From 0f7dc4f54d54ae9bec639fbbb369b4deceb3adc5 Mon Sep 17 00:00:00 2001
From: Mark Paluch <mark.paluch@broadcom.com>
Date: Tue, 23 Sep 2025 10:51:19 +0200
Subject: [PATCH] Update GitHub Actions.

See #3169
---
 .github/workflows/codeql.yml  | 21 ++++++++++++++++
 .github/workflows/project.yml | 45 +++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 .github/workflows/codeql.yml
 create mode 100644 .github/workflows/project.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..411d4a933
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,21 @@
+# GitHub Actions for CodeQL Scanning
+
+name: "CodeQL Advanced"
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
+    - cron: '0 5 * * *'
+
+permissions: read-all
+
+jobs:
+  codeql-analysis-call:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@1
diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml
new file mode 100644
index 000000000..4c8108d35
--- /dev/null
+++ b/.github/workflows/project.yml
@@ -0,0 +1,45 @@
+# GitHub Actions to automate GitHub issues for Spring Data Project Management
+
+name: Spring Data GitHub Issues
+
+on:
+  issues:
+    types: [opened, edited, reopened]
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, edited, reopened]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  Inbox:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'spring-projects' && (github.event.action == 'opened' || github.event.action == 'reopened') && github.event.pull_request == null && !contains(join(github.event.issue.labels.*.name, ', '), 'dependency-upgrade') && !contains(github.event.issue.title, 'Release ')
+    steps:
+      - name: Create or Update Issue Card
+        uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/spring-projects/projects/25
+          github-token: ${{ secrets.GH_ISSUES_TOKEN_SPRING_DATA }}
+  Pull-Request:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'spring-projects' && (github.event.action == 'opened' || github.event.action == 'reopened') && github.event.pull_request != null
+    steps:
+      - name: Create or Update Pull Request Card
+        uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/spring-projects/projects/25
+          github-token: ${{ secrets.GH_ISSUES_TOKEN_SPRING_DATA }}
+  Feedback-Provided:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'spring-projects' && github.event_name == 'issue_comment' && github.event.action == 'created' && github.actor != 'spring-projects-issues' && github.event.pull_request == null && github.event.issue.state == 'open' && contains(toJSON(github.event.issue.labels), 'waiting-for-feedback')
+    steps:
+      - name: Update Project Card
+        uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/spring-projects/projects/25
+          github-token: ${{ secrets.GH_ISSUES_TOKEN_SPRING_DATA }}