From 9a4702a18eef3099f2ca5bf524a5bd5cb084b48f Mon Sep 17 00:00:00 2001
From: Tim te Beek <tim@moderne.io>
Date: Fri, 7 Jun 2024 11:32:59 +0200
Subject: [PATCH 1/2] Run a subset of best practices against PRs

---
 .github/workflows/comment-pr.yml | 15 +++++++
 .github/workflows/receive-pr.yml | 67 ++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 .github/workflows/comment-pr.yml
 create mode 100644 .github/workflows/receive-pr.yml

diff --git a/.github/workflows/comment-pr.yml b/.github/workflows/comment-pr.yml
new file mode 100644
index 00000000000..e559610258a
--- /dev/null
+++ b/.github/workflows/comment-pr.yml
@@ -0,0 +1,15 @@
+name: comment-pr
+
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
+on:
+  workflow_run:
+    workflows: ["receive-pr"]
+    types:
+      - completed
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
+jobs:
+  post-suggestions:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main
diff --git a/.github/workflows/receive-pr.yml b/.github/workflows/receive-pr.yml
new file mode 100644
index 00000000000..0cd07bb1134
--- /dev/null
+++ b/.github/workflows/receive-pr.yml
@@ -0,0 +1,67 @@
+name: receive-pr
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref }}'
+  cancel-in-progress: true
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
+jobs:
+  upload-patch:
+    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main
+    with:
+      recipe: 'org.openrewrite.recipes.OpenRewriteBestPracticesSubset'
+      rewrite_yml: |
+        ---
+        type: specs.openrewrite.org/v1beta/recipe
+        name: org.openrewrite.recipes.OpenRewriteBestPracticesSubset
+        displayName: OpenRewrite best practices
+        description: Best practices for OpenRewrite recipe development.
+        recipeList:
+          - org.openrewrite.recipes.JavaRecipeBestPracticesSubset
+          - org.openrewrite.recipes.RecipeTestingBestPracticesSubset
+          - org.openrewrite.recipes.RecipeNullabilityBestPractices
+          - org.openrewrite.java.OrderImports
+          - org.openrewrite.java.format.EmptyNewlineAtEndOfFile
+          - org.openrewrite.staticanalysis.InlineVariable
+          - org.openrewrite.staticanalysis.MissingOverrideAnnotation
+          - org.openrewrite.staticanalysis.UseDiamondOperator
+        ---
+        type: specs.openrewrite.org/v1beta/recipe
+        name: org.openrewrite.recipes.JavaRecipeBestPracticesSubset
+        displayName: Java Recipe best practices
+        description: Best practices for Java recipe development.
+        preconditions:
+          - org.openrewrite.java.search.FindTypes:
+              fullyQualifiedTypeName: org.openrewrite.Recipe
+              checkAssignability: true
+        recipeList:
+          - org.openrewrite.java.recipes.ExecutionContextParameterName
+          - org.openrewrite.java.recipes.MissingOptionExample
+          - org.openrewrite.java.recipes.RecipeEqualsAndHashCodeCallSuper
+          - org.openrewrite.java.recipes.UseTreeRandomId
+          - org.openrewrite.staticanalysis.NeedBraces
+          #- org.openrewrite.staticanalysis.RemoveSystemOutPrintln
+        ---
+        type: specs.openrewrite.org/v1beta/recipe
+        name: org.openrewrite.recipes.RecipeTestingBestPracticesSubset
+        displayName: Recipe testing best practices
+        description: Best practices for testing recipes.
+        preconditions:
+          - org.openrewrite.java.search.FindTypes:
+              fullyQualifiedTypeName: org.openrewrite.test.RewriteTest
+              checkAssignability: true
+        recipeList:
+          - org.openrewrite.java.recipes.RewriteTestClassesShouldNotBePublic
+          #- org.openrewrite.java.recipes.SelectRecipeExamples
+          - org.openrewrite.java.recipes.SourceSpecTextBlockIndentation
+          - org.openrewrite.java.testing.cleanup.RemoveTestPrefix
+          - org.openrewrite.java.testing.cleanup.TestsShouldNotBePublic
+          - org.openrewrite.staticanalysis.NeedBraces
+          - org.openrewrite.staticanalysis.RemoveSystemOutPrintln

From 09697c7a31f75210cd26981015794c31c30a1b08 Mon Sep 17 00:00:00 2001
From: Tim te Beek <tim@moderne.io>
Date: Tue, 11 Jun 2024 22:38:08 +0200
Subject: [PATCH 2/2] Update receive-pr.yml

---
 .github/workflows/receive-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/receive-pr.yml b/.github/workflows/receive-pr.yml
index 0cd07bb1134..da5cfb95d7e 100644
--- a/.github/workflows/receive-pr.yml
+++ b/.github/workflows/receive-pr.yml
@@ -27,7 +27,7 @@ jobs:
           - org.openrewrite.recipes.JavaRecipeBestPracticesSubset
           - org.openrewrite.recipes.RecipeTestingBestPracticesSubset
           - org.openrewrite.recipes.RecipeNullabilityBestPractices
-          - org.openrewrite.java.OrderImports
+          #- org.openrewrite.java.OrderImports
           - org.openrewrite.java.format.EmptyNewlineAtEndOfFile
           - org.openrewrite.staticanalysis.InlineVariable
           - org.openrewrite.staticanalysis.MissingOverrideAnnotation