Merge pull request #78 from ianlewis/repo-template

ianlewis · web-flow · commit 1f6aee852c87 · 2025-11-08T11:51:58.000+09:00
Sync w/ upstream ianlewis/repo-template
diff --git a/.aqua-checksums.json b/.aqua-checksums.json
@@ -225,6 +225,36 @@
       "checksum": "76E9514CFAC18E5677AA04F3A89873C981F16A2F2353BB97372A86CD09B1F5A8",
       "algorithm": "sha256"
     },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_darwin_amd64.tar.gz",
+      "checksum": "16B85CAF792B34BCC40F7437736C4347680DA0A1B034353A85012DEBBD71A461",
+      "algorithm": "sha256"
+    },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_darwin_arm64.tar.gz",
+      "checksum": "FFB1F6C429A51DC9F37AF9D11F96C16BD52F54B713BF7F8BD92F7FCE9FD4284A",
+      "algorithm": "sha256"
+    },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_linux_amd64.tar.gz",
+      "checksum": "BE92C2652AB7B6D08425428797CEABEB16E31A781C07BC388456B4E592F3E36A",
+      "algorithm": "sha256"
+    },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_linux_arm64.tar.gz",
+      "checksum": "4C65DBB2D59B409CDD75D47FFA8FA32AF8F0EEE573AC510468DC2275C48BF07C",
+      "algorithm": "sha256"
+    },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_windows_amd64.zip",
+      "checksum": "8CAE2385EB69B93084EA2E6A4BCE57233FEB56AB16B3087BEA25CBC0ABADB0CC",
+      "algorithm": "sha256"
+    },
+    {
+      "id": "github_release/github.com/rhysd/actionlint/v1.7.8/actionlint_1.7.8_windows_arm64.zip",
+      "checksum": "76CBB407E2DE15DF97969AAE51D6FB46AAAE9E73A48DA06B1C3157CB9F2EE766",
+      "algorithm": "sha256"
+    },
     {
       "id": "registries/github_content/github.com/aquaproj/aqua-registry/registry.yaml",
       "checksum": "D836ECD0F1FA3B9F2D850BAE72922CA7DDF8F82B98A78C572762ABB70F8020EC87DF4B4D1F3C1F6A3F519FE134676145B5635104C3B8D8B6545163981E99F1FC",
@@ -275,6 +305,11 @@
       "checksum": "015FCF0BC87EB881A1895AA9CD75CFC9F0BF7D23363E4B39041E5728D0F3DF80",
       "algorithm": "sha256"
     },
+    {
+      "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.432.0/registry.yaml",
+      "checksum": "96CBA2F96234E92A8BEA7A9F4E8D111F725D0AA0C7EDE342CDFAB9119C4176593BB2AB922B3D3FF3A539386BE19D2FA704323C13A11E098BB2B82C270AF60874",
+      "algorithm": "sha512"
+    },
     {
       "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.426.0/registry.yaml",
       "checksum": "28C3C7A64105B96AABB2B25A08FAC6E0C992355059B450879A59B6613A863545",
diff --git a/.aqua.yaml b/.aqua.yaml
@@ -23,9 +23,9 @@ checksum:
     - all
 registries:
   - type: standard
-    ref: v4.426.0 # renovate: depName=aquaproj/aqua-registry
+    ref: v4.432.0 # renovate: depName=aquaproj/aqua-registry
 packages:
-  - name: rhysd/actionlint@v1.7.7
+  - name: rhysd/actionlint@v1.7.8
   - name: koalaman/shellcheck@v0.11.0
   - name: jqlang/jq@jq-1.8.1
   - name: ianlewis/todos@v0.13.0
diff --git a/.github/workflows/pull_request.tests.yml b/.github/workflows/pull_request.tests.yml
@@ -26,6 +26,10 @@ on:
 permissions:
   contents: read # Needed to check out the repo.
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 # NOTE: We use simple job names because these are used in branch rulesets and
 #       are matched by name. This makes the job names an identifier rather than
 #       just a human-readable label.
diff --git a/.github/workflows/schedule.issue-reopener.yml b/.github/workflows/schedule.issue-reopener.yml
@@ -28,6 +28,10 @@ on:
 
 permissions: {}
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   issue-reopener:
     name: Reopen TODO issues
diff --git a/.github/workflows/schedule.scorecard.yml b/.github/workflows/schedule.scorecard.yml
@@ -25,6 +25,10 @@ on:
 # Declare default permissions as read only.
 permissions: {}
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   analysis:
     name: Scorecards analysis
@@ -64,15 +68,15 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         # NOTE: Uploading SARIF requires GitHub Enterprise and GitHub Advanced Security license for private repositories.
         # TODO: Remove the next line for private repositories with GitHub Advanced Security.
         if: github.event.repository.private == false
diff --git a/.github/workflows/schedule.stale.yml b/.github/workflows/schedule.stale.yml
@@ -19,6 +19,10 @@ on:
 
 permissions: {}
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   stale:
     name: Close stale issues and PRs
diff --git a/.github/workflows/workflow_call.actionlint.yml b/.github/workflows/workflow_call.actionlint.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: actionlint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   actionlint:
     name: actionlint
diff --git a/.github/workflows/workflow_call.checkmake.yml b/.github/workflows/workflow_call.checkmake.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: checkmake-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   checkmake:
     name: checkmake
diff --git a/.github/workflows/workflow_call.commitlint.yml b/.github/workflows/workflow_call.commitlint.yml
@@ -29,6 +29,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: commitlint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   commitlint:
     name: commitlint
@@ -39,7 +43,7 @@ jobs:
           persist-credentials: false
           fetch-depth: 0 # Fetch all history for all branches and tags
 
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version-file: ".node-version"
 
diff --git a/.github/workflows/workflow_call.eslint.yml b/.github/workflows/workflow_call.eslint.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: eslint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   eslint:
     name: eslint
diff --git a/.github/workflows/workflow_call.fixme.yml b/.github/workflows/workflow_call.fixme.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: fixme-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   fixme:
     name: fixme
diff --git a/.github/workflows/workflow_call.format-check.yml b/.github/workflows/workflow_call.format-check.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: format-check-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   formatting:
     name: format-check
@@ -30,7 +34,7 @@ jobs:
           submodules: true
           persist-credentials: false
 
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version-file: ".node-version"
 
diff --git a/.github/workflows/workflow_call.markdownlint.yml b/.github/workflows/workflow_call.markdownlint.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: markdownlint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   markdownlint:
     name: markdownlint
@@ -29,7 +33,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version-file: ".node-version"
 
diff --git a/.github/workflows/workflow_call.renovate-config-validator.yml b/.github/workflows/workflow_call.renovate-config-validator.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: renovate-config-validator-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   renovate-config-validator:
     name: renovate-config-validator
@@ -29,7 +33,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version-file: ".node-version"
 
diff --git a/.github/workflows/workflow_call.textlint.yml b/.github/workflows/workflow_call.textlint.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: textlint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   textlint:
     name: textlint
@@ -29,7 +33,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version-file: ".node-version"
 
diff --git a/.github/workflows/workflow_call.unit-test.yml b/.github/workflows/workflow_call.unit-test.yml
@@ -23,6 +23,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: unit-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   tests:
     name: unit test
diff --git a/.github/workflows/workflow_call.yamllint.yml b/.github/workflows/workflow_call.yamllint.yml
@@ -20,6 +20,10 @@ on:
 permissions:
   contents: read
 
+concurrency:
+  group: yamllint-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   yamllint:
     name: yamllint
diff --git a/.github/workflows/workflow_call.zizmor.yml b/.github/workflows/workflow_call.zizmor.yml
@@ -19,6 +19,10 @@ on:
 
 permissions: {}
 
+concurrency:
+  group: zizmor-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   zizmor:
     name: zizmor
@@ -42,7 +46,7 @@ jobs:
         run: make zizmor
 
       - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -52,7 +56,7 @@ jobs:
         # NOTE: Uploading SARIF requires GitHub Enterprise and GitHub Advanced Security license for private repositories.
         # TODO: Remove the next line for private repositories with GitHub Advanced Security.
         if: github.event.repository.private == false
-        uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           sarif_file: zizmor.sarif.json
           category: zizmor
diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-22.20.0
+22.21.1
diff --git a/.textlintrc.yaml b/.textlintrc.yaml
@@ -25,6 +25,8 @@ rules:
       - "/\\bCodecov\\b/" # Code coverage service
       - "/\\bESM\\b/" # ECMAScript Modules
 
+      - "/\\bAMD64\\b/g"
+      - "/\\bARM64\\b/g"
       - "/\\b(CHANGELOG|Changelog)\\b/g"
       - "/\\bCODEOWNER\\b/g"
       - "/\\bCLA\\b/g"
@@ -36,13 +38,15 @@ rules:
       - "/\\bYAML\\b/g"
       - "/\\bCodeQL\\b/g"
       - "/\\bDependabot\\b/g"
+      - "/\\bHomebrew\\b/g"
       - "/\\bJavaScript\\b/g"
-      - "/\\bMacOS\\b/g"
       - "/\\bMakefile\\b/g"
       - "/\\bNode.js\\b/g"
       - "/\\bOpenSSF\\b/g"
       - "/\\bTODOs?\\b/g"
       - "/\\be2e\\b/g"
+      - "/\\bmacOS\\b/g"
+      - "/\\bx86-64\\b/g"
       - "/\\b[Ff]ormatters?\\b/g"
       - "/\\b[Ll]inters?\\b/g"
       - "/\\b[Pp]ositivity\\b/g"
diff --git a/Makefile b/Makefile
diff --git a/README.md b/README.md
diff --git a/commitlint.config.mjs b/commitlint.config.mjs
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/requirements-dev.txt b/requirements-dev.txt

-Original file line number
+Diff line change
     - all
 registries:
   - type: standard
 -    ref: v4.426.0 # renovate: depName=aquaproj/aqua-registry
 +    ref: v4.432.0 # renovate: depName=aquaproj/aqua-registry
 packages:
 -  - name: rhysd/[email protected].7
 +  - name: rhysd/[email protected].8
   - name: koalaman/[email protected]
   - name: jqlang/[email protected]
   - name: ianlewis/[email protected]