ci: update workflows

.github/dependabot.yml

@@ -0,0 +1,41 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-node-lib #
+# ----------------------------------------------- #
+
+version: 2
+updates:
+  - package-ecosystem: npm
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: gitsubmodule
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: docker
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto

.github/linters/.checkov.yml

@@ -0,0 +1,13 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+quiet: true
+skip-check:
+  - CKV_DOCKER_2
+  - CKV_DOCKER_8
+  - CKV_GHA_3
+  - BC_DKR_3
+  - CKV_GIT_1
+  - CKV_GIT_5
+  - CKV_GIT_6

.github/linters/.commit-lint.yml

@@ -0,0 +1,9 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+extends:
+  - "@commitlint/config-conventional"
+
+rules:
+  body-max-line-length: [2, "always", 200]

.github/linters/.grype.yaml

@@ -0,0 +1,3 @@
+check-for-app-update: false
+exclude:
+  - '**/package-lock.json'

.github/linters/.lychee.toml

@@ -0,0 +1 @@
+exclude_path = [".github"]

.github/linters/.markdown-lint.yml

@@ -0,0 +1,156 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+# Heading levels should only increment by one level at a time
+MD001: false
+
+# Heading style
+MD003:
+  style: atx
+
+# Unordered list style
+MD004:
+  style: dash
+
+# Inconsistent indentation for list items at the same level
+MD005: true
+
+# Unordered list indentation
+MD007:
+  indent: 2
+  start_indented: false
+
+# Trailing spaces
+MD009:
+  br_spaces: 2
+  list_item_empty_lines: false
+  strict: false
+
+# Hard tabs
+MD010:
+  code_blocks: false
+
+# Reversed link syntax
+MD011: true
+
+# Multiple consecutive blank lines
+MD012:
+  maximum: 1
+
+# Line length
+MD013:
+  line_length: 360
+  strict: true
+  stern: true
+
+# Dollar signs used before commands without showing output
+MD014: false
+
+# No space after hash on atx style heading
+MD018: true
+
+# Multiple spaces after hash on atx style heading
+MD019: true
+
+# No space inside hashes on closed atx style heading
+MD020: true
+
+# Multiple spaces inside hashes on closed atx style heading
+MD021: true
+
+# Headings should be surrounded by blank lines
+MD022:
+  lines_above: 1
+  lines_below: 1
+
+# Headings must start at the beginning of the line
+MD023: true
+
+# Multiple headings with the same content
+MD024:
+  allow_different_nesting: true
+
+# Multiple top level headings in the same document
+MD025: true
+
+# Trailing punctuation in heading
+MD026:
+  punctuation: ".,;:!?。，；：！？"
+
+# Multiple spaces after blockquote symbol
+MD027: true
+
+# Blank line inside blockquote
+MD028: true
+
+# Ordered list item prefix
+MD029:
+  style: one_or_ordered
+
+# Spaces after list markers
+MD030:
+  ul_single: 1
+  ol_single: 1
+  ul_multi: 1
+  ol_multi: 1
+
+# Fenced code blocks should be surrounded by blank lines
+MD031:
+  list_items: true
+
+# Lists should be surrounded by blank lines
+MD032: true
+
+# inline HTML
+MD033:
+  allowed_elements: [details, summary]
+
+# Bare URL used
+MD034: true
+
+# Horizontal rule style
+MD035:
+  style: "----"
+
+# Emphasis used instead of a heading
+MD036:
+  punctuation: ".,;:!?。，；：！？"
+
+# Spaces inside emphasis markers
+MD037: true
+
+# Spaces inside code span elements
+MD038: true
+
+# Spaces inside link text
+MD039: true
+
+# Fenced code blocks should have a language specified
+MD040: true
+
+# First line in file should be a top level heading
+MD041: false
+
+# No empty links
+MD042: true
+
+# Required heading structure
+MD043: false
+
+# Proper names should have the correct capitalization
+MD044: false
+
+# Images should have alternate text (alt text)
+MD045: false
+
+# Code block style
+MD046:
+  style: fenced
+
+# Files should end with a single newline character
+MD047: true
+
+# Code fence style
+MD048:
+  style: backtick

.github/linters/.mega-linter.yml

@@ -0,0 +1,27 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+DISABLE:
+  - COPYPASTE
+
+DISABLE_LINTERS:
+  - REPOSITORY_TRIVY
+  - SPELL_CSPELL
+  - JSON_PRETTIER
+  - YAML_PRETTIER
+  - JAVASCRIPT_PRETTIER
+  - HTML_DJLINT
+  - REPOSITORY_DEVSKIM # temporarily disabled
+
+LOG_LEVEL: INFO
+PRINT_ALPACA: false
+CONFIG_REPORTER: false
+SHOW_ELAPSED_TIME: true
+FLAVOR_SUGGESTIONS: false
+VALIDATE_ALL_CODEBASE: false
+IGNORE_GENERATED_FILES: true
+FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*|coverage/*|.nyc_output/*)
+
+MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdown-lint.yml
+REPOSITORY_CHECKOV_ARGUMENTS: [--skip-path, schemas]

.github/linters/.yamllint.yml

@@ -0,0 +1,17 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+extends: default
+
+rules:
+  brackets:
+    max-spaces-inside: 1
+  document-start:
+    present: false
+  truthy:
+    check-keys: false
+  line-length:
+    max: 500
+  comments:
+    min-spaces-from-content: 1

.github/workflows/pull_request_target.yml

@@ -0,0 +1,14 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+name: pull_request_target
+
+on: pull_request_target
+
+permissions: read-all
+
+jobs:
+  main:
+    uses: ahmadnassri/actions/.github/workflows/pull-request-target.yml@master
+    secrets: inherit

.github/workflows/push.yml

@@ -0,0 +1,21 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-node-lib #
+# ----------------------------------------------- #
+
+name: push
+
+on:
+  - push
+  - workflow_dispatch
+
+permissions: read-all
+
+jobs:
+  main:
+    uses: ahmadnassri/actions/.github/workflows/push-javascript.yml@master
+    secrets: inherit
+    permissions:
+      contents: write
+      statuses: write
+      packages: write
+      pull-requests: write