Merge branch 'master' into next-spec

.all-contributorsrc

@@ -119,7 +119,8 @@
       "avatar_url": "https://avatars.githubusercontent.com/u/16149591?v=4",
       "profile": "https://github.com/aeworxet",
       "contributions": [
-        "test"
+        "test",
+        "code"
       ]
     },
     {
@@ -182,5 +183,5 @@
     }
   ],
   "contributorsPerLine": 4,
-  "skipCi": true
+  "skipCi": false
 }

.github/workflows/automerge-for-humans-merging.yml

@@ -21,12 +21,35 @@ jobs:
     if: github.event.pull_request.draft == false && (github.event.pull_request.user.login != 'asyncapi-bot' || github.event.pull_request.user.login != 'dependabot[bot]' || github.event.pull_request.user.login != 'dependabot-preview[bot]') #it runs only if PR actor is not a bot, at least not a bot that we know
     runs-on: ubuntu-latest
     steps:
+      - name: Get list of authors
+        uses: sergeysova/jq-action@v2
+        id: authors
+        with:
+          # This cmd does following (line by line):
+          # 1. CURL querying the list of commits of the current PR via GH API. Why? Because the current event payload does not carry info about the commits.
+          # 2. Iterates over the previous returned payload, and creates an array with the filtered results (see below) so we can work wit it later. An example of payload can be found in https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#webhook-payload-example-34.
+          # 3. Grabs the data we need for adding the `Co-authored-by: ...` lines later and puts it into objects to be used later on.
+          # 4. Filters the results by excluding the current PR sender. We don't need to add it as co-author since is the PR creator and it will become by default the main author.
+          # 5. Removes repeated authors (authors can have more than one commit in the PR).
+          # 6. Builds the `Co-authored-by: ...` lines with actual info.
+          # 7. Transforms the array into plain text. Thanks to this, the actual stdout of this step can be used by the next Workflow step (wich is basically the automerge).
+          cmd: | 
+            curl -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" "${{github.event.pull_request._links.commits.href}}?per_page=100" | 
+              jq -r '[.[] 
+                | {name: .commit.author.name, email: .commit.author.email, login: .author.login}] 
+                | map(select(.login != "${{github.event.pull_request.user.login}}")) 
+                | unique 
+                | map("Co-authored-by: " + .name + " <" + .email + ">") 
+                | join("\n")'
+          multiline: true
       - name: Automerge PR
         uses: pascalgn/[email protected]
         env:
           GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
           MERGE_LABELS: "!do-not-merge,ready-to-merge"
           MERGE_METHOD: "squash"
-          MERGE_COMMIT_MESSAGE: "{pullRequest.title} (#{pullRequest.number})"
+          # Using the output of the previous step (`Co-authored-by: ...` lines) as commit description.
+          # Important to keep 2 empty lines as https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors#creating-co-authored-commits-on-the-command-line mentions
+          MERGE_COMMIT_MESSAGE: "{pullRequest.title} (#{pullRequest.number})\n\n\n${{ steps.authors.outputs.value }}" 
           MERGE_RETRIES: "20"
-          MERGE_RETRY_SLEEP: "30000"
+          MERGE_RETRY_SLEEP: "30000"

.github/workflows/if-nodejs-release.yml

@@ -9,12 +9,12 @@ on:
     branches:
       - master
       # below lines are not enough to have release supported for these branches
-      # make sure configuration of `semantic-release` package mentiones these branches
-      - next
+      # make sure configuration of `semantic-release` package mentions these branches
+      - next-spec
       - next-major
+      - next-major-spec
       - beta
       - alpha
-      - '**-release' # custom
 
 jobs:
 

.github/workflows/link-check-cron.yml

@@ -18,7 +18,7 @@ jobs:
 
     # Checks the status of hyperlinks in .md files
     - name: Check links
-      uses: gaurav-nelson/github-action-markdown-link-check@v1
+      uses: gaurav-nelson/github-action-markdown-link-check@0a51127e9955b855a9bbfa1ff5577f1d1338c9a5 #1.0.14 but pointing to commit for security reasons
       with:
         use-quiet-mode: 'yes'
         use-verbose-mode: 'yes'

.github/workflows/link-check-pr.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v3
     - name: Check links
-      uses: gaurav-nelson/github-action-markdown-link-check@v1
+      uses: gaurav-nelson/github-action-markdown-link-check@0a51127e9955b855a9bbfa1ff5577f1d1338c9a5 #1.0.14 but pointing to commit for security reasons
       with:
         use-quiet-mode: 'yes'
         use-verbose-mode: 'yes'

.github/workflows/lint-pr-title.yml

@@ -1,23 +1,49 @@
 # This action is centrally managed in https://github.com/asyncapi/.github/
 # Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
 
+
+
 name: Lint PR title
 
 on:
   pull_request_target:
     types: [opened, reopened, synchronize, edited, ready_for_review]
-
+    
 jobs:
   lint-pr-title:
-    name: Lint PR title
-    runs-on: ubuntu-latest
-    steps:
+   name: Lint PR title
+   runs-on: ubuntu-latest
+   steps:
       # Since this workflow is REQUIRED for a PR to be mergable, we have to have this 'if' statement in step level instead of job level.
       - if: ${{ !contains(fromJson('["asyncapi-bot", "dependabot[bot]", "dependabot-preview[bot]", "allcontributors"]'), github.actor) }}
-        uses: amannn/[email protected]
+        uses: amannn/action-semantic-pull-request@505e44b4f33b4c801f063838b3f053990ee46ea7      #version 4.6.0
+        id: lint_pr_title
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN}}
         with:
           subjectPattern: ^(?![A-Z]).+$
           subjectPatternError: |
             The subject "{subject}" found in the pull request title "{title}" should start with a lowercase character.
+            
+      # Comments the error message from the above lint_pr_title action 
+      - if: ${{always() &&  !contains(fromJson('["asyncapi-bot", "dependabot[bot]", "dependabot-preview[bot]", "allcontributors"]'), github.actor)}}
+        name: Comment on PR
+        uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443    #version 2.2
+        with:
+          header: pr-title-lint-error
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN}}
+          message: |
+                   
+                   We require all PRs to follow [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/). 
+                   More details 👇🏼
+                   ```
+                    ${{ steps.lint_pr_title.outputs.error_message}}
+                   ```
+       # deletes the error comment if the title is correct            
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        name: delete the comment
+        uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443    #version 2.2
+        with:   
+          header: pr-title-lint-error
+          delete: true
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN}}

.github/workflows/stale-issues-prs.yml

@@ -13,7 +13,7 @@ jobs:
     name: Mark issue or PR as stale
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v5.1.0
+    - uses: actions/stale@99b6c709598e2b0d0841cd037aaf1ba07a4410bd #v5.2.0 but pointing to commit for security reasons
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: |