Bump node-fetch from 2.6.1 to 2.6.7 in /.github/actions/test-action

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/actions/test-action/package-lock.json

@@ -156,11 +156,22 @@
       }
     },
     "node_modules/node-fetch": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
-      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==",
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
       "engines": {
         "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
       }
     },
     "node_modules/once": {
@@ -171,6 +182,11 @@
         "wrappy": "1"
       }
     },
+    "node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+    },
     "node_modules/tunnel": {
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
@@ -184,6 +200,20 @@
       "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
       "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
     },
+    "node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+    },
+    "node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -326,9 +356,12 @@
       "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
     },
     "node-fetch": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
-      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "requires": {
+        "whatwg-url": "^5.0.0"
+      }
     },
     "once": {
       "version": "1.4.0",
@@ -338,6 +371,11 @@
         "wrappy": "1"
       }
     },
+    "tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+    },
     "tunnel": {
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
@@ -348,6 +386,20 @@
       "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
       "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
     },
+    "webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+    },
+    "whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "requires": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",

.github/workflows/assign-milestones.js

@@ -0,0 +1,162 @@
+// get the project
+// check if the name matches a version x.y or x.y.z
+// created
+//   check that there is a corresponding milestone
+//   else create that milestone
+//   and assign the issue to the milestone
+// deleted
+//   get the issue
+//   if issue is not closed,
+//   remove issue from milestone, if any
+
+// an issue or PR actually becomes a card (or, a card is actually created...) when
+// it's move to a project column for the first time - being assigned to the project
+// and showing in project's backlog is not enough.
+
+module.exports = async ({github, context, core}) => {
+   
+    const restapi = github.rest
+
+    function last1(s) {
+        const pos = s.lastIndexOf('/')
+        return s.substring(pos + 1)
+    }
+
+    function last2(s) {
+        const pos1 = s.lastIndexOf('/')
+        const pos2 = s.lastIndexOf('/', pos1-1)
+        return [ s.substring(pos2 + 1, pos1), s.substring(pos1 + 1) ]
+    }
+
+    function firstOrDefault(items, predicate) {
+        for (const item of items) {
+            if (predicate(item)) {
+                return item
+            }
+        }
+        return null
+    }
+
+    // insanely enough, due to the total lack of documentation, this
+    // is the best way one can figure out what exactly we are getting
+    console.log(github)
+    console.log(context)
+    console.log(context.payload)
+
+    //console.log(`event: ${github.event_name}/${github.event.action}`)
+
+    // get and validate the event name
+    const eventName = context.eventName
+    if (eventName != 'project_card') {
+        return
+    }
+
+    // get and validate the event action
+    const eventAction = context.payload.action
+    if (eventAction != 'created' && eventAction != 'deleted') {
+        return
+    }
+
+    console.log(`event: ${eventName}/${eventAction}`)
+
+    const columnId = context.payload.project_card.column_id
+    const columnResponse = await restapi.projects.getColumn({
+        column_id: columnId
+    })
+    const column = columnResponse.data
+    console.log(column)
+
+    const projectId = last1(column.project_url)
+    const projectResponse = await restapi.projects.get({
+        project_id: projectId
+    });
+    const project = projectResponse.data
+    console.log(project)
+    const projectName = project.name
+
+    // -- when a card is deleted it cannot be fetched!
+    //const cardId = context.payload.project_card.id
+    //const cardResponse = await restapi.projects.getCard({
+    //    card_id: cardId
+    //})
+    //const card = cardResponse.data
+    //console.log(card)
+
+    //const [ itemType, itemNumber ] = last2(card.content_url)
+    const [ itemType, itemNumber ] = last2(context.payload.project_card.content_url)
+    const isIssue = itemType == 'issues'
+    const isPull = itemType == 'pulls'
+    if (!isIssue && !isPull) {
+        core.setFailed(`Unsupported item type ${itemType}`)
+        return
+    }
+    const itemApi = isIssue ? restapi.issues : restapi.pulls
+
+    var request = {
+        owner: context.repo.owner,
+        repo: context.repo.repo
+    }
+    request[isIssue ? 'issue_number' : 'pull_number'] = itemNumber
+    console.log(request)
+
+    const itemResponse = await itemApi.get(request)
+    const item = itemResponse.data
+    console.log(item)
+    const itemId = item.id
+    const itemMilestone = item.milestone
+    console.log(`item: ${itemType}/${itemId} milestone: ${itemMilestone == null ? '<none>' : itemMilestone}`)
+
+    if (eventAction == 'created') {
+        console.log('add or update milestone of issue/pull of created card')
+
+        const milestonesResponse = await restapi.issues.listMilestones({
+            owner: context.repo.owner,
+            repo: context.repo.repo
+        })
+        const milestones = milestonesResponse.data
+        console.log(milestones)
+        var milestone = firstOrDefault(milestones, (x) => x.title == projectName)
+
+        if (!milestone) {
+            console.log(`create milestone '${projectName}'`)
+            const milestoneResponse = await restapi.issues.createMilestone({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: projectName
+            })
+            milestone = milestoneResponse.data
+        }
+
+        const milestoneNumber = milestone.number
+
+        if (!item.milestone || item.milestone.number != milestoneNumber)
+        {
+            request = {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                milestone: milestoneNumber
+            }
+            request[isIssue ? 'issue_number' : 'pull_number'] = itemNumber
+            await itemApi.update(request)
+        }
+    }
+    else if (eventAction == 'deleted') {
+        if (itemMilestone) {
+            console.log('remove milestone from issue/pull of deleted card')
+            request = {
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            }
+            request[isIssue ? 'issue_number' : 'pull_number'] = itemNumber
+            request.milestone = null
+            await itemApi.update(request)
+        }
+        else {
+            console.log('deleted card had no milestone')
+        }
+    }
+    else {
+        console.log(`nothing to do for evet action ${eventAction}`)
+    }
+}
+

.github/workflows/assign-milestones.yml

@@ -0,0 +1,46 @@
+name: Assign Milestones
+on:
+  project_card:
+    # ignore: moved, converted, edited
+    types: [ created, deleted, moved ] # FIXME temp
+    
+jobs:
+  assign:
+    runs-on: ubuntu-latest
+    name: Assign
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Assign
+      uses: actions/github-script@v5
+      with:
+        github-token: ${{ secrets.MY_GITHUB_TOKEN_TESTREPO }}
+        script: |
+        
+            // see https://github.com/actions/github-script
+            //
+            // note: 'github' below is not the same as the yml-level 'github' context
+            //       see https://docs.github.com/en/actions/learn-github-actions/contexts
+            //       for yml contexts
+            //
+            // github    A pre-authenticated octokit/rest.js client with pagination plugins
+            //  .rest        The REST API (e.g. github.rest.issues.get(...) gets an issue)
+            //  .request
+            //  .paginate
+            //  .graphql
+            // context   An object containing the context of the workflow run
+            //           see https://github.com/actions/toolkit/blob/main/packages/github/src/context.ts
+            // core      A reference to the @actions/core package
+            // glob      A reference to the @actions/glob package
+            // io        A reference to the @actions/io package
+            // exec      A reference to the @actions/exec package
+            // require   A proxy wrapper around the normal Node.js require to enable requiring relative paths
+            //           (relative to the current working directory) + requiring npm packages installed in the
+            //           current working directory.
+
+            const script = require('./.github/workflows/assign-milestones.js')
+            await script({github, context, core})

.github/workflows/assign-to-project.yml

@@ -0,0 +1,137 @@
+name: Assign PRs to Project
+on:
+  #issues:
+  #  types: [ opened ]
+
+  #pull_request:
+  #  types: [ opened ]
+
+  # important to use pull_request_target here to run code from 'main' not the PR, 
+  # with access to PAT - and safe permission to make changes to the project
+  pull_request_target:
+    types: [ opened, labeled ]
+    
+# github-script: https://github.com/actions/github-script
+# -> points to github rest (octokit) reference doc
+
+# github PAT: https://github.com/settings/tokens
+# must have full repo access
+
+# FIXME how can I prevent a user from creating a PR and stealing my token?
+# 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    
+# curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ghp_..." https://api.github.com/projects/1/columns?owner=zpqrtbnk&repo=test-repo
+# curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ghp_..." https://api.github.com/projects/1/columns?owner=zpqrtbnk-alt&repo=test-repo-alt
+    
+jobs:
+  assign:
+    runs-on: ubuntu-latest
+    name: Assign
+    steps:
+    - name: Assign
+      uses: actions/github-script@v4
+      with:
+        github-token: ${{ secrets.MY_GITHUB_TOKEN_TESTREPO }}
+        script: |
+            //const project_name = 'The API Team Board'
+            //const column_name = 'Drafting'
+            
+            const project_name = 'test-project'
+            const column_name = 'To do'
+            
+            function firstOrDefault(items, predicate) {
+                for (const item of items) {
+                    if (predicate(item)) {
+                        return item
+                    }
+                }
+                return null
+            }
+            
+            // find the project
+            console.log('find project...')
+            const projects = await github.projects.listForRepo({
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            })
+            console.log(`retrieved ${projects.data.length} projects.`)
+            const project = firstOrDefault(projects.data, (x) => x.name === project_name)
+            if (!project) {
+                core.setFailed(`Failed to find project "${project_name}".`)
+                return
+            }
+            else {
+                console.log(`project '${project_name}' id: ${project.id}.`)
+            }
+
+            // find the column
+            console.log('find column...')
+            const columns = await github.projects.listColumns({
+                project_id: project.id
+            })
+            console.log(`retrieved ${columns.data.length} columns.`)
+            const column = firstOrDefault(columns.data, (x) => x.name === column_name)
+            if (!column) {
+                core.setFailed(`Failed to find column "${column_name}" in project ${project.name}.`)
+                return
+            }
+            else {
+                console.log(`column '${column_name}' id: ${column.id}.`)
+            }
+            
+            // determine content type
+            console.log('determine content type...')
+            const event_name = context.eventName
+            var content_type = null
+            var item_number = null
+            var item_id = null
+            if (event_name === 'issues') {
+                content_type = 'Issue'
+                // temp!
+                core.setFailed(`Unsupported: issue.`)
+                return
+                item_number = context.issue.number
+                item_id = context.issue.id
+            }
+            if (event_name === 'pull_request' || event_name === 'pull_request_target') {
+                content_type = 'PullRequest'
+                item_number = context.payload.pull_request.number
+                item_id = context.payload.pull_request.id
+            }
+            if (!content_type) {
+                core.setFailed(`Unexpected event name "${event_name}".`)
+                return
+            }
+            else {
+                console.log(`content type: ${content_type}.`)
+            }
+            
+            // get the item
+            console.log('get the item...')
+            const item = await github.issues.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: item_number
+            })
+            if (!item) {
+                core.setFailed(`Failed to get item ${item_number}.`)
+                return
+            }
+            else {                
+                console.log(`${content_type} #${context.issue.number} id: ${item.data.id}.`)
+                if (item_id === item.data.id) {
+                    console.log(`item_id: ${item_id}`)
+                }
+                else {
+                    console.log(`but 'context.payload' provides item_id: ${item_id} and meh?`)
+                }
+            }
+                        
+            console.log('create the card...')
+            console.log(`in column ${column.id} for item ${item_id} of type ${content_type}`)
+            await github.projects.createCard({
+                column_id: column.id,
+                //note:,
+                content_id: item_id,
+                content_type: content_type
+            })
+            console.log('created')

.github/workflows/manual-thingy.yml

@@ -1,19 +0,0 @@
-name: Manually Do Something
-on: workflow_dispatch
-jobs:
-  job:
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/heads/release/')
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-    - name: Do Something
-      run: |
-        version="${${{ github.ref }}:19}" # trim starting 'refs/heads/release/' (19 chars)
-        echo "Tag ref ${{ github.ref }} as v$version"
-        git tag v$version
-        git config user.email "github-actions@zpqrtbnk.net"
-        git config user.name "GitHub Actions (Do Something)"
-        git push --tags

.github/workflows/publish-release.js

@@ -0,0 +1,15 @@
+module.exports = async ({github, context, core}) => {
+   
+    const restapi = github.rest
+
+    function firstOrDefault(items, predicate) {
+        for (const item of items) {
+            if (predicate(item)) {
+                return item
+            }
+        }
+        return null
+    }
+    
+    console.log("script")
+}

.github/workflows/publish-release.yml

@@ -0,0 +1,14 @@
+name: Publish Release
+on: workflow_dispatch
+jobs:
+  job:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/release/') # 19 leading chars
+    steps:
+    
+    - name: Validate the release
+      uses: actions/github-script@v5
+      with:
+        script: |
+          const script = require('./.github/workflows/publish-release.js')
+          console.log(script)

dan.txt

@@ -1,3 +0,0 @@
-this is a new file only in my branch
-
-changing something that won't conflict in master

duh.txt

@@ -1 +0,0 @@
-duh

e.txt

@@ -1,3 +0,0 @@
-e
-
-MiNor Change

foo.txt

@@ -1 +0,0 @@
-foo

test.txt

@@ -0,0 +1 @@
+test