chore: add/update default repository files (#33)

- Add standardized GitHub workflows
- Update linting and security configurations
- Add documentation templates
- Update development tools configuration

Generated by multi-gitter

Author: ruzickap

.github/workflows/codeql.yml

@@ -26,13 +26,14 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+        # Does not support arm64
+        uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
         with:
           languages: actions
           build-mode: none
           queries: security-extended
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+        uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
         with:
           category: "/language:actions"

.github/workflows/release-please.yml

@@ -17,7 +17,7 @@ permissions:
 
 jobs:
   release-please:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
     steps:
       - name: Create release with Release Please
         uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0

.github/workflows/renovate.yml

@@ -50,7 +50,7 @@ permissions: read-all
 
 jobs:
   renovate:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
     permissions: write-all

.github/workflows/scorecards.yml

@@ -15,6 +15,7 @@ permissions: read-all
 
 jobs:
   scorecards:
+    # ossf/scorecard-action doesn't support arm64
     runs-on: ubuntu-latest
     permissions:
       # Required for uploading SARIF results to GitHub Security tab
@@ -38,7 +39,7 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF results to GitHub Security
-        uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
         with:
           sarif_file: results.sarif
           # Set category to distinguish from other security scans

.github/workflows/semantic-pull-request.yml

@@ -17,16 +17,9 @@ permissions:
 
 jobs:
   semantic-pull-request:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
     steps:
-      - name: Generate GitHub App token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
-        id: app-token
-        with:
-          app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}
-          private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
-
       - name: Validate semantic pull request title
         uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   stale:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with: