From 7408e577007a552bfef88a46d48b53ed26df5656 Mon Sep 17 00:00:00 2001
From: Christopher Swenson <swenson@swenson.io>
Date: Tue, 9 Aug 2022 14:52:07 -0700
Subject: [PATCH] Add Open Source project workflow (#16653)

Add Open Source project workflow

This will help us triage open source issues into our various internal
project boards.

I tested this on a separate repo, and it seems to work.
---
 .github/workflows/oss.yml | 126 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100644 .github/workflows/oss.yml

diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml
new file mode 100644
index 0000000000..311d0f1e9e
--- /dev/null
+++ b/.github/workflows/oss.yml
@@ -0,0 +1,126 @@
+# Open Source Community Workflows
+
+name: Project triage
+on:
+  pull_request:
+    types: [opened, reopened]
+    # Runs on PRs to main
+    branches:
+      - main
+
+  issues:
+    types: [opened, reopened]
+
+jobs:
+  add-to-projects:
+    # exclude internal PRs
+    if: github.event.pull_request.head.repo.owner.login != 'hashicorp' && ((github.event.action == 'reopened') || (github.event.action == 'opened'))
+    name: Add issue or PR to projects
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          # derived from CODEOWNERS
+          filters: |
+            cryptosec:
+              - 'builtin/logical/pki/**'
+              - 'builtin/logical/ssh/**'
+              - 'builtin/logical/totp/**'
+              - 'builtin/logical/transit/**'
+            ecosystem:
+              - 'builtin/credential/aws/**'
+              - 'builtin/credential/github/**'
+              - 'builtin/credential/ldap/**'
+              - 'builtin/credential/okta/**'
+              - 'builtin/logical/aws/**'
+              - 'builtin/logical/cassandra/**'
+              - 'builtin/logical/consul/**'
+              - 'builtin/logical/database/**'
+              - 'builtin/logical/mongodb/**'
+              - 'builtin/logical/mssql/**'
+              - 'builtin/logical/mysql/**'
+              - 'builtin/logical/nomad/**'
+              - 'builtin/logical/postgresql/**'
+              - 'builtin/logical/rabbitmq/**'
+              - 'command/agent/**'
+              - 'plugins/**'
+              - 'vault/plugin_catalog.go'
+              - 'ui/app/components/auth-jwt.js'
+              - 'ui/app/routes/vault/cluster/oidc-*.js'
+            devex:
+              - 'api/**'
+              - 'command/**'
+            ui:
+              - 'ui/**'
+
+      - name: "Default to core board"
+        run: echo "PROJECT=170" >> $GITHUB_ENV
+      - if: steps.changes.outputs.cryptosec == 'true'
+        run: echo "PROJECT=172" >> $GITHUB_ENV
+      - if: steps.changes.outputs.ecosystem == 'true'
+        run: echo "PROJECT=169" >> $GITHUB_ENV
+      - if: steps.changes.outputs.devex == 'true'
+        run: echo "PROJECT=176" >> $GITHUB_ENV
+      - if: steps.changes.outputs.ui == 'true'
+        run: echo "PROJECT=171" >> $GITHUB_ENV
+
+      - uses: actions/add-to-project@v0.3.0
+        with:
+          project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }}
+          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
+  # example of something more complicated: deleting an issue or PR automatically (though this is done in the project workflows already)
+  # we have to use the GraphQL API for anything involving projects.
+  #
+  # get-project:
+  #   name: Get project data
+  #   runs-on: ubuntu-latest
+  #   if: github.event.action == 'closed' || github.event.action == 'deleted'
+  #   outputs:
+  #     project_id: ${{ steps.get-project.outputs.project_id }}
+  #   steps:
+  #     - id: get-project
+  #       name: Get project data
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+  #         ORGANIZATION: hashicorp
+  #         PROJECT_NUMBER: 169
+  #       run: |
+  #         gh api graphql -f query='
+  #           query($org: String!, $number: Int!) {
+  #             organization(login: $org){
+  #               projectV2(number: $number) {
+  #                 id
+  #               }
+  #             }
+  #           }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
+  #         echo "::set-output name=project_id::$(jq '.data.organization.projectV2.id' project_data.json)"
+
+  # delete-from-project:
+  #   name: Remove issue or PR from project
+  #   needs: [get-project]
+  #   if: github.event.action == 'closed' || github.event.action == 'deleted'
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Remove issue or PR
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+  #       run: |
+  #         PROJECT_ID=${{ needs.get-project.outputs.project_id }}
+  #         item_id=${{ github.event.issue.node_id }}
+  #         if [ -z "$item_id" ]; then
+  #           item_id=${{ github.event.pull_request.node_id }}
+  #         fi
+  #         gh api graphql -f query='
+  #           mutation($project_id: ID!, $item_id: ID!) {
+  #             deleteProjectV2Item(
+  #               input: {
+  #                 projectId: $project_id
+  #                 itemId: $item_id
+  #               }
+  #             ) {
+  #               deletedItemId
+  #             }
+  #           }' -f project_id=$PROJECT_ID -f item_id=$item_id || true
\ No newline at end of file