chore(release): 2.89.0 (#26566)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.89.0/CHANGELOG.md)

Author: mergify[bot]

.github/workflows/README.md

@@ -5,58 +5,96 @@ These workflows and actions are configured in the AWS CDK GitHub repository.
 ## Pull Request Triggered
 
 ### Auto Approve
+
 [auto-approve.yml](auto-approve.yml): Approves merging PRs with the
 `auto-approve` label.
 Owner: Core CDK team
 
+### PR Linter Trigger
+
+[pr-linter-trigger.yml](pr-linter-trigger.yml): A workflow triggered by `pull_request_review`
+that uploads necessary information about the pull request and then triggers the
+[pr-linter](pr-linter.yml). Necessary because the `pull_request_review` trigger runs actions
+on the merge branch not the base branch (with its secrets).
+Owner: Core CDK team
+
 ### PR Linter
+
 [pr-linter.yml](pr-linter.yml): Runs `tools/@aws-cdk-prlint` on each PR to
 check for correctness.
 Owner: Core CDK team
 
 ### v2-main PR automation
+
 [v2-pull-request.yml](v2-pull-request.yml): Runs `pkglint` on merge forward PRs
 and commits the results.
 Owner: Core CDK team
 
 ### Label Assigner
+
 [issue-label-assign.yml](issue-label-assign.yml): Github action for automatically adding labels and/or setting assignees when an Issue or PR is opened or edited based on user-defined Area
 Owner: CDK support team
 
 ### PR Labeler
-[pr-labeler.yml](pr-labeler.yml): GitHub action for automatically porting triage labels from issues 
+
+[pr-labeler.yml](pr-labeler.yml): GitHub action for automatically porting triage labels from issues
 linked in the PR description to the PR.
 Owner: Core CDK team
 
 ### GitHub Merit Badger
+
 [github-merit-badger.yml](github-merit-badger.yml): GitHub action that adds 'merit badges' to pull
 requests based on the users prior contributions to the CDK.
 Owner: Core CDK team
 
+### Request CLI Integ Test
+
+[request-cli-integ-test.yml](request-cli-integ-test.yml):
+Checks for relevant changes to the CLI code and requests a deployment to the `test-pipeline` environment.
+When approved this pushes the PR to the testing pipeline,
+thus starting the cli integ test build.
+Owner: Core CDK team
+
 ## Issue Triggered
 
 ### Closed Issue Message
+
 [closed-issue-message.yml](closed-issue-message.yml): Adds a reminder message
 to issues that are closed.
 Owner: CDK support team
 
 ### Label Assigner
+
 [issue-label-assign.yml](issue-label-assign.yml): Github action for automatically adding labels and/or setting assignees when an Issue or PR is opened or edited based on user-defined Area
 Owner: CDK support team
 
 ## Scheduled Actions
 
 ### Issue Lifecycle Handling
+
 [close-stale-issues.yml](close-stale-issues.yml): Handles labeling issues and
 PRs with `closing-soon`, `response-requested`, etc.
 Owner: CDK support team
 
 ### Yarn Upgrader
+
 [yarn-upgrade.yml](yarn-upgrade.yml): Upgrades yarn dependencies and creates a
 patch file for downloading.
 Owner: Core CDK team
 
+### AWS Service Spec Update
+
+[spec-update.yml](spec-update.yml): Updates AWS Service Spec and related packages to their latest versions
+and submits an auto-approve PR for it.
+Owner: Core CDK team
+
 ### Issue Reprioritizer
+
 [issue-reprioritization.yml](issue-reprioritization.yml): GitHub action that labels `p2`
 issues as `p1` if a certain level of community engagement is met.
-Owner: Core CDK team
+Owner: Core CDK team
+
+### Issue Metrics
+
+[repo-metrics.yml](repo-metrics.yml): GitHub action that runs monthly to report on metrics for issues and PRs created last month.
+Owner: Core CDK team

.github/workflows/github-merit-badger.yml

@@ -17,4 +17,4 @@ jobs:
           badges: '[beginning-contributor,repeat-contributor,valued-contributor,admired-contributor,star-contributor,distinguished-contributor]'
           thresholds: '[0,3,6,13,25,50]'
           badge-type: 'achievement'
-          ignore-usernames: '[RomainMuller,rix0rrr,MrArnoldPalmer,iliapolo,otaviomacedo,madeline-k,kaizencc,comcalvi,corymhall,peterwoodworth,ryparker,TheRealAmazonKendra,vinayak-kukreja,Naumel,mrgrain,pahud,cgarvis,kellertk,HBobertz,sumupitchayan,pattasai,SankyRed,udaypant,colifran,khushail,aws-cdk-automation,dependabot[bot],mergify[bot]]'
+          ignore-usernames: '[RomainMuller,rix0rrr,MrArnoldPalmer,iliapolo,otaviomacedo,madeline-k,kaizencc,comcalvi,corymhall,peterwoodworth,ryparker,TheRealAmazonKendra,vinayak-kukreja,Naumel,mrgrain,pahud,cgarvis,kellertk,HBobertz,sumupitchayan,pattasai,SankyRed,udaypant,colifran,khushail,scanlonp,aws-cdk-automation,dependabot[bot],mergify[bot]]'

.github/workflows/pr-linter-trigger.yml

@@ -0,0 +1,23 @@
+name: PR Linter Trigger
+
+on:
+  pull_request_review:
+    types: [submitted, edited, dismissed]
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Save PR number
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          mkdir -p ./pr
+          echo $PR_NUMBER > ./pr/pr_number
+          echo $PR_SHA > ./pr/pr_sha
+      - uses: actions/upload-artifact@v3
+        with:
+          name: pr_info
+          path: pr/

.github/workflows/pr-linter.yml

@@ -3,7 +3,6 @@
 
 name: PR Linter
 on:
-  # Necessary to have sufficient permissions to write to the PR
   pull_request_target:
     types:
       - labeled
@@ -12,18 +11,65 @@ on:
       - opened
       - synchronize
       - reopened
+  workflow_run:
+    workflows: [PR Linter Trigger]
+    types:
+      - completed
   status:
 
 jobs:
+  download-if-workflow-run:
+    runs-on: ubuntu-latest
+    outputs:
+      pr_number: ${{ steps.pr_output.outputs.pr_number }}
+      pr_sha: ${{ steps.pr_output.outputs.pr_sha }}
+    # if conditions on all individual steps because subsequent jobs depend on this job
+    # and we cannot skip it entirely
+    steps:
+      - name: 'Download artifact'
+        if: github.event_name == 'workflow_run'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr_info"
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_info.zip`, Buffer.from(download.data));
+      - name: 'Unzip artifact'
+        if: github.event_name == 'workflow_run'
+        run: unzip pr_info.zip
+
+      - name: 'Make GitHub output'
+        if: github.event_name == 'workflow_run'
+        id: 'pr_output'
+        run: |
+          echo "cat pr_number"
+          echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
+          echo "cat pr_sha"
+          echo "pr_sha=$(cat pr_sha)" >> "$GITHUB_OUTPUT"
+
   validate-pr:
+    # Necessary to have sufficient permissions to write to the PR
     permissions:
       contents: read
       pull-requests: write
       statuses: read
       issues: read
     runs-on: ubuntu-latest
+    needs: download-if-workflow-run
     steps:
-
       - name: Checkout
         uses: actions/checkout@v3
 
@@ -34,4 +80,7 @@ jobs:
         uses: ./tools/@aws-cdk/prlint
         env:
           GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+          # PR_NUMBER and PR_SHA is empty if triggered by pull_request_target, since we already have that info
+          PR_NUMBER: ${{ needs.download-if-workflow-run.outputs.pr_number }}
+          PR_SHA: ${{ needs.download-if-workflow-run.outputs.pr_sha }}
           REPO_ROOT: ${{ github.workspace }}

.github/workflows/repo-metrics.yml

@@ -0,0 +1,56 @@
+name: Monthly repo metrics
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 1 * *'
+
+permissions:
+  issues: write
+  pull-requests: read
+
+jobs:
+  build:
+    name: metrics
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Get dates for last month
+      shell: bash
+      run: |
+        # Calculate the first day of the previous month
+        first_day=$(date -d "last month" +%Y-%m-01)
+
+        # Calculate the last day of the previous month
+        last_day=$(date -d "$first_day +1 month -1 day" +%Y-%m-%d)
+
+        # Set an environment variable with the date range
+        echo "$first_day..$last_day"
+        echo "last_month=$first_day..$last_day" >> "$GITHUB_ENV"
+
+    - name: Report on issues
+      uses: github/issue-metrics@v2
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SEARCH_QUERY: 'repo:aws/aws-cdk is:issue created:${{ env.last_month }} -reason:"not planned"'
+
+    - name: Create report for issues
+      uses: peter-evans/create-issue-from-file@v4
+      with:
+        title: Monthly issue metrics report
+        token: ${{ secrets.GITHUB_TOKEN }}
+        content-filepath: ./issue_metrics.md
+        assignees: evgenyka
+        
+    - name: Report on PRs
+      uses: github/issue-metrics@v2
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SEARCH_QUERY: 'repo:aws/aws-cdk is:pr created:${{ env.last_month }} -is:draft'
+
+    - name: Create report for PRs
+      uses: peter-evans/create-issue-from-file@v4
+      with:
+        title: Monthly issue metrics report
+        token: ${{ secrets.GITHUB_TOKEN }}
+        content-filepath: ./issue_metrics.md
+        assignees: evgenyka

.github/workflows/request-cli-integ-test.yml

@@ -0,0 +1,58 @@
+# Request a deployment to the test pipeline
+
+name: request-cli-integ-test
+on:
+  pull_request_target: {}
+
+jobs:
+  cli-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      any-changed-files: ${{ steps.changed-cli-files.outputs.cli_any_changed }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Find changed cli files
+        id: changed-cli-files
+        uses: tj-actions/changed-files@920e7b9ae1d45913fc81f86c956fee89c77d2e5e
+        with:
+          base_sha: ${{ github.event.pull_request.base.sha }}
+          files_yaml: |
+            cli:
+              - packages/aws-cdk/bin/**
+              - packages/aws-cdk/lib/**
+              - packages/aws-cdk/test/**
+  submit-to-test-pipeline:
+    environment: test-pipeline
+    needs: cli-changes
+    if: needs.cli-changes.outputs.any-changed-files == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          # Needs to run with PROJEN_GITHUB_TOKEN because we need permissions to force push the branch
+          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - name: Submit to test-pipeline
+        run: |
+          git config --global user.name 'aws-cdk-automation'
+          git config --global user.email '[email protected]'
+          git push --force --atomic https://github.com/${{ github.repository }}.git FETCH_HEAD:test-main-pipeline
+      - name: Explain next steps
+        uses: thollander/actions-comment-pull-request@dadb7667129e23f12ca3925c90dc5cd7121ab57e
+        with:
+          message: |
+            :arrow_right: **PR build request submitted to `test-main-pipeline`** :arrow_left:
+
+            A maintainer must now check the pipeline and add the `pr-linter/cli-integ-tested` label once the pipeline succeeds.
+          comment_tag: request-cli-integ-test
+          mode: recreate
+          # Post as our automation user
+          GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }}