTPUT"
+          fi
       - id: working_language_step
         name: We check if the repository language is supported by CodeQL
         run: echo "WORKING_LANGUAGE=${{env[format('language_{0}', github.event.repository.language)]}}" >> "$GITHUB_OUTPUT"
 
   wiz-cli:
     name: Scan Dependencies with Wiz CLI
+    if: ${{ needs.preflight.outputs.should_run_wiz_cli == 'true'}}
+    needs:
+      - preflight
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -115,7 +129,6 @@ jobs:
     if: ${{ (needs.preflight.outputs.should_run_analyze == 'true') && (needs.preflight.outputs.working_language != '')}}
     needs:
       - preflight
-      - wiz-cli
     runs-on: codeql-runner
     timeout-minutes: 30
     permissions:
diff --git a/.github/workflows/pr-help.yaml b/.github/workflows/pr-help.yaml
@@ -0,0 +1,42 @@
+# THIS CODE WAS AUTOGENERATED. DO NOT MODIFY THIS FILE DIRECTLY
+# THE SOURCE CODE LIVES IN A DIFFERENT REPOSITORY:
+#   - centralized-templates
+# FILE STEWARD: @pleo-io/team-devx,@pleo-bot-auto-approver
+
+name: Check PR
+on:
+  pull_request:
+    types:
+      - assigned
+      - unassigned
+      - labeled
+      - unlabeled
+      - opened
+      - edited
+      - closed
+      - reopened
+      - synchronize
+      - ready_for_review
+      - locked
+      - unlocked
+      - review_requested
+      - review_request_removed
+
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  autoApproveEnabled: true
+
+jobs:
+  auto-approve-pr:
+    runs-on: ubuntu-latest
+    name: Auto-approve PR
+    if: ${{ contains(fromJSON('["pleo-bot-renovate", "pleo-file-distributor[bot]"]'), github.actor) && contains(github.event.pull_request.labels.*.name, 'autoapprove') }}
+    steps:
+      - uses: hmarr/auto-approve-action@v3
+        if: env.autoApproveEnabled == 'true'
+        with:
+          github-token: ${{ secrets.PLEO_BOT_AUTO_APPROVER_TOKEN }}
+          review-message: "This has been auto-approved by @pleo-bot-auto-approver. If your PR isn't being auto-merged as desired, make sure to add @pleo-bot-auto-approver to the CODEOWNERS file. More details how to use Renovate [here](https://www.notion.so/pleo/How-to-use-Renovate-781e4861200744c6b38d3efd8c6d525a?pvs=4)"
