feat: nested stack as per subnet group

Author: mr-robot-in

.eslintrc.json

@@ -0,0 +1,70 @@
+# Auto-approve Dependabot PRs
+# Based on GitHub's official documentation for Dependabot automation
+
+name: Dependabot auto-approve
+on: 
+  pull_request:
+    types: [opened, reopened, synchronize]
+  workflow_run:
+    workflows: ["Dependabot auto-label"]
+    types: [completed]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: arc-runner-set
+    if: |
+      (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]') ||
+      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      
+      - name: Auto-approve and add automerge label for patch updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' &&
+          steps.metadata.outputs.update-type != null
+        run: |
+          gh pr review --approve "$PR_URL"
+          gh pr edit "$PR_URL" --add-label "automerge"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Auto-approve and add automerge label for minor updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
+          steps.metadata.outputs.update-type != null
+        run: |
+          gh pr review --approve "$PR_URL"
+          gh pr edit "$PR_URL" --add-label "automerge"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Auto-approve and add automerge label for indirect dependencies
+        if: steps.metadata.outputs.dependency-type == 'indirect'
+        run: |
+          gh pr review --approve "$PR_URL"
+          gh pr edit "$PR_URL" --add-label "automerge"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Comment on major updates (require manual review)
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "⚠️ **Major version update detected** - This requires manual review before approval."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Comment on unknown updates (require manual review)
+        if: steps.metadata.outputs.update-type == null || steps.metadata.outputs.update-type == ''
+        run: |
+          gh pr comment "$PR_URL" --body "❓ **Unknown update type** - This requires manual review before approval."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}

.github/workflows/build.yml

@@ -0,0 +1,66 @@
+# Auto-label Dependabot PRs based on dependency type and update type
+# Based on GitHub's official documentation for Dependabot automation
+
+name: Dependabot auto-label
+on: 
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  dependabot:
+    runs-on: arc-runner-set
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      
+      - name: Add production dependency label
+        if: steps.metadata.outputs.dependency-type == 'direct:production'
+        run: gh pr edit "$PR_URL" --add-label "production"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add development dependency label
+        if: steps.metadata.outputs.dependency-type == 'direct:development'
+        run: gh pr edit "$PR_URL" --add-label "dev-dependency"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add indirect dependency label
+        if: steps.metadata.outputs.dependency-type == 'indirect'
+        run: gh pr edit "$PR_URL" --add-label "indirect-dependency"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add patch update label
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr edit "$PR_URL" --add-label "patch"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add minor update label
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr edit "$PR_URL" --add-label "minor"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add major update label
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: gh pr edit "$PR_URL" --add-label "major"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Add unknown update label
+        if: steps.metadata.outputs.update-type == null || steps.metadata.outputs.update-type == ''
+        run: gh pr edit "$PR_URL" --add-label "unknown-update"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}} 

.github/workflows/dependabot-auto-approve.yml

@@ -0,0 +1,64 @@
+# Auto-merge Dependabot PRs
+# Based on GitHub's official documentation for Dependabot automation
+
+name: Dependabot auto-merge
+on: 
+  pull_request:
+    types: [opened, reopened, synchronize, labeled]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: arc-runner-set
+    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'mr-robot-in'
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      
+      - name: Enable auto-merge for patch updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' &&
+          contains(github.event.pull_request.labels.*.name, 'automerge') &&
+          steps.metadata.outputs.update-type != null
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Enable auto-merge for minor updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
+          contains(github.event.pull_request.labels.*.name, 'automerge') &&
+          steps.metadata.outputs.update-type != null
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Enable auto-merge for indirect dependencies
+        if: |
+          steps.metadata.outputs.dependency-type == 'indirect' &&
+          contains(github.event.pull_request.labels.*.name, 'automerge')
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Comment on major updates (no auto-merge)
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "🚨 **Major version update** - Auto-merge disabled for major updates. Please review manually."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+      
+      - name: Comment on unknown updates (no auto-merge)
+        if: steps.metadata.outputs.update-type == null || steps.metadata.outputs.update-type == ''
+        run: |
+          gh pr comment "$PR_URL" --body "❓ **Unknown update type** - Auto-merge disabled. Please review manually."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}