name: Java CI with Maven

on:
  push:
    branches:
    - master
    - "*.x"
  pull_request:
    branches:
    - master
    - "*.x"

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 17
      uses: actions/setup-java@v2
      with:
        java-version: '17'

name: 'Requeue stale team-triage items'
on:
  schedule:
    # Execute every day at 00:05 to avoid conflicts with other workflows
    - cron: '5 0 * * *'

permissions: {}

jobs:
  requeue:
    permissions:
      issues: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v9
        with:
          operations-per-run: 50
          remove-stale-when-updated: false

name: Publish

on:
  release:
    types:
      - created

jobs:
  publish:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        package:
          - fastapi
          - fastapi-slim
    permissions:
      id-token: write
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4

name: IDE Experience team notifier
run-name: Notify the IDE Experience team about new RCs for manual testing
on:
  push:
    tags:
      - 'v*.*.*-RC1'

permissions: {}

jobs:
  send-slack-notification:
    runs-on: ubuntu-latest
    steps:
      - name: Send Slack notification about new RCs for manual testing
        id: slack
        uses: slackapi/slack-github-action@v1.23.0
        with:
          payload: |
            {

  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_docs:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'documentation')

name: "CodeQL"

on:
  push:
    branches:
    - master
    - "*.x"
  pull_request:
    branches:
    - master
    - "*.x"
  workflow_dispatch:

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    timeout-minutes: 20

    strategy:
      fail-fast: false
      matrix:
        language: ['java', 'javascript']

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

on:
  schedule:
    - cron: "10 3 * * *"
  issue_comment:
    types:
      - created
  issues:
    types:
      - labeled
  pull_request_target:
    types:
      - labeled
  workflow_dispatch:

jobs:
  issue-manager:
    if: github.repository_owner == 'tiangolo'
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}

name: Mint Tests

on:
  pull_request:
    branches:
      - master
      - next

# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  mint-test:
    runs-on: mint
    timeout-minutes: 120
    steps:

name: Label Approved

on:
  schedule:
    - cron: "0 12 * * *"
  workflow_dispatch:

jobs:
  label-approved:
    if: github.repository_owner == 'tiangolo'
    runs-on: ubuntu-latest
    steps:
    - name: Dump GitHub context
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
      run: echo "$GITHUB_CONTEXT"
    - uses: docker://tiangolo/label-approved:0.0.4
      with:
        token: ${{ secrets.FASTAPI_LABEL_APPROVED }}

name: VulnCheck
on:
  pull_request:
    branches:
      - master

  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with: