expStr := strconv.FormatInt(time.Now().Add(time.Hour).Unix(), 10)
	claims := `{"iss": "` + server.URL + `", "aud": ["baz.svc.id.goog"], "sub": "system:serviceaccount:bar:foo", "exp": ` + expStr + `}`
	token, err := generateJWT(&key, []byte(claims))
	if err != nil {
		t.Fatalf("failed to generate JWT: %v", err)
	}
	// Create an expired JWT token
	expiredStr := strconv.FormatInt(time.Now().Add(-time.Hour).Unix(), 10)

        triggers {
            vcs {
                branchFilter = "+:master"
                enabled = enableTriggers
            }
            schedule {
                schedulingPolicy = daily {
                    hour = 3
                }
                branchFilter = "+:master"
                triggerBuild = always()
                withPendingChangesOnly = false
                enabled = enableTriggers
            }
        }

	return &s3Error{
		code:       "EvaluatorTimestampFormatPatternHourClockAmPmMismatch",
		message:    "Time stamp format pattern contains a 12-hour hour of day format symbol but doesn't also contain an AM/PM field, or it contains a 24-hour hour of day format specifier and contains an AM/PM field in the SQL expression.",
		statusCode: 400,
		cause:      err,
	}
}

name: 'Close stale PRs'
on:
  schedule:
    # Execute every hour at xx:05 to avoid conflicts with other workflows
    - cron: '5 * * * *'

permissions: {}

jobs:
  stale:
    permissions:
      pull-requests: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v9
        with:
          operations-per-run: 50
          ascending: true
          exempt-all-milestones: true

			cert.NotAfter, now)
	}
	// Note: multiply time.Duration(int64) by an int (gracePeriodPercentage) will cause overflow (e.g.,
	// when duration is time.Hour * 90000). So float64 is used instead.
	gracePeriod := time.Duration(float64(cert.NotAfter.Sub(cert.NotBefore)) * (float64(cu.gracePeriodPercentage) / 100))
	// waitTime is the duration between now and the grace period starts.

	if err := os.WriteFile(filepath.Join(fn), []byte("  package main"), 0o400); err != nil {
		t.Fatal(err)
	}

	// Set mtime of the file in the past.
	past := time.Now().Add(-time.Hour)
	if err := os.Chtimes(fn, past, past); err != nil {
		t.Fatal(err)
	}

	info, err := os.Stat(fn)
	if err != nil {
		t.Fatal(err)
	}

	defer func() { *write = false }()
	*write = true

func getDefaultSelfSignedIstioCAOptions(fclient *fake.Clientset) *IstioCAOptions {
	caCertTTL := time.Hour
	defaultCertTTL := 30 * time.Minute
	maxCertTTL := time.Hour
	org := "test.ca.Org"
	client := fake.NewSimpleClientset().CoreV1()
	if fclient != nil {
		client = fclient.CoreV1()
	}
	rootCertFile := ""
	rootCertCheckInverval := time.Hour
	rsaKeySize := 2048

	caopts, _ := NewSelfSignedIstioCAOptions(context.Background(),

}

// DateMicro returns the MicroTime corresponding to the supplied parameters
// by wrapping time.Date.
func DateMicro(year int, month time.Month, day, hour, min, sec, nsec int, loc *time.Location) MicroTime {
	return MicroTime{time.Date(year, month, day, hour, min, sec, nsec, loc)}
}

// NowMicro returns the current local time.
func NowMicro() MicroTime {
	return MicroTime{time.Now()}
}

	buf[4] = '-'
	buf[5] = byte((month)/10) + '0'
	buf[6] = byte((month)%10) + '0'
	buf[7] = '-'
	buf[8] = byte((day)/10) + '0'
	buf[9] = byte((day)%10) + '0'
	buf[10] = 'T'
	buf[11] = byte((hour)/10) + '0'
	buf[12] = byte((hour)%10) + '0'
	buf[13] = ':'
	buf[14] = byte((minute)/10) + '0'
	buf[15] = byte((minute)%10) + '0'
	buf[16] = ':'
	buf[17] = byte((second)/10) + '0'
	buf[18] = byte((second)%10) + '0'

)

const (
	// Define the root path for signer to store CA and private key files.
	signerRoot = "/tmp/pki/signer/"

	// The duration of the signed certificates
	certificateDuration = 1 * time.Hour
)

type SignerRootCert struct {
	Signer   string
	Rootcert string
}

func RunCSRController(signerNames string, stop <-chan struct{}, clients []kube.Client) ([]SignerRootCert, error) {