ci: add issue maintenance workflows (#322)

* ci: add stale issue handling for issues and prs

* ci: add quarterly tool evaluation issue creation

* ci: fix workflow title

* docs: include links to tools to update

* ci: restructure action workflows for readability

.github/workflows/issue-cleanup.yml

@@ -0,0 +1,24 @@
+---
+name: Close Stale Issues & Pull Requests
+
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        with:
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: "This issue is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this issue will be closed in 7 days."
+          stale-pr-message: "This pull request is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this pull request will be closed in 7 days."
+          exempt-all-milestones: true

.github/workflows/issue-creation-tool-versions.yml

@@ -0,0 +1,65 @@
+---
+name: Evaluate Tool Versions
+
+on:
+  schedule:
+    - cron: 0 0 1 */3 *
+
+permissions: {}
+
+jobs:
+  create-issue:
+    name: Create tool version evaluation issue
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - run: |
+          if [[ $CLOSE_PREVIOUS == true ]]; then
+            previous_issue_number=$(gh issue list \
+              --label "$LABELS" \
+              --json number \
+              --jq '.[0].number')
+            if [[ -n $previous_issue_number ]]; then
+              gh issue close "$previous_issue_number"
+              gh issue unpin "$previous_issue_number"
+            fi
+          fi
+          new_issue_url=$(gh issue create \
+            --title "$TITLE" \
+            --assignee "$ASSIGNEES" \
+            --label "$LABELS" \
+            --body "$BODY")
+          if [[ $PINNED == true ]]; then
+            gh issue pin "$new_issue_url"
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          TITLE: Evaluate tool versions
+          ASSIGNEES: awesome-embedded-projects
+          LABELS: scheduled,tool-versions
+          BODY: |
+            ## Description
+
+            This issue is automatically created as a gentle reminder to evaluate the tool versions, and base container, for
+            the container image built from this repository. The checklist below describes the steps that should be taken,
+            and checked-off before this issue can be closed. Any decisions about purposefully not updating a tool to a newer
+            version should be logged as issue comment. The general philosophy is to always include the latest tool versions
+            and the latest [LTS](https://ubuntu.com/about/release-cycle) version of Ubuntu.
+
+            Please note that, where possible, tool versions are kept up to date by Dependabot. Below list includes tools that
+            are not under Dependabot control.
+
+            ## Checklist
+
+            - [ ] The image is based on the latest LTS version of Ubuntu
+            - [ ] The GCC and [ARM GNU](https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads) toolchains are up to date and match in version
+            - [ ] The Clang toolchain is up to date
+            - [ ] The [Docker cli](https://download.docker.com/linux/static/stable/) is up to date
+            - [ ] [bats-core](https://github.com/bats-core/bats-core), [bats-support](https://github.com/bats-core/bats-support) and [bats-assert](https://github.com/bats-core/bats-assert) are up to date
+            - [ ] [Mull](https://github.com/mull-project/mull) is up to date and compatible with the currently installed Clang version
+            - [ ] [include-what-you-use](https://github.com/include-what-you-use/include-what-you-use) is up to date and compatible with the currently installed Clang version
+            - [ ] [xwin](https://github.com/Jake-Shadle/xwin) is up to date
+          PINNED: true
+          CLOSE_PREVIOUS: true

.github/workflows/ossf-scorecard.yml

@@ -12,8 +12,7 @@ on:
 permissions: read-all
 
 jobs:
-  analysis:
-    name: OSSF Scorecard
+  ossf-scorecard:
     runs-on: ubuntu-latest
     permissions:
       security-events: write

.github/workflows/validate-pr.yml → .github/workflows/pr-conventional-title.yml

@@ -1,14 +1,18 @@
 ---
-name: Validate Pull-Request
+name: Pull request Conventional Title
 
 on:
   pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
 
 permissions:
-  contents: read
+  pull-requests: read
 
 jobs:
-  conventional-commit:
+  validate-pr-title:
     runs-on: ubuntu-latest
     steps:
       - uses: Namchee/conventional-pr@b31518c34a4243c21484e3187abbbee4a44d0ec4 # v0.15.4

.github/workflows/cleanup-pr-image.yml → .github/workflows/pr-image-cleanup.yml

@@ -1,4 +1,5 @@
-name: Cleanup Pull-Request Image
+---
+name: Cleanup Pull Request Images
 
 on:
   pull_request:

.github/workflows/pr-report.yml

@@ -1,4 +1,5 @@
-name: PR Report
+---
+name: Pull Request Report
 
 on:
   pull_request:

.github/workflows/update-dependencies.yml

@@ -10,7 +10,7 @@ permissions:
   contents: read
 
 jobs:
-  update:
+  update-apt-dependencies:
     runs-on: ubuntu-latest
     # Using our own container is required since we need all package sources
     # set-up correctly.