build: update to latest ci template

.github/FUNDING.yml

@@ -0,0 +1,5 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+github: [ahmadnassri]

.github/dependabot.yml

@@ -1,5 +1,45 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
 version: 2
 updates:
+  - package-ecosystem: gitsubmodule
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: github-actions
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: chore
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: npm
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
   - package-ecosystem: npm
     open-pull-requests-limit: 10
     directory: /action
@@ -9,3 +49,41 @@ updates:
       include: scope
     schedule:
       interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: bundler
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: terraform
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: docker
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto

.github/linters/.checkov.yml

@@ -0,0 +1,12 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+quiet: true
+skip-check:
+  - CKV_DOCKER_2
+  - CKV_GHA_3
+  - BC_DKR_3
+  - CKV_GIT_1
+  - CKV_GIT_5
+  - CKV_GIT_6

.github/linters/.commit-lint.yml

@@ -1,3 +1,7 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
 extends:
   - "@commitlint/config-conventional"
 rules:

.github/linters/.markdown-lint.yml

@@ -1,3 +1,7 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
 # Heading levels should only increment by one level at a time
 MD001: false
 
@@ -36,7 +40,7 @@ MD012:
 
 # Line length
 MD013:
-  line_length: 180
+  line_length: 360
   strict: true
   stern: true
 
@@ -127,7 +131,7 @@ MD039: true
 MD040: true
 
 # First line in file should be a top level heading
-MD041: true
+MD041: false
 
 # No empty links
 MD042: true

.github/linters/.mega-linter.yml

@@ -0,0 +1,42 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+ENABLE:
+  - ACTION
+  - BASH
+  - MAKEFILE
+  - REPOSITORY
+  - TERRAFORM
+  - HTML
+  - ENV
+  - JAVASCRIPT
+  - JSX
+  - EDITORCONFIG
+  - JSON
+  - DOCKERFILE
+  - MARKDOWN
+  - YAML
+  - CSS
+  - OPENAPI
+  - SQL
+
+DISABLE_LINTERS:
+  - JSON_PRETTIER
+  - JAVASCRIPT_PRETTIER
+  - YAML_PRETTIER
+  - REPOSITORY_TRIVY
+  - REPOSITORY_DEVSKIM
+  - TERRAFORM_CHECKOV
+
+CONFIG_REPORTER: false
+FAIL_IF_MISSING_LINTER_IN_FLAVOR: true
+FLAVOR_SUGGESTIONS: false
+LOG_LEVEL: INFO
+MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdown-lint.yml
+PRINT_ALPACA: false
+SHOW_ELAPSED_TIME: true
+VALIDATE_ALL_CODEBASE: false
+IGNORE_GENERATED_FILES: true
+FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*)
+REPOSITORY_CHECKOV_ARGUMENTS: [--skip-path, schemas]

.github/linters/.yamllint.yml

@@ -0,0 +1,17 @@
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
+
+extends: default
+
+rules:
+  brackets:
+    max-spaces-inside: 1
+  document-start:
+    present: false
+  truthy:
+    check-keys: false
+  line-length:
+    max: 500
+  comments:
+    min-spaces-from-content: 1

.github/workflows/pull_request_target.yml

@@ -1,6 +1,6 @@
-# ------------------------------------------------------------- #
-# Note: this file is automatically managed in template-template #
-# ------------------------------------------------------------- #
+# ----------------------------------------------- #
+# Note: this file originates in template-template #
+# ----------------------------------------------- #
 
 on: pull_request_target
 
@@ -10,17 +10,20 @@ permissions:
   pull-requests: write
   contents: write
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+
 jobs:
   metadata:
     runs-on: ubuntu-latest
 
     outputs:
-      repository: ${{ steps.metadata.outputs.repository }}
+      repository_is_template: ${{ steps.metadata.outputs.repository_is_template }}
 
     steps:
-      - uses: actions/checkout@v2.3.5
+      - uses: actions/checkout@v3.0.2
 
-      - uses: ahmadnassri/action-metadata@v1
+      - uses: ahmadnassri/action-metadata@v2.1.2
         id: metadata
 
   auto-merge:
@@ -31,22 +34,18 @@ jobs:
     # only run for dependabot PRs
     if: ${{ github.actor == 'dependabot[bot]' }}
 
-    env:
-      PR_URL: ${{github.event.pull_request.html_url}}
-      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
     steps:
       - id: dependabot
-        uses: dependabot/fetch-metadata@v1.1.1
+        uses: dependabot/fetch-metadata@v1.3.5
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
 
       - name: auto merge conditions
         id: auto-merge
         if: |
           (
             steps.dependabot.outputs.update-type == 'version-update:semver-patch' &&
-            contains('direct:production,indirect:production', steps.dependabot.outputs.dependency-type)
+            contains('direct:development,indirect:development,direct:production,indirect:production', steps.dependabot.outputs.dependency-type)
           ) || (
             steps.dependabot.outputs.update-type == 'version-update:semver-minor' &&
             contains('direct:development,indirect:development', steps.dependabot.outputs.dependency-type)
@@ -55,6 +54,9 @@ jobs:
 
       - name: auto approve pr
         if: ${{ steps.auto-merge.conclusion == 'success' }}
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
         run: |
           gh pr review --approve "$PR_URL"
           gh pr merge --auto --rebase "$PR_URL"
@@ -67,13 +69,13 @@ jobs:
     runs-on: ubuntu-latest
 
     # only run for templates
-    if: ${{ fromJSON(needs.metadata.outputs.repository).is_template }}
+    if: ${{ needs.metadata.outputs.repository_is_template == 'true' }}
 
     steps:
-      - uses: actions/checkout@v2.3.5
+      - uses: actions/checkout@v3.0.2
         with:
           ref: ${{ github.event.pull_request.head.ref }}
-      - uses: ahmadnassri/[email protected]
-      - uses: ahmadnassri/action-template-repository-sync@v1.6.0
+
+      - uses: ahmadnassri/action-template-repository-sync@v2
         with:
           github-token: ${{ secrets.GH_TOKEN }}