Merge branch 'main' into scam-detection-ai

Author: GYFX35

.devcontainer/devcontainer.json

@@ -0,0 +1,19 @@
+{
+  "name": "Jekyll website",
+  "image": "mcr.microsoft.com/devcontainers/jekyll:latest",
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "22"
+    },
+    "ghcr.io/devcontainers/features/ruby:1": {
+      "version": "3.3.5"
+    }
+  },
+  "forwardPorts": [
+    // Jekyll server
+    4000,
+    // Live reload server
+    35729
+  ],
+  "postCreateCommand": "bundle exec jekyll serve --incremental"
+}

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,7 +2,7 @@
 ### Please confirm this pull request meets the following requirements:
 
 - [ ] I followed the contributing guidelines: <https://github.com/github/explore/blob/main/CONTRIBUTING.md>.
-- [ ] I am not the sole author or employee of a company who created either the topic I am modifying/adding or the collection entry I am modifying/adding.
+- [ ] This change is not self-promotion.
 
 ### Which change are you proposing?
 

.github/dependabot.yml

@@ -1,12 +1,39 @@
+---
 version: 2
 updates:
-  - package-ecosystem: github-actions
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: daily
-      time: "10:00"
-      timezone: Europe/Vienna
-    pull-request-branch-name:
-      separator: "-"
+      interval: "weekly"
+      timezone: "America/Los_Angeles"
+    labels:
+      - "dependabot"
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "chore(deps)"
     open-pull-requests-limit: 99
-    rebase-strategy: disabled
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
+  - package-ecosystem: "bundler"
+    directory: /
+    schedule:
+      interval: "weekly"
+      timezone: "America/Los_Angeles"
+    labels:
+      - "dependabot"
+      - "dependencies"
+      - "bundler"
+    commit-message:
+      prefix: "chore(deps)"
+    open-pull-requests-limit: 99
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/collections-renames.yml

@@ -3,30 +3,36 @@ name: Check and update renamed/removed collection items
 on:
   workflow_dispatch:
   schedule:
-    - cron:  "0 * * * *" # every hour
+    - cron: "0 * * * *" # every hour
+
+permissions:
+  contents: read
 
 jobs:
   update:
+    permissions:
+      pull-requests: write
+      contents: write
     runs-on: ubuntu-latest
     if: github.repository_owner == 'github'
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.2.2
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           bundler-cache: true
 
-      - name: Test collection with autofix and commit changes
-        uses: technote-space/create-pr-action@v2
+      - name: Test collections and modify with changes
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           AUTOCORRECT_RENAMED_REPOS: 1
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bundle exec rake collections
+
+      - name: Commit changes and open PR
+        uses: peter-evans/create-pull-request@v7
         with:
-          EXECUTE_COMMANDS: |
-            bundle exec rake collections
-          COMMIT_MESSAGE: '✨ Autofixing renamed/removed collection items ✨'
-          COMMIT_NAME: 'GitHub Actions'
-          COMMIT_EMAIL: '[email protected]'
-          PR_BRANCH_NAME: 'update-collections-${PR_ID}'
-          PR_TITLE: '✨ Autofixing renamed/removed collection items ✨'
+          commit-message: "✨ Autofixing renamed/removed collection items ✨"
+          committer: "github-actions[bot] <[email protected]>"
+          branch: "update-collections-${PR_ID}"
+          title: "✨ Autofixing renamed/removed collection items ✨"

.github/workflows/conflict.yml

@@ -4,19 +4,22 @@ on:
   pull_request:
   merge_group:
 
+permissions:
+  contents: read
+
 jobs:
   check:
     runs-on: ubuntu-latest
     steps:
       - run: |
           echo "In order to review this pull request for acceptance, we need to make sure that all of the prerequisites are satisfied."
           echo "This was not checked:"
-          echo "> I am not the sole author or employee of a company who created either the topic I am modifying/adding or the collection entry I am modifying/adding."
-          echo "This is a requirement to maintain a high level of independence in this project. Please update if you are able to verify that you meet that requirement."
+          echo "> This change is not self-promotion.
+          echo "This is a requirement to maintain a high level of independence in this project. Please update to confirm there is no conflict of interest."
           echo "Thank you!"
           exit 1
-        if: contains(github.event.pull_request.body, '- [ ] I am not the sole author or employee of a company who created either the topic I am modifying/adding or the collection entry I am modifying/adding.')
+        if: contains(github.event.pull_request.body, '- [ ] This change is not self-promotion.')
         name: Fail
       - run: exit 0
-        if: contains(github.event.pull_request.body, '- [x] I am not the sole author or employee of a company who created either the topic I am modifying/adding or the collection entry I am modifying/adding.')
+        if: contains(github.event.pull_request.body, '- [x] This change is not self-promotion.')
         name: Succeed

.github/workflows/jekyll_build.yml

@@ -8,38 +8,42 @@ on:
 
 permissions:
   contents: read
-  pages: write
-  id-token: write
-  
+
 concurrency:
   group: "pages"
   cancel-in-progress: true
 
 jobs:
   build:
+    permissions:
+      pages: write
+      id-token: write
     runs-on: ubuntu-latest
     steps:
-    - name: 📂 checkout
-      uses: actions/checkout@v4
+      - name: 📂 checkout
+        uses: actions/[email protected]
+
+      - name: 💎 setup ruby
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
+        with:
+          bundler-cache: true
+          cache-version: 0
 
-    - name: 💎 setup ruby
-      uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
-      with:
-        bundler-cache: true
-        cache-version: 0
+      - name: 📄 setup pages
+        id: pages
+        uses: actions/[email protected]
 
-    - name: 📄 setup pages
-      id: pages
-      uses: actions/configure-pages@v5
+      - name: 🔨 install dependencies & build site
+        uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1.0.13
 
-    - name: 🔨 install dependencies & build site
-      uses: actions/[email protected]
-      
-    - name: ⚡️ upload artifact
-      uses: actions/upload-pages-artifact@v3
+      - name: ⚡️ upload artifact
+        uses: actions/[email protected]
 
   deploy:
     needs: build
+    permissions:
+      pages: write
+      id-token: write
 
     environment:
       name: github-pages

.github/workflows/lint.yml

@@ -1,32 +1,29 @@
 name: Lint
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
+  pull_request_target:
   workflow_dispatch:
   merge_group:
 
+permissions:
+  contents: write
+  checks: write
+
 jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.2.2
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           bundler-cache: true
 
       - name: Run linters
-        if: ${{ github.event_name != 'merge_group' }}
-        uses: wearerequired/lint-action@v2
+        uses: wearerequired/lint-action@548d8a7c4b04d3553d32ed5b6e91eb171e10e7bb # v2
+        if: ${{ github.event_name == 'pull_request_target' }}
         with:
-          auto_fix: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.repository_owner }}
+          auto_fix: true
           rubocop: true
           rubocop_command_prefix: bundle exec
-
-      - name: Skip with successful status
-        if: ${{ github.event_name == 'merge_group' }}
-        run: exit 0

.github/workflows/stale.yml

@@ -2,27 +2,27 @@ name: Mark stale PRs
 on:
   workflow_dispatch:
   schedule:
-  - cron: "0 12 * * *"
+    - cron: "0 12 * * *"
 
 permissions:
   contents: read
 
 jobs:
   stale:
     permissions:
-      issues: write  # for actions/stale to close stale issues
-      pull-requests: write  # for actions/stale to close stale PRs
+      issues: write # for actions/stale to close stale issues
+      pull-requests: write # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v9
-      with:
-        stale-pr-message: >
-          This pull request has been automatically marked as stale because it has not
-          had recent activity. It will be closed if no further activity occurs.
-          Thank you for your contributions.
-        stale-pr-label: "stale"
-        exempt-pr-labels: "pinned,security,dependencies"
-        days-before-pr-stale: 30
-        days-before-pr-close: 7
-        ascending: true
-        operations-per-run: 100
+      - uses: actions/stale@v9.1.0
+        with:
+          stale-pr-message: >
+            This pull request has been automatically marked as stale because it has not
+            had recent activity. It will be closed if no further activity occurs.
+            Thank you for your contributions.
+          stale-pr-label: "stale"
+          exempt-pr-labels: "pinned,security,dependencies"
+          days-before-pr-stale: 30
+          days-before-pr-close: 7
+          ascending: true
+          operations-per-run: 100

.github/workflows/test.yml

@@ -8,6 +8,9 @@ on:
   workflow_dispatch:
   merge_group:
 
+permissions:
+  contents: read
+
 jobs:
   test:
     strategy:
@@ -19,7 +22,7 @@ jobs:
           - all
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
@@ -40,7 +43,7 @@ jobs:
 
       - name: Setup Ruby
         if: ${{ steps.topics.outputs.changed || steps.collections.outputs.changed || steps.all.outputs.changed }}
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           bundler-cache: true