chore: add/update default repository files (#31)

- Add standardized GitHub workflows
- Update linting and security configurations
- Add documentation templates
- Update development tools configuration

Generated by multi-gitter

Author: ruzickap

.github/workflows/codeql-actions.yml renamed to .github/workflows/codeql.yml

@@ -2,7 +2,7 @@
 # GitHub Actions workflow for CodeQL security analysis
 # Performs static analysis to identify security vulnerabilities in GitHub Actions
 # https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql
-name: CodeQL GitHub Actions
+name: codeql
 
 on:
   workflow_dispatch:
@@ -14,27 +14,25 @@ on:
   schedule:
     - cron: 17 10 * * 2
 
-permissions: read-all
+permissions:
+  security-events: write
+  packages: read
 
 jobs:
-  analyze-actions:
-    name: Analyze GitHub Actions
+  codeql:
     runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-      packages: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           languages: actions
           build-mode: none
           queries: security-extended
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           category: "/language:actions"

.github/workflows/mega-linter.yml

@@ -35,9 +35,7 @@ jobs:
           chmod a+x README.sh
 
       - name: 💡 MegaLinter
-        uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        uses: oxsecurity/megalinter@0dcbedd66ea456ba2d54fd350affaa15df8a0da3 # v9.0.1
         env:
           GITHUB_COMMENT_REPORTER: false
-          # Disabled due to error: [GitHub Status Reporter] Error posting Status for REPOSITORY with ...: 403
-          GITHUB_STATUS_REPORTER: false
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-please.yml

@@ -10,24 +10,16 @@ on:
     branches:
       - main
 
-permissions: read-all
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
-      - name: Generate GitHub App token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
-        id: app-token
-        with:
-          app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }}
-          private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
-
       - name: Create release with Release Please
         uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0
         with:
           release-type: simple
-          token: ${{ steps.app-token.outputs.token }}

.github/workflows/renovate.yml

@@ -62,6 +62,6 @@ jobs:
           private-key: ${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}
 
       - name: 💡 Self-hosted Renovate
-        uses: renovatebot/github-action@13f127373fd3dc43b41b0979e37ba570d6c2b8f4 # v43.0.0
+        uses: renovatebot/github-action@2d941ef4e268e53affdc1f11365c69a73e544f50 # v43.0.14
         with:
           token: ${{ steps.app-token.outputs.token }}

.github/workflows/scorecards.yml

@@ -14,7 +14,7 @@ on:
 permissions: read-all
 
 jobs:
-  security-scorecard:
+  scorecards:
     runs-on: ubuntu-latest
     permissions:
       # Required for uploading SARIF results to GitHub Security tab
@@ -30,15 +30,15 @@ jobs:
           persist-credentials: false
 
       - name: Run OSSF Scorecard Analysis
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
           # Publish results to OpenSSF Scorecard API (optional)
           publish_results: true
 
       - name: Upload SARIF results to GitHub Security
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           sarif_file: results.sarif
           # Set category to distinguish from other security scans

lychee.toml

@@ -6,14 +6,6 @@
 # Enable link caching to avoid checking the same links on multiple runs
 cache = true
 
-# Discard cached requests older than this duration
-max_cache_age = "1d"
-
-#############################  Runtime  #############################
-
-# Maximum number of concurrent link checks
-max_concurrency = 128
-
 #############################  Requests  ############################
 
 # Accept these status codes as valid (200 = OK, 429 = rate limited)