{
  "Version": "2012-10-17",
  "Statement": [
{{- range $i, $statement := .statements }}
    {
      "Effect": "{{ $statement.effect | default "Allow" }}",
      "Action": [
"{{ $statement.actions | join "\",\n\"" }}"
      ]{{ if $statement.resources }},
      "Resource": [
"{{ $statement.resources | join "\",\n\"" }}"
      ]{{ end }}
{{- if $statement.conditions }}

permissions:
  contents: read

jobs:
  build:
    name: PyLint
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
    - name: Get file changes
      id: get_file_changes
      uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b # v1.2.4
      with:
        output: ' '
    - name: Report list of changed files
      run: |

    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        go-version: [1.24.x]
        os: [ubuntu-latest]

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
          check-latest: true
      - name: Start upgrade tests
        run: |

## Key Patterns

### Actions (Controllers)
- Located in `app.web.*` or `app.web.admin.*`
- Methods with `@Execute` are web endpoints
- DI via `@Resource` annotation
- `HtmlResponse` for JSP, `JsonResponse` for APIs

### Services
- Business logic in `app.service.*`
- Injected into Actions
- Use behavior classes to access OpenSearch

### Helpers

    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        go-version: [1.24.x]
        os: [ubuntu-latest]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
          check-latest: true
      - name: Build on ${{ matrix.os }}
        if: matrix.os == 'ubuntu-latest'
        env:

      - unlabeled

jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v6
      if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }}
    - run: echo "Done adding labels"
  # Run this after labeler applied labels
  check-labels:
    needs:
      - labeler
    permissions:

    types: [opened, edited, reopened]

jobs:
  triage:
    runs-on: ubuntu-latest
    name: Label issues and pull requests
    steps:
      - name: check out
        uses: actions/checkout@v4

      - name: labeler
        uses: jinzhu/super-labeler-action@develop
        with:

# limitations under the License.
# ============================================================================
version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: monthly
    groups:
      github-actions:
        patterns:
          - "*"

  - package-ecosystem: docker
    directory: /ci/devinfra/docker_windows
    schedule:
      interval: monthly
    ignore:

permissions: {}

jobs:
  check-links:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Check links
        uses: lycheeverse/lychee-action@v2.7.0
        with:
          # excluded:
          # - notes.md and notes-templates.md - because they are a part of user guide

on:
  pull_request_target:
  issues:
    types:
      - opened
      - reopened

jobs:
  add-to-project:
    name: Add to project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v1.0.2
        with:
          project-url: https://github.com/orgs/fastapi/projects/2