7 files changed, 175 insertions, 3 deletions

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index cf5f1590d..7217cb443 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1,41 @@
-* @python-discord/core-developers
+# Extensions
+**/bot/exts/backend/sync/**             @MarkKoz
+**/bot/exts/filters/*token_remover.py   @MarkKoz
+**/bot/exts/moderation/*silence.py      @MarkKoz
+bot/exts/info/codeblock/**              @MarkKoz
+bot/exts/utils/extensions.py            @MarkKoz
+bot/exts/utils/snekbox.py               @MarkKoz @Akarys42
+bot/exts/help_channels/**               @MarkKoz @Akarys42
+bot/exts/moderation/**                  @Akarys42 @mbaruh @Den4200 @ks129
+bot/exts/info/**                        @Akarys42 @Den4200
+bot/exts/info/information.py            @mbaruh
+bot/exts/filters/**                     @mbaruh
+bot/exts/fun/**                         @ks129
+bot/exts/utils/**                       @ks129
+
+# Rules
+bot/rules/**                            @mbaruh
+
+# Utils
+bot/utils/extensions.py                 @MarkKoz
+bot/utils/function.py                   @MarkKoz
+bot/utils/lock.py                       @MarkKoz
+bot/utils/regex.py                      @Akarys42
+bot/utils/scheduling.py                 @MarkKoz
+
+# Tests
+tests/_autospec.py                      @MarkKoz
+tests/bot/exts/test_cogs.py             @MarkKoz
+tests/**                                @Akarys42
+
+# CI & Docker
+.github/workflows/**                    @MarkKoz @Akarys42 @SebastiaanZ @Den4200
+Dockerfile                              @MarkKoz @Akarys42 @Den4200
+docker-compose.yml                      @MarkKoz @Akarys42 @Den4200
+
+# Tools
+Pipfile*                                @Akarys42
+
+# Statistics
+bot/async_stats.py                      @jb3
+bot/exts/info/stats.py                  @jb3
diff --git a/.github/review-policy.yml b/.github/review-policy.yml
new file mode 100644
index 000000000..421b30f8a
--- /dev/null
+++ b/.github/review-policy.yml
@@ -0,0 +1,3 @@
+remote: python-discord/.github
+path: review-policies/core-developers.yml
+ref: main
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 706ab462f..6c97e8784 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   build:
-    if: github.event.workflow_run.conclusion == 'success'
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
     name: Build & Push
     runs-on: ubuntu-latest
 
@@ -55,3 +55,5 @@ jobs:
           tags: |
             ghcr.io/python-discord/bot:latest
             ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }}
+          build-args: |
+            git_sha=${{ github.sha }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 90555a8ee..5a4aede30 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -23,6 +23,9 @@ jobs:
 
       - name: Checkout code
         uses: actions/checkout@v2
+        with:
+          repository: python-discord/kubernetes
+          token: ${{ secrets.REPO_TOKEN }}
 
       - name: Authenticate with Kubernetes
         uses: azure/k8s-set-context@v1
@@ -34,6 +37,6 @@ jobs:
         uses: Azure/k8s-deploy@v1
         with:
           manifests: |
-              deployment.yaml
+              bot/deployment.yaml
           images: 'ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }}'
           kubectl-version: 'latest'
diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
index 5444fc3de..6fa8e8333 100644
--- a/.github/workflows/lint-test.yml
+++ b/.github/workflows/lint-test.yml
@@ -113,3 +113,25 @@ jobs:
         env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: coveralls
+
+      # Prepare the Pull Request Payload artifact. If this fails, we
+      # we fail silently using the `continue-on-error` option. It's
+      # nice if this succeeds, but if it fails for any reason, it
+      # does not mean that our lint-test checks failed.
+      - name: Prepare Pull Request Payload artifact
+        id: prepare-artifact
+        if: always() && github.event_name == 'pull_request'
+        continue-on-error: true
+        run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json
+
+      # This only makes sense if the previous step succeeded. To
+      # get the original outcome of the previous step before the
+      # `continue-on-error` conclusion is applied, we use the
+      # `.outcome` value. This step also fails silently.
+      - name: Upload a Build Artifact
+        if: always() && steps.prepare-artifact.outcome == 'success'
+        continue-on-error: true
+        uses: actions/upload-artifact@v2
+        with:
+          name: pull-request-payload
+          path: pull_request_payload.json
diff --git a/.github/workflows/sentry_release.yml b/.github/workflows/sentry_release.yml
new file mode 100644
index 000000000..b8d92e90a
--- /dev/null
+++ b/.github/workflows/sentry_release.yml
@@ -0,0 +1,24 @@
+name: Create Sentry release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  create_sentry_release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Create a Sentry.io release
+        uses: tclindner/[email protected]
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: python-discord
+          SENTRY_PROJECT: bot
+        with:
+          tagName: ${{ github.sha }}
+          environment: production
+          releaseNamePrefix: bot@
diff --git a/.github/workflows/status_embed.yaml b/.github/workflows/status_embed.yaml
new file mode 100644
index 000000000..b6a71b887
--- /dev/null
+++ b/.github/workflows/status_embed.yaml
@@ -0,0 +1,78 @@
+name: Status Embed
+
+on:
+  workflow_run:
+    workflows:
+      - Lint & Test
+      - Build
+      - Deploy
+    types:
+      - completed
+
+jobs:
+  status_embed:
+    # We need to send a status embed whenever the workflow
+    # sequence we're running terminates. There are a number
+    # of situations in which that happens:
+    #
+    # 1. We reach the end of the Deploy workflow, without
+    #    it being skipped.
+    #
+    # 2. A `pull_request` triggered a Lint & Test workflow,
+    #    as the sequence always terminates with one run.
+    #
+    # 3. If any workflow ends in failure or was cancelled.
+    if: >-
+      (github.event.workflow_run.name == 'Deploy' && github.event.workflow_run.conclusion != 'skipped') ||
+      github.event.workflow_run.event == 'pull_request' ||
+      github.event.workflow_run.conclusion == 'failure' ||
+      github.event.workflow_run.conclusion == 'cancelled'
+    name:  Send Status Embed to Discord
+    runs-on: ubuntu-latest
+
+    steps:
+      # A workflow_run event does not contain all the information
+      # we need for a PR embed. That's why we upload an artifact
+      # with that information in the Lint workflow.
+      - name: Get Pull Request Information
+        id: pr_info
+        if: github.event.workflow_run.event == 'pull_request'
+        run: |
+          curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json
+          DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url')
+          [ -z "$DOWNLOAD_URL" ] && exit 1
+          wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip $DOWNLOAD_URL || exit 2
+          unzip -p pull_request_payload.zip > pull_request_payload.json
+          [ -s pull_request_payload.json ] || exit 3
+          echo "::set-output name=pr_author_login::$(jq -r '.user.login // empty' pull_request_payload.json)"
+          echo "::set-output name=pr_number::$(jq -r '.number // empty' pull_request_payload.json)"
+          echo "::set-output name=pr_title::$(jq -r '.title // empty' pull_request_payload.json)"
+          echo "::set-output name=pr_source::$(jq -r '.head.label // empty' pull_request_payload.json)"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Send an informational status embed to Discord instead of the
+      # standard embeds that Discord sends. This embed will contain
+      # more information and we can fine tune when we actually want
+      # to send an embed.
+      - name: GitHub Actions Status Embed for Discord
+        uses: SebastiaanZ/[email protected]
+        with:
+          # Our GitHub Actions webhook
+          webhook_id: '784184528997842985'
+          webhook_token: ${{ secrets.GHA_WEBHOOK_TOKEN }}
+
+          # Workflow information
+          workflow_name: ${{ github.event.workflow_run.name }}
+          run_id: ${{ github.event.workflow_run.id }}
+          run_number: ${{ github.event.workflow_run.run_number }}
+          status: ${{ github.event.workflow_run.conclusion }}
+          actor: ${{ github.actor }}
+          repository:  ${{ github.repository }}
+          ref: ${{ github.ref }}
+          sha: ${{ github.event.workflow_run.head_sha }}
+
+          pr_author_login: ${{ steps.pr_info.outputs.pr_author_login }}
+          pr_number: ${{ steps.pr_info.outputs.pr_number }}
+          pr_title: ${{ steps.pr_info.outputs.pr_title }}
+          pr_source: ${{ steps.pr_info.outputs.pr_source }}