chore: merge branch 'master-github-upstream' into next

.all-contributorsrc

@@ -907,6 +907,37 @@
         "doc",
         "bug"
       ]
+    },
+    {
+      "login": "AkhilJ321",
+      "name": "Akhil Jamwal",
+      "avatar_url": "https://avatars.githubusercontent.com/u/98508374?v=4",
+      "profile": "https://github.com/AkhilJ321",
+      "contributions": [
+        "code",
+        "test"
+      ]
+    },
+    {
+      "login": "ahem",
+      "name": "Anders Hellerup Madsen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/163283?v=4",
+      "profile": "https://github.com/ahem",
+      "contributions": [
+        "code",
+        "test",
+        "bug"
+      ]
+    },
+    {
+      "login": "rquinio1A",
+      "name": "rquinio1A",
+      "avatar_url": "https://avatars.githubusercontent.com/u/58322910?v=4",
+      "profile": "https://github.com/rquinio1A",
+      "contributions": [
+        "code",
+        "example"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.github/workflows/automerge-for-humans-add-ready-to-merge-or-do-not-merge-label.yml

@@ -59,7 +59,9 @@ jobs:
                 body: `Hello, @${{ github.actor }}! 👋🏼
                        This PR is not up to date with the base branch and can't be merged.
                        Please update your branch manually with the latest version of the base branch.
-                       PRO-TIP: Add a comment to your PR with the text: \`/au\` or \`/autoupdate\` and our bot will take care of updating the branch in the future. The only requirement for this to work is to enable [Allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) option in your PR.
+                       PRO-TIP: To request an update from the upstream branch, simply comment \`/u\` or \`/update\` and our bot will handle the update operation promptly.
+                       
+                       The only requirement for this to work is to enable [Allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) option in your PR. Also the update will not work if your fork is located in an organization, not under your personal profile.
                        Thanks 😄`
               })
             }

.github/workflows/autoupdate.yml

@@ -1,34 +1,34 @@
-# This action is centrally managed in https://github.com/asyncapi/.github/
-# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
-
-# This workflow is designed to work with:
-# - autoapprove and automerge workflows for dependabot and asyncapibot.
-# - special release branches that we from time to time create in upstream repos. If we open up PRs for them from the very beginning of the release, the release branch will constantly update with new things from the destination branch they are opened against
-
-# It uses GitHub Action that auto-updates pull requests branches, whenever changes are pushed to their destination branch.
-# Autoupdating to latest destination branch works only in the context of upstream repo and not forks
-
-name: autoupdate
-
-on:
-  push:
-    branches-ignore:  
-      - 'version-bump/**'
-      - 'dependabot/**'
-      - 'bot/**'
-      - 'all-contributors/**'
-
-jobs:
-  autoupdate-for-bot:
-    if: startsWith(github.repository, 'asyncapi/')
-    name: Autoupdate autoapproved PR created in the upstream
-    runs-on: ubuntu-latest
-    steps:
-      - name: Autoupdating
-        uses: docker://chinthakagodawita/autoupdate-action:v1
-        env:
-          GITHUB_TOKEN: '${{ secrets.GH_TOKEN_BOT_EVE }}'
-          PR_FILTER: "labelled"
-          PR_LABELS: "autoupdate"
-          PR_READY_STATE: "ready_for_review"
-          MERGE_CONFLICT_ACTION: "ignore"
+# This action is centrally managed in https://github.com/asyncapi/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
+
+# This workflow is designed to work with:
+# - autoapprove and automerge workflows for dependabot and asyncapibot.
+# - special release branches that we from time to time create in upstream repos. If we open up PRs for them from the very beginning of the release, the release branch will constantly update with new things from the destination branch they are opened against
+
+# It uses GitHub Action that auto-updates pull requests branches, whenever changes are pushed to their destination branch.
+# Autoupdating to latest destination branch works only in the context of upstream repo and not forks
+
+name: autoupdate
+
+on:
+  push:
+    branches-ignore:  
+      - 'version-bump/**'
+      - 'dependabot/**'
+      - 'bot/**'
+      - 'all-contributors/**'
+
+jobs:
+  autoupdate-for-bot:
+    if: startsWith(github.repository, 'asyncapi/')
+    name: Autoupdate autoapproved PR created in the upstream
+    runs-on: ubuntu-latest
+    steps:
+      - name: Autoupdating
+        uses: docker://chinthakagodawita/autoupdate-action:v1
+        env:
+          GITHUB_TOKEN: '${{ secrets.GH_TOKEN_BOT_EVE }}'
+          PR_FILTER: "labelled"
+          PR_LABELS: "autoupdate"
+          PR_READY_STATE: "ready_for_review"
+          MERGE_CONFLICT_ACTION: "ignore"

.github/workflows/bounty-program-commands.yml

@@ -0,0 +1,90 @@
+# This workflow is centrally managed at https://github.com/asyncapi/.github/
+# Don't make changes to this file in this repository, as they will be overwritten with
+# changes made to the same file in the abovementioned repository.
+
+# The purpose of this workflow is to allow Bounty Team members
+# (https://github.com/orgs/asyncapi/teams/bounty_team) to issue commands to the
+# organization's global AsyncAPI bot related to the Bounty Program, while at the
+# same time preventing unauthorized users from misusing them.
+
+name: Bounty Program commands
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  guard-against-unauthorized-use:
+    if: >
+      github.actor != ('aeworxet' || 'thulieblack') &&
+      (
+        contains(github.event.comment.body, '/bounty' )
+      )
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command
+        uses: actions/github-script@v6
+
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const commentText = `❌ @${{github.actor}} is not authorized to use the Bounty Program's commands.
+            These commands can only be used by members of the [Bounty Team](https://github.com/orgs/asyncapi/teams/bounty_team).`;
+
+            console.log(`❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command.`);
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: commentText
+              })
+
+  add-label-bounty:
+    if: >
+      github.actor == ('aeworxet' || 'thulieblack') &&
+      (
+        contains(github.event.comment.body, '/bounty' )
+      )
+
+    runs-on: ubuntu-latest
+    env:
+      BOUNTY_PROGRAM_LABELS_JSON: |
+        [
+          {"name": "bounty", "color": "0e8a16", "description": "Participation in the Bounty Program"}
+        ]
+
+    steps:
+      - name: Add label `bounty`
+        uses: actions/github-script@v6
+
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const BOUNTY_PROGRAM_LABELS = JSON.parse(process.env.BOUNTY_PROGRAM_LABELS_JSON);
+            let LIST_OF_LABELS_FOR_REPO = await github.rest.issues.listLabelsForRepo({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                });
+                
+            LIST_OF_LABELS_FOR_REPO = LIST_OF_LABELS_FOR_REPO.data.map(key => key.name);
+
+            if (!LIST_OF_LABELS_FOR_REPO.includes(BOUNTY_PROGRAM_LABELS[0].name)) {
+              await github.rest.issues.createLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                name: BOUNTY_PROGRAM_LABELS[0].name,
+                color: BOUNTY_PROGRAM_LABELS[0].color,
+                description: BOUNTY_PROGRAM_LABELS[0].description
+              });
+            }
+
+            console.log('Adding label `bounty`...');
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: [BOUNTY_PROGRAM_LABELS[0].name]
+            })

.github/workflows/bump.yml

@@ -26,9 +26,10 @@ jobs:
         run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
       - if: steps.packagejson.outputs.exists == 'true'
         name: Bumping latest version of this package in other repositories
-        uses: derberg/npm-dependency-manager-for-your-github-org@26a4f13d740254719971325046822a169aaa7441 # using v5.-.- https://github.com/derberg/npm-dependency-manager-for-your-github-org/releases/tag/v5.0.0
+        uses: derberg/npm-dependency-manager-for-your-github-org@1eafd3bf3974f21d395c1abac855cb04b295d570 # using v6.-.- https://github.com/derberg/npm-dependency-manager-for-your-github-org/releases/tag/v6
         with:
           github_token: ${{ secrets.GH_TOKEN }}
           committer_username: asyncapi-bot
           committer_email: info@asyncapi.io
-          repos_to_ignore: html-template # this is temporary until react component releases 1.0, then it can be removed
+          repos_to_ignore: spec,bindings,saunter,server-api
+          custom_id: "dependency update from asyncapi bot"

.github/workflows/help-command.yml

@@ -31,9 +31,11 @@ jobs:
         
                     At the moment the following comments are supported in pull requests:
 
+                    - \`/please-take-a-look\` or \`/ptal\` - This comment will add a comment to the PR asking for attention from the reviewrs who have not reviewed the PR yet.
                     - \`/ready-to-merge\` or \`/rtm\` - This comment will trigger automerge of PR in case all required checks are green, approvals in place and do-not-merge label is not added
                     - \`/do-not-merge\` or \`/dnm\` - This comment will block automerging even if all conditions are met and ready-to-merge label is added
-                    - \`/autoupdate\` or \`/au\` - This comment will add \`autoupdate\` label to the PR and keeps your PR up-to-date to the target branch's future changes. Unless there is a merge conflict or it is a draft PR.`
+                    - \`/autoupdate\` or \`/au\` - This comment will add \`autoupdate\` label to the PR and keeps your PR up-to-date to the target branch's future changes. Unless there is a merge conflict or it is a draft PR. (Currently only works for upstream branches.)
+                    - \`/update\` or \`/u\` - This comment will update the PR with the latest changes from the target branch. Unless there is a merge conflict or it is a draft PR. NOTE: this only updates the PR once, so if you need to update again, you need to call the command again.`
             })
 
   create_help_comment_issue:

.github/workflows/if-nodejs-release.yml

@@ -15,7 +15,6 @@ on:
       - next-major-spec
       - beta
       - alpha
-      - next
 
 jobs:
 
@@ -39,8 +38,9 @@ jobs:
         run: |
           git config --global core.autocrlf false
           git config --global core.eol lf
+        shell: bash
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check if Node.js project and has package.json
         id: packagejson
         run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
@@ -51,14 +51,18 @@ jobs:
         id: lockversion
       - if: steps.packagejson.outputs.exists == 'true'
         name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: "${{ steps.lockversion.outputs.version }}"
-          cache: 'npm'
-          cache-dependency-path: '**/package-lock.json'
+      - if: steps.lockversion.outputs.version == '18' && matrix.os == 'windows-latest'
+        name: Install npm cli 8
+        shell: bash
+        #npm cli 10 is buggy because of some cache issues
+        run: npm install -g npm@8.19.4
       - if: steps.packagejson.outputs.exists == 'true'
         name: Install dependencies
-        run: npm install
+        shell: bash
+        run: npm ci
       - if: steps.packagejson.outputs.exists == 'true'
         name: Run test
         run: npm test --if-present
@@ -82,24 +86,24 @@ jobs:
           git config --global core.autocrlf false
           git config --global core.eol lf
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check if Node.js project and has package.json
         id: packagejson
         run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
+        shell: bash
       - if: steps.packagejson.outputs.exists == 'true'
         name: Check package-lock version
         uses: asyncapi/.github/.github/actions/get-node-version-from-package-lock@master
         id: lockversion
       - if: steps.packagejson.outputs.exists == 'true'
         name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: "${{ steps.lockversion.outputs.version }}"
-          cache: 'npm'
-          cache-dependency-path: '**/package-lock.json'
       - if: steps.packagejson.outputs.exists == 'true'
         name: Install dependencies
-        run: npm install
+        shell: bash
+        run: npm ci
       - if: steps.packagejson.outputs.exists == 'true'
         name: Add plugin for conventional commits for semantic-release
         run: npm install --save-dev conventional-changelog-conventionalcommits@5.0.0
@@ -124,4 +128,4 @@ jobs:
           fields: repo,action,workflow
           text: 'Release workflow failed in release job'
         env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CI_FAIL_NOTIFY }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CI_FAIL_NOTIFY }}

.github/workflows/if-nodejs-version-bump.yml

@@ -37,7 +37,7 @@ jobs:
           cache-dependency-path: '**/package-lock.json'
       - if: steps.packagejson.outputs.exists == 'true'
         name: Install dependencies
-        run: npm install
+        run: npm ci
       - if: steps.packagejson.outputs.exists == 'true'
         name: Assets generation
         run: npm run generate:assets --if-present

.github/workflows/please-take-a-look-command.yml

@@ -0,0 +1,54 @@
+# This action is centrally managed in https://github.com/asyncapi/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
+
+# It uses Github actions to listen for comments on issues and pull requests and 
+# if the comment contains /please-take-a-look or /ptal it will add a comment pinging 
+# the code-owners who are reviewers for PR
+
+name: Please take a Look
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  ping-for-attention:
+    if: >
+      github.event.issue.pull_request &&
+      github.event.issue.state != 'closed' &&
+      github.actor != 'asyncapi-bot' &&
+      (
+        contains(github.event.comment.body, '/please-take-a-look') ||
+        contains(github.event.comment.body, '/ptal') ||
+        contains(github.event.comment.body, '/PTAL') 
+      )
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for Please Take a Look Command
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const prDetailsUrl = context.payload.issue.pull_request.url;
+            const { data: pull } = await github.request(prDetailsUrl);
+            const reviewers = pull.requested_reviewers.map(reviewer => reviewer.login);
+
+            const { data: reviews } = await github.rest.pulls.listReviews({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number
+            });
+
+            const reviewersWhoHaveReviewed = reviews.map(review => review.user.login);
+
+            const reviewersWhoHaveNotReviewed = reviewers.filter(reviewer => !reviewersWhoHaveReviewed.includes(reviewer));
+
+            if (reviewersWhoHaveNotReviewed.length > 0) {
+              const comment = reviewersWhoHaveNotReviewed.filter(reviewer => reviewer !== 'asyncapi-bot-eve' ).map(reviewer => `@${reviewer}`).join(' ');
+              await github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: `${comment} Please take a look at this PR. Thanks! :wave:`
+              });
+            }