.github/workflows: Use tianocore-assign-reviewers [bot] app

Add github actions to assign reviewers to a PR and verify
that any updates to CODEOWNERS, REVIEWERS or Maintainers.txt
are in sync.

Update workflow to generate a token so the assign reviewers
action runs with the name and permissions of the
tianocore-assign-reviewers [bot] application.

Signed-off-by: Michael D Kinney <[email protected]>

.github/workflows/AssignReviewers.yml

@@ -0,0 +1,32 @@
+## @file
+# Assign reviewers from a REVIEWERS file using CODEOWNERS syntax
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+name: Assign reviewers from a REVIEWERS file using CODEOWNERS syntax
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches:
+      - 'master'
+
+jobs:
+  assign_reviewers:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request Target
+        uses: actions/checkout@v2
+      - name: Get Token
+        id: get_workflow_token
+        uses: peter-murray/workflow-application-token-action@v1
+        with:
+          application_id: ${{ secrets.APPLICATION_ID }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+          organization: tianocore
+      - uses: mdkinney/github-action-assign-reviewers@main
+        with:
+          token: ${{ steps.get_workflow_token.outputs.token }}

.github/workflows/CheckCodeOwnerFiles.yml

@@ -0,0 +1,39 @@
+## @file
+# Check CODEOWNERS coverage of all files in PR
+#
+# Only run this check if one or more files modified in the PR
+# are not CODEOWNERS, REVIEWERS, or Maintainers.txt.
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+name: Check CODEOWNERS coverage of all files in PR
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches:
+      - 'master'
+    paths-ignore:
+      - 'CODEOWNERS'
+      - 'docs/CODEOWNERS'
+      - '.github/CODEOWNERS'
+      - 'REVIEWERS'
+      - 'docs/REVIEWERS'
+      - '.github/REVIEWERS'
+      - 'Maintainers.txt'
+
+jobs:
+  codeowners_files_validator:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+      - name: CODEOWNERS Validator
+        uses: mszostok/[email protected]
+        with:
+          checks: "files"
+          experimental_checks: "notowned"
+          github_access_token: ${{secrets.GITHUB_TOKEN}}

.github/workflows/CheckCodeOwnerMaintainers.yml

@@ -0,0 +1,121 @@
+## @file
+# Check CODEOWNERS, REVIEWERS, and Maintainers.txt files.
+#
+# Only run this check if any of the files modified in the PR
+# are CODEOWNERS, REVIEWERS, or Maintainers.txt.
+#
+# This workflow uses pull_request_target to support passing in
+# github_access_token that is not available for pull_request.
+# The checkout action checks out the head of the PR.  In this
+# specific workflow, this is safe because there are no dependencies
+# on any files other that this .yml file and known external actions.
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+name: Check CODEOWNERS, REVIEWERS, and Maintainers.txt files
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches:
+      - 'master'
+    paths:
+      - 'CODEOWNERS'
+      - 'docs/CODEOWNERS'
+      - '.github/CODEOWNERS'
+      - 'REVIEWERS'
+      - 'docs/REVIEWERS'
+      - '.github/REVIEWERS'
+      - 'Maintainers.txt'
+
+jobs:
+  check_codeowners_maintainers:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Check CODEOWNERS, REVIEWERS, and Maintainers.txt files
+        uses: mdkinney/github-action-check-codeowners-maintainers@main
+        with:
+          token: ${{secrets.GITHUB_TOKEN}}
+
+  codeowners_validator_user:
+    if: github.event.pull_request.draft == false && github.event.pull_request.base.user.type == 'User'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: CODEOWNERS Validator
+        uses: mszostok/[email protected]
+        with:
+          checks: "files,duppatterns,syntax"
+          experimental_checks: "notowned,avoid-shadowing"
+          github_access_token: "${{ secrets.GITHUB_TOKEN }}"
+
+  codeowners_validator_organization:
+    if: github.event.pull_request.draft == false && github.event.pull_request.base.user.type == 'Organization'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: CODEOWNERS Validator
+        uses: mszostok/[email protected]
+        with:
+          checks: "files,owners,duppatterns,syntax"
+          experimental_checks: "notowned,avoid-shadowing"
+          github_access_token: "${{ secrets.CODEOWNERS_VALIDATOR_TOKEN }}"
+
+  reviewers_validator_user:
+    if: github.event.pull_request.draft == false && github.event.pull_request.base.user.type == 'User'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Copy REVIEWERS to CODEOWNERS
+        run: |
+          [[ -e CODEOWNERS ]]         && rm CODEOWNERS
+          [[ -e docs/CODEOWNERS ]]    && rm docs/CODEOWNERS
+          [[ -e .github/CODEOWNERS ]] && rm .github/CODEOWNERS
+          [[ -e REVIEWERS ]]          && cp REVIEWERS CODEOWNERS
+          [[ -e docs/REVIEWERS ]]     && cp docs/REVIEWERS docs/CODEOWNERS
+          [[ -e .github/REVIEWERS ]]  && cp .github/REVIEWERS .github/CODEOWNERS
+      - name: REVIEWERS Validator
+        uses: mszostok/[email protected]
+        with:
+          checks: "files,duppatterns,syntax"
+          experimental_checks: "avoid-shadowing"
+          github_access_token: "${{ secrets.GITHUB_TOKEN }}"
+
+  reviewers_validator_organization:
+    if: github.event.pull_request.draft == false && github.event.pull_request.base.user.type == 'Organization'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Pull Request
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Copy REVIEWERS to CODEOWNERS
+        run: |
+          [[ -e CODEOWNERS ]]         && rm CODEOWNERS
+          [[ -e docs/CODEOWNERS ]]    && rm docs/CODEOWNERS
+          [[ -e .github/CODEOWNERS ]] && rm .github/CODEOWNERS
+          [[ -e REVIEWERS ]]          && cp REVIEWERS CODEOWNERS
+          [[ -e docs/REVIEWERS ]]     && cp docs/REVIEWERS docs/CODEOWNERS
+          [[ -e .github/REVIEWERS ]]  && cp .github/REVIEWERS .github/CODEOWNERS
+      - name: REVIEWERS Validator
+        uses: mszostok/[email protected]
+        with:
+          checks: "files,owners,duppatterns,syntax"
+          experimental_checks: "avoid-shadowing"
+          github_access_token: "${{ secrets.CODEOWNERS_VALIDATOR_TOKEN }}"