# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: Creates a GitHub Issue when a PR Rolled back via Commit to Master
on:
  push:
    branches:
      - master
      
permissions: {}

jobs:
  create-issue-on-pr-rollback:
    runs-on: ubuntu-latest

name: Check closed issue release notes

on:
  issues:
    types: [ closed ]

permissions: {}

jobs:
  check_release_notes:
    permissions:
      issues: write
    runs-on: ubuntu-latest
    steps:
      # Check that release-note-worthy issues have a PR with release notes attached

name: 'Auto Assign PR to Author'
on:
  pull_request:
    types: [opened]

permissions: {}

jobs:
  add-reviews:
    permissions:
      contents: read  # for kentaro-m/auto-assign-action to fetch config file
      pull-requests: write  # for kentaro-m/auto-assign-action to assign PR reviewers
    runs-on: ubuntu-latest
    steps:

name: Check pulls metadata

on:
  pull_request_target:
    types: [ closed, unlabeled, milestoned, demilestoned ]

permissions: {}

jobs:
  check_pull_metadata:
    permissions:
      issues: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      # Check that PRs have proper metadata: labels and milestone
      # https://github.com/gradle/issue-management-action/blob/main/src/pull-metadata.ts

on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, labeled, unlabeled, synchronize]

permissions:
  contents: read

env:
  GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.incremental=false"

jobs:
  test_containers:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest

These scopes represent "permissions".

In OpenAPI (e.g. the API docs), you can define "security schemes".

When one of these security schemes uses OAuth2, you can also declare and use scopes.

Each "scope" is just a string (without spaces).

They are normally used to declare specific security permissions, for example:

* `users:read` or `users:write` are common examples.

name: "Close invalid questions issues"
on:
  schedule:
  - cron: "*/10 * * * *"

permissions:
  contents: read

jobs:
  stale:
    permissions:
      issues: write  # for actions/stale to close stale issues
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    env:
      ACTIONS_STEP_DEBUG: true
    steps:
    - name: Close Stale Issues
      uses: actions/stale@v8
      with:

name: "Close Missing Playground issues"
on:
  schedule:
  - cron: "*/10 * * * *"

permissions:
  contents: read

jobs:
  stale:
    permissions:
      issues: write  # for actions/stale to close stale issues
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    env:
      ACTIONS_STEP_DEBUG: true
    steps:
    - name: Close Stale Issues
      uses: actions/stale@v8
      with:

name: 'Close stale PRs'
on:
  schedule:
    # Execute every hour at xx:05 to avoid conflicts with other workflows
    - cron: '5 * * * *'

permissions: {}

jobs:
  stale:
    permissions:
      pull-requests: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v10
        with:
          operations-per-run: 50
          ascending: true
          exempt-all-milestones: true

	bucket := vars["bucket"]

	objectAPI := api.ObjectAPI()
	if objectAPI == nil {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return
	}

	// check if user has permissions to perform this operation
	if s3Error := checkRequestAuthType(ctx, r, policy.GetReplicationConfigurationAction, bucket, ""); s3Error != ErrNone {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL)
		return
	}