Merge branch 'main' into feat/support-github-enterprise-api

.github/release-drafter.yml

@@ -5,7 +5,7 @@ template: |
   # Changelog
   $CHANGES
 
-  See details of [all code changes](https://github.com/github/stale-repos/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release
+  See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release
 
 categories:
   - title: "🚀 Features"
@@ -32,14 +32,17 @@ version-resolver:
   major:
     labels:
       - "breaking"
+      - "major"
   minor:
     labels:
       - "enhancement"
       - "fix"
+      - "minor"
   patch:
     labels:
       - "documentation"
       - "maintenance"
+      - "patch"
   default: patch
 autolabeler:
   - label: "automation"

.github/workflows/auto-labeler.yml

@@ -1,24 +1,18 @@
 ---
 name: Auto Labeler
-
 on:
   # pull_request_target event is required for autolabeler to support all PRs including forks
   pull_request_target:
     types: [opened, reopened, edited, synchronize]
-
 permissions:
   contents: read
-
 jobs:
   main:
     permissions:
       contents: write
       pull-requests: write
-    name: Auto label pull requests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          config-name: release-drafter.yml
+    uses: jmeridth/reusable-workflows/.github/workflows/auto-labeler.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0
+    with:
+      config-name: release-drafter.yml
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-image.yml

@@ -14,6 +14,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/[email protected]
       - name: Build the Docker image
         run: docker build . --file Dockerfile --platform linux/amd64 --tag stale_repos:"$(date +%s)"

.github/workflows/linter.yaml

@@ -18,7 +18,7 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/[email protected]
         with:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
@@ -28,7 +28,7 @@ jobs:
           python -m pip install --upgrade pip
           pip install -r requirements.txt -r requirements-test.txt
       - name: Lint Code Base
-        uses: super-linter/super-linter@b92721f792f381cedc002ecdbb9847a15ece5bb8
+        uses: super-linter/super-linter@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-title.yml

@@ -1,38 +1,17 @@
 ## Reference: https://github.com/amannn/action-semantic-pull-request
 ---
 name: "Lint PR Title"
-
 on:
   pull_request_target:
     types: [opened, reopened, edited, synchronize]
-
 permissions:
   contents: read
-
 jobs:
   main:
     permissions:
+      contents: read
       pull-requests: read
       statuses: write
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          # Configure which types are allowed (newline-delimited).
-          # From: https://github.com/commitizen/conventional-commit-types/blob/master/index.json
-          # listing all below
-          types: |
-            build
-            chore
-            ci
-            docs
-            feat
-            fix
-            perf
-            refactor
-            revert
-            style
-            test
+    uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/python-package.yml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.9, 3.11, 3.12]
+        python-version: [3.11, 3.12, 3.13]
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/[email protected]
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.github/workflows/release.yml

@@ -1,92 +1,50 @@
 ---
 name: Release
-
 on:
   workflow_dispatch:
   pull_request_target:
     types: [closed]
     branches: [main]
-
 permissions:
   contents: read
-
 jobs:
-  create_release:
-    # release if
-    # manual deployment OR
-    # merged to main and labelled with release labels
-    if: |
-      (github.event_name == 'workflow_dispatch') ||
-      (github.event.pull_request.merged == true &&
-      (contains(github.event.pull_request.labels.*.name, 'breaking') ||
-      contains(github.event.pull_request.labels.*.name, 'feature') ||
-      contains(github.event.pull_request.labels.*.name, 'vuln') ||
-      contains(github.event.pull_request.labels.*.name, 'release')))
-    outputs:
-      full-tag: ${{ steps.release-drafter.outputs.tag_name }}
-      short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }}
-      body: ${{ steps.release-drafter.outputs.body }}
-    runs-on: ubuntu-latest
+  release:
     permissions:
       contents: write
       pull-requests: read
-    steps:
-      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348
-        id: release-drafter
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          config-name: release-drafter.yml
-          publish: true
-      - name: Get the short tag
-        id: get_tag_name
-        run: |
-          short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1)
-          echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT
-  create_action_images:
-    needs: create_release
-    runs-on: ubuntu-latest
+    uses: jmeridth/reusable-workflows/.github/workflows/release.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+    with:
+      publish: true
+      release-config-name: release-drafter.yml
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+  release_image:
+    needs: release
     permissions:
+      contents: write
+      discussions: write
       packages: write
-    env:
-      REGISTRY: ghcr.io
-      IMAGE_NAME: github/stale_repos # different than repo name (underscore instead of dash)
-    steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
-      - name: Log in to the Container registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Push Docker Image
-        if: ${{ success() }}
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.full-tag }}
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.short-tag }}
-          platforms: linux/amd64
-          provenance: false
-          sbom: false
-  create_discussion:
-    needs: create_release
-    runs-on: ubuntu-latest
+      pull-requests: read
+    uses: jmeridth/reusable-workflows/.github/workflows/release-image.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+    with:
+      image-name: ${{ github.repository_owner }}/stale_repos
+      full-tag: ${{ needs.release.outputs.full-tag }}
+      short-tag: ${{ needs.release.outputs.short-tag }}
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      image-registry: ghcr.io
+      image-registry-username: ${{ github.actor }}
+      image-registry-password: ${{ secrets.GITHUB_TOKEN }}
+  release_discussion:
+    needs: release
     permissions:
+      contents: read
       discussions: write
-    steps:
-      - name: Create an announcement discussion for release
-        uses: abirismyname/create-discussion@6e6ef67e5eeb042343ef8b3d8d0f5d545cbdf024
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          title: ${{ needs.create_release.outputs.full-tag }}
-          body: ${{ needs.create_release.outputs.body }}
-          repository-id: ${{ secrets.RELEASE_DISCUSSION_REPOSITORY_ID }}
-          category-id: ${{ secrets.RELEASE_DISCUSSION_CATEGORY_ID }}
+    uses: jmeridth/reusable-workflows/.github/workflows/release-discussion.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+    with:
+      full-tag: ${{ needs.release.outputs.full-tag }}
+      body: ${{ needs.release.outputs.body }}
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      discussion-repository-id: ${{ secrets.RELEASE_DISCUSSION_REPOSITORY_ID }}
+      discussion-category-id: ${{ secrets.RELEASE_DISCUSSION_CATEGORY_ID }}

.github/workflows/scorecard.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/[email protected]
         with:
           persist-credentials: false
 
@@ -36,12 +36,12 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@v4.5.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif

.github/workflows/stale.yaml

@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e
+      - uses: actions/stale@v9.0.0
         with:
           stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days."
           close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity."

.github/workflows/use-action.yml

@@ -19,7 +19,7 @@ jobs:
       packages: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@v4.2.2
       - name: Run stale_repos tool
         uses: docker://ghcr.io/github/stale_repos:v1
         env:

Dockerfile

@@ -1,6 +1,6 @@
 #checkov:skip=CKV_DOCKER_2
 #checkov:skip=CKV_DOCKER_3
-FROM python:3.13-slim@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061
+FROM python:3.13-slim@sha256:1127090f9fff0b8e7c3a1367855ef8a3299472d2c9ed122948a576c39addeaf1
 LABEL com.github.actions.name="stale-repos" \
     com.github.actions.description="Find stale repositories in a GitHub organization." \
     com.github.actions.icon="check-square" \

README.md

@@ -254,7 +254,7 @@ jobs:
 
 ## Local usage without Docker
 
-1. Have Python v3.9 or greater installed
+1. Have Python v3.11 or greater installed
 1. Copy `.env-example` to `.env`
 1. Fill out the `.env` file with a _token_ from a user that has access to the organization to scan (listed below). Tokens should have admin:org or read:org access.
 1. Fill out the `.env` file with the desired _inactive_days_ value. This should be a whole positive number representing the amount of inactivity that you want for flagging stale repos.
@@ -266,7 +266,7 @@ jobs:
 
 ## Local testing without Docker
 
-1. Have Python v3.9 or greater installed
+1. Have Python v3.11 or greater installed
 1. `pip install -r requirements.txt -r requirements-test.txt`
 1. `make lint`
 1. `make test`

requirements-test.txt

@@ -1,9 +1,9 @@
 black==24.10.0
 flake8==7.1.1
-mypy==1.13.0
+mypy==1.14.0
 mypy-extensions==1.0.0
-pylint==3.3.1
-pytest==8.3.3
-pytest-cov==5.0.0
-types-python-dateutil==2.9.0.20241003
+pylint==3.3.3
+pytest==8.3.4
+pytest-cov==6.0.0
+types-python-dateutil==2.9.0.20241206
 types-requests==2.32.0.20241016