From 5d54a16b2d98f619f55da9aec3e758b7b6d48884 Mon Sep 17 00:00:00 2001 From: Marvin Lindner Date: Thu, 28 May 2026 14:09:25 +0200 Subject: [PATCH] refactor: migrate to centralized actions from cap-java/.github MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace local composite actions with references to cap-java/.github: - build → cap-java/.github/actions/build - deploy-release → cap-java/.github/actions/deploy-release - scan-with-blackduck → cap-java/.github/actions/scan-with-blackduck - scan-with-codeql → cap-java/.github/actions/scan-with-codeql - scan-with-sonar → cap-java/.github/actions/scan-with-sonar Replace utility workflows with thin callers to central reusable workflows: - issue.yml → cap-java/.github/.github/workflows/issue.yml - stale.yml → cap-java/.github/.github/workflows/stale.yml - prevent-issue-labeling.yml → cap-java/.github/.github/workflows/prevent-issue-labeling.yml Update cf-bind to use cap-java/.github/actions/cf-login for CF CLI install and authentication (keeps project-specific service bindings local). Update pr.yml and main.yml to reference local pipeline workflow. All references point to @feat/centralized-actions-workflows for testing. --- .github/actions/build/action.yml | 33 -------- .github/actions/cf-bind/action.yml | 36 ++------- .github/actions/deploy-release/action.yml | 70 ---------------- .../actions/scan-with-blackduck/action.yml | 79 ------------------ .github/actions/scan-with-codeql/action.yml | 51 ------------ .github/actions/scan-with-sonar/action.yml | 80 ------------------- .github/workflows/issue.yml | 21 +---- .github/workflows/main.yml | 6 +- .github/workflows/pipeline.yml | 19 +++-- .github/workflows/pr.yml | 2 +- .github/workflows/prevent-issue-labeling.yml | 16 +--- .github/workflows/release.yml | 8 +- .github/workflows/stale.yml | 12 +-- 13 files changed, 34 insertions(+), 399 deletions(-) delete mode 100644 .github/actions/build/action.yml delete mode 100644 .github/actions/deploy-release/action.yml delete mode 100644 .github/actions/scan-with-blackduck/action.yml delete mode 100644 .github/actions/scan-with-codeql/action.yml delete mode 100644 .github/actions/scan-with-sonar/action.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml deleted file mode 100644 index 9326dcb2..00000000 --- a/.github/actions/build/action.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Maven Build -description: Builds a Maven project. - -inputs: - java-version: - description: The Java version the build will run with. - required: true - maven-version: - description: The Maven version the build will run with. - required: true - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Install @sap/cds-dk - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Maven Build - run: mvn clean install -DskipTests -B -ntp -Dcds.install-node.skip - shell: bash diff --git a/.github/actions/cf-bind/action.yml b/.github/actions/cf-bind/action.yml index babed873..9b14614a 100644 --- a/.github/actions/cf-bind/action.yml +++ b/.github/actions/cf-bind/action.yml @@ -24,36 +24,14 @@ inputs: runs: using: composite steps: - - name: Install CF CLI - shell: bash - env: - CF_CLI_VERSION: '8.18.3' - run: | - wget -q "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${CF_CLI_VERSION}&source=github-rel" -O cf-cli.tar.gz - tar -xzf cf-cli.tar.gz - sudo mv cf8 /usr/local/bin/cf - cf --version - - name: CF Login - shell: bash - env: - CF_USERNAME: ${{ inputs.cf-username }} - CF_PASSWORD: ${{ inputs.cf-password }} - CF_API: ${{ inputs.cf-api }} - CF_ORG: ${{ inputs.cf-org }} - CF_SPACE: ${{ inputs.cf-space }} - run: | - for i in {1..5}; do - cf api "$CF_API" && \ - cf auth && \ - cf target -o "$CF_ORG" -s "$CF_SPACE" && break - if [ "$i" -eq 5 ]; then - echo "cf login failed after 5 attempts." - exit 1 - fi - echo "cf login failed, retrying ($i/5)..." - sleep 10 - done + uses: cap-java/.github/actions/cf-login@feat/centralized-actions-workflows + with: + cf-api: ${{ inputs.cf-api }} + cf-username: ${{ inputs.cf-username }} + cf-password: ${{ inputs.cf-password }} + cf-org: ${{ inputs.cf-org }} + cf-space: ${{ inputs.cf-space }} - name: Install @sap/cds-dk shell: bash diff --git a/.github/actions/deploy-release/action.yml b/.github/actions/deploy-release/action.yml deleted file mode 100644 index 07198295..00000000 --- a/.github/actions/deploy-release/action.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Deploy Release to Maven Central -description: Deploys released artifacts to Maven Central repository. - -inputs: - user: - description: The user used for the upload (technical user for maven central upload) - required: true - password: - description: The password used for the upload (technical user for maven central upload) - required: true - pgp-pub-key: - description: The public pgp key ID - required: true - pgp-private-key: - description: The private pgp key - required: true - pgp-passphrase: - description: The passphrase for pgp - required: true - revision: - description: The revision of cds-feature-attachments - required: true - maven-version: - description: The Maven version the build will run with. - required: true - -runs: - using: composite - steps: - - name: Set up Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - distribution: sapmachine - java-version: '17' - cache: maven - server-id: central - server-username: MAVEN_CENTRAL_USER - server-password: MAVEN_CENTRAL_PASSWORD - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Install @sap/cds-dk - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Import GPG Key - run: | - echo "${{ inputs.pgp-private-key }}" | gpg --batch --passphrase "$PASSPHRASE" --import - shell: bash - env: - PASSPHRASE: ${{ inputs.pgp-passphrase }} - - - name: Deploy to Maven Central - run: > - mvn -B -ntp --show-version - -Dmaven.install.skip=true - -Dmaven.test.skip=true - -Dcds.install-node.skip - -Dgpg.passphrase="$GPG_PASSPHRASE" - -Dgpg.keyname="$GPG_PUB_KEY" - clean deploy -P deploy-release - shell: bash - env: - MAVEN_CENTRAL_USER: ${{ inputs.user }} - MAVEN_CENTRAL_PASSWORD: ${{ inputs.password }} - GPG_PASSPHRASE: ${{ inputs.pgp-passphrase }} - GPG_PUB_KEY: ${{ inputs.pgp-pub-key }} diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml deleted file mode 100644 index ff3675c2..00000000 --- a/.github/actions/scan-with-blackduck/action.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: Scan with BlackDuck -description: Scans the project with BlackDuck - -inputs: - blackduck_token: - description: The token to use for BlackDuck authentication - required: true - github_token: - description: The token to use for GitHub authentication - required: true - java-version: - description: The version of Java to use - default: '17' - required: false - maven-version: - description: The Maven version the build shall run with. - required: true - version: - description: The project version to report to Black Duck (e.g. release tag). If empty, falls back to the Maven `revision` reduced to major-minor. - required: false - default: '' - scan_mode: - description: The scan mode to use (FULL uploads a report to the Black Duck server; RAPID is a fast policy gate without server upload). - default: 'FULL' - required: false - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Resolve Project Version - id: resolve-version - env: - VERSION_INPUT: ${{ inputs.version }} - run: | - if [ -n "$VERSION_INPUT" ]; then - VERSION="$VERSION_INPUT" - else - REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout) - VERSION=$(echo "$REVISION" | cut -d. -f1,2) - fi - echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - echo "Resolved BlackDuck project version: $VERSION" - shell: bash - - - name: BlackDuck Security Scan - uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0 - with: - blackducksca_url: https://sap.blackducksoftware.com/ - blackducksca_token: ${{ inputs.blackduck_token }} - blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }} - github_token: ${{ inputs.github_token }} - detect_args: > - --detect.project.name=com.sap.cds.feature.attachments - --detect.project.version.name=${{ steps.resolve-version.outputs.VERSION }} - --detect.project.user.groups=CDSJAVA-OPEN-SOURCE - --detect.included.detector.types=MAVEN - --detect.excluded.directories=**/*test*,**/samples/** - --detect.maven.included.modules=cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs - --detect.maven.excluded.scopes=test,provided - --detect.tools=DETECTOR,BINARY_SCAN - --detect.timeout=6000 - --detect.risk.report.pdf=false - --detect.policy.check.fail.on.severities=NONE - --detect.force.success.on.skip=true - --blackduck.signature.scanner.memory=4096 - --blackduck.trust.cert=true - --logging.level.detect=INFO diff --git a/.github/actions/scan-with-codeql/action.yml b/.github/actions/scan-with-codeql/action.yml deleted file mode 100644 index 8cedbebc..00000000 --- a/.github/actions/scan-with-codeql/action.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: CodeQL Analysis -description: Runs CodeQL security analysis on the project. - -inputs: - java-version: - description: The Java version to use for the build. - required: true - maven-version: - description: The Maven version to use for the build. - required: true - language: - description: The CodeQL language to analyze (java-kotlin or actions). - required: true - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - if: inputs.language == 'java-kotlin' - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - if: inputs.language == 'java-kotlin' - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - languages: ${{ inputs.language }} - build-mode: ${{ inputs.language == 'java-kotlin' && 'manual' || 'none' }} - - - name: Install @sap/cds-dk - if: inputs.language == 'java-kotlin' - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Build Java code - if: inputs.language == 'java-kotlin' - run: mvn clean compile -B -ntp -Dcds.install-node.skip - shell: bash - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - category: "/language:${{ inputs.language }}" diff --git a/.github/actions/scan-with-sonar/action.yml b/.github/actions/scan-with-sonar/action.yml deleted file mode 100644 index abf626ee..00000000 --- a/.github/actions/scan-with-sonar/action.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Scan with SonarQube -description: Scans the project with SonarQube - -inputs: - sonarq-token: - description: The token to use for SonarQube authentication - required: true - github-token: - description: The token to use for GitHub authentication - required: true - java-version: - description: The version of Java to use - required: true - maven-version: - description: The version of Maven to use - required: true - -runs: - using: composite - - steps: - - name: Set up Java ${{inputs.java-version}} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{inputs.java-version}} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{inputs.maven-version}} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{inputs.maven-version}} - - - name: Get Revision - id: get-revision - run: | - echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT - shell: bash - - - name: Build project for SonarQube scan - run: | - mvn clean verify -ntp -B -Dcds.install-node.skip - shell: bash - - - name: Verify JaCoCo reports exist - run: | - echo "=== Checking JaCoCo reports ===" - find . -name "jacoco.xml" -type f - for module in cds-feature-attachments storage-targets/cds-feature-attachments-fs storage-targets/cds-feature-attachments-oss; do - if [ -f "$module/target/site/jacoco/jacoco.xml" ]; then - echo "Found: $module/target/site/jacoco/jacoco.xml" - else - echo "Missing: $module/target/site/jacoco/jacoco.xml" - fi - done - if [ -f "coverage-report/target/site/jacoco-aggregate/jacoco.xml" ]; then - echo "Found: coverage-report/target/site/jacoco-aggregate/jacoco.xml" - else - echo "Missing: coverage-report/target/site/jacoco-aggregate/jacoco.xml" - exit 1 - fi - shell: bash - - - name: SonarQube Scan - run: > - mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - -Dsonar.host.url=https://sonar.tools.sap - -Dsonar.token="${SONAR_TOKEN}" - -Dsonar.projectKey=cds-feature-attachments - -Dsonar.projectVersion=${{ steps.get-revision.outputs.REVISION }} - -Dsonar.qualitygate.wait=true - -Dsonar.java.source=17 - -Dsonar.exclusions=**/samples/** - -Dsonar.coverage.jacoco.xmlReportPaths=${{ github.workspace }}/coverage-report/target/site/jacoco-aggregate/jacoco.xml - -Dsonar.coverage.exclusions=cds-feature-attachments/src/test/**,cds-feature-attachments/src/gen/**,storage-targets/cds-feature-attachments-fs/src/test/**,storage-targets/cds-feature-attachments-oss/src/test/** - -B -ntp - shell: bash - env: - GITHUB_TOKEN: ${{ inputs.github-token }} - SONAR_TOKEN: ${{ inputs.sonarq-token }} diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index e771f0af..4b7f9df7 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -8,24 +8,7 @@ on: - opened jobs: - label_issues: - runs-on: ubuntu-latest + label: + uses: cap-java/.github/.github/workflows/issue.yml@feat/centralized-actions-workflows permissions: issues: write - steps: - - run: gh issue edit "$NUMBER" --add-label "$LABELS" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - NUMBER: ${{ github.event.issue.number }} - LABELS: New - - - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `👋 Hello @${context.payload.issue.user.login}, thank you for submitting this issue. Our team is reviewing your report and will follow up with you as soon as possible.` - }) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6b9c082c..156529c1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,15 +20,17 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Scan With Black Duck - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main + uses: cap-java/.github/actions/scan-with-blackduck@feat/centralized-actions-workflows with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.attachments + included-modules: cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs scan_mode: FULL build-and-test: - uses: cap-java/cds-feature-attachments/.github/workflows/pipeline.yml@main + uses: ./.github/workflows/pipeline.yml permissions: contents: read security-events: write diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 0f49d49e..d76dff33 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -82,7 +82,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Bind CF Services - uses: cap-java/cds-feature-attachments/.github/actions/cf-bind@main + uses: ./.github/actions/cf-bind with: cf-api: ${{ secrets[format('CF_API_{0}', matrix.hyperscaler)] }} cf-username: ${{ secrets.CF_USERNAME }} @@ -92,7 +92,7 @@ jobs: auth-method: ${{ matrix.auth-method }} - name: Integration Tests - uses: cap-java/cds-feature-attachments/.github/actions/integration-tests@main + uses: ./.github/actions/integration-tests with: java-version: ${{ matrix.java-version }} maven-version: ${{ env.MAVEN_VERSION }} @@ -110,7 +110,7 @@ jobs: fetch-depth: 0 - name: Bind CF Services - uses: cap-java/cds-feature-attachments/.github/actions/cf-bind@main + uses: ./.github/actions/cf-bind with: cf-api: ${{ secrets.CF_API_AWS }} cf-username: ${{ secrets.CF_USERNAME }} @@ -120,12 +120,17 @@ jobs: auth-method: basic - name: SonarQube Scan - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-sonar@main + uses: cap-java/.github/actions/scan-with-sonar@feat/centralized-actions-workflows with: - java-version: 17 + java-version: '17' maven-version: ${{ env.MAVEN_VERSION }} sonarq-token: ${{ secrets.SONARQ_TOKEN }} github-token: ${{ secrets.GH_TOKEN }} + sonar-project-key: cds-feature-attachments + coverage-report-path: coverage-report/target/site/jacoco-aggregate/jacoco.xml + build-script: mvn clean verify -ntp -B -Dcds.install-node.skip + exclusions: '**/samples/**' + coverage-exclusions: 'cds-feature-attachments/src/test/**,cds-feature-attachments/src/gen/**,storage-targets/cds-feature-attachments-fs/src/test/**,storage-targets/cds-feature-attachments-oss/src/test/**' codeql: name: CodeQL Analysis (${{ matrix.language }}) @@ -145,8 +150,8 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: CodeQL Analysis - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-codeql@main + uses: cap-java/.github/actions/scan-with-codeql@feat/centralized-actions-workflows with: - java-version: 17 + java-version: '17' maven-version: ${{ env.MAVEN_VERSION }} language: ${{ matrix.language }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index c7157293..198ed921 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -14,5 +14,5 @@ on: jobs: build-and-test: - uses: cap-java/cds-feature-attachments/.github/workflows/pipeline.yml@main + uses: ./.github/workflows/pipeline.yml secrets: inherit diff --git a/.github/workflows/prevent-issue-labeling.yml b/.github/workflows/prevent-issue-labeling.yml index 6c350309..04fc28e9 100644 --- a/.github/workflows/prevent-issue-labeling.yml +++ b/.github/workflows/prevent-issue-labeling.yml @@ -7,19 +7,7 @@ on: types: [labeled] jobs: - remove_new_label: - runs-on: ubuntu-latest + guard: + uses: cap-java/.github/.github/workflows/prevent-issue-labeling.yml@feat/centralized-actions-workflows permissions: issues: write - steps: - - name: Remove "New" label if applied by non-bot user - if: > - contains(github.event.issue.labels.*.name, 'New') && - github.event.label.name == 'New' && - github.event.sender.login != 'github-actions[bot]' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - ISSUE_NUMBER: ${{ github.event.issue.number }} - run: | - gh issue edit "$ISSUE_NUMBER" --remove-label "New" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ccb6547e..46034de9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -70,11 +70,13 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Scan With Black Duck - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main + uses: cap-java/.github/actions/scan-with-blackduck@feat/centralized-actions-workflows with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.attachments + included-modules: cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs version: ${{ github.event.release.tag_name }} build: @@ -91,7 +93,7 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Build - uses: cap-java/cds-feature-attachments/.github/actions/build@main + uses: cap-java/.github/actions/build@feat/centralized-actions-workflows with: java-version: ${{ env.JAVA_VERSION }} maven-version: ${{ env.MAVEN_VERSION }} @@ -111,7 +113,7 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Deploy - uses: cap-java/cds-feature-attachments/.github/actions/deploy-release@main + uses: cap-java/.github/actions/deploy-release@feat/centralized-actions-workflows with: user: ${{ secrets.CENTRAL_REPOSITORY_USER }} password: ${{ secrets.CENTRAL_REPOSITORY_PASS }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 4feaa66f..7b0364ad 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -8,18 +8,8 @@ on: jobs: stale: - runs-on: ubuntu-latest + uses: cap-java/.github/.github/workflows/stale.yml@feat/centralized-actions-workflows permissions: actions: write issues: write pull-requests: write - steps: - - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10 - with: - close-issue-message: "This issue has been automatically closed due to 2 weeks of inactivity. If you believe this was a mistake, please reopen or comment to continue the discussion." - days-before-stale: -1 - days-before-issue-close: 14 - days-before-pr-close: -1 - stale-issue-label: "author action" - remove-issue-stale-when-updated: true - labels-to-remove-when-unstale: "author action"