{
  "Version": "2012-10-17",
  "Statement": [
{{- range $i, $statement := .statements }}
    {
      "Effect": "{{ $statement.effect | default "Allow" }}",
      "Action": [
"{{ $statement.actions | join "\",\n\"" }}"
      ]{{ if $statement.resources }},
      "Resource": [
"{{ $statement.resources | join "\",\n\"" }}"
      ]{{ end }}
{{- if $statement.conditions }}

# proto-file: devtools/build_cleaner/proto/actions.proto
# proto-message: ActionSpecs

# Python rules should not have more than one source file.
action_spec {
  action: CHECK_FILE_COUNT
  file_count_params {
    rule_selector {
      rule_kind_regex: "^.*py(type)?(_strict)?_(binary|library|test).*$"
      generator_function_regex: "^(?!boq_header)$"
    }
    max_source_count: 1
  }

# limitations under the License.
# ============================================================================
version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: monthly
    groups:
      github-actions:
        patterns:
          - "*"

  - package-ecosystem: docker
    directory: /ci/devinfra/docker_windows
    schedule:
      interval: monthly
    ignore:

on:
  pull_request:
    branches:
      - master

permissions:
  contents: read
    
jobs:
  build:
    name: runner / shfmt
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: luizm/action-sh-checker@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SHFMT_OPTS: "-s"
        with:

    name: runner / golangci-lint
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: golangci-lint
        uses: reviewdog/action-golangci-lint@v2

      - name: Setup reviewdog
        uses: reviewdog/action-setup@v1

      - name: gofumpt -s with reviewdog
        env:
          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - unlabeled

jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v5
      if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }}
    - run: echo "Done adding labels"
  # Run this after labeler applied labels
  check-labels:
    needs:
      - labeler
    permissions:

on: [push, pull_request]

permissions:
  contents: read

jobs:
  validation:
    name: "Validation"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    types: [opened, edited, reopened]

jobs:
  triage:
    runs-on: ubuntu-latest
    name: Label issues and pull requests
    steps:
      - name: check out
        uses: actions/checkout@v4

      - name: labeler
        uses: jinzhu/super-labeler-action@develop
        with:

      matrix:
        os: [ubuntu-latest, windows-latest]
        java: [17, 21]
      fail-fast: false

    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false

      - uses: actions/setup-java@v4
        with:
          java-version: ${{ matrix.java }}
          distribution: 'temurin'
          cache: 'maven'

      - name: Set up Maven

on:
  pull_request_target:
  issues:
    types:
      - opened
      - reopened

jobs:
  add-to-project:
    name: Add to project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v1.0.2
        with:
          project-url: https://github.com/orgs/fastapi/projects/2