Add workflows

Author: thomasleplus

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,74 @@
+---
+name: Bug report
+description: Create a bug report.
+title: "[Bug] "
+labels:
+  - bug
+assignees:
+  - thomasleplus
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Search to see if an issue already exists for the bug you encountered.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A concise description of what you're experiencing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: version
+      description: |
+        Version where you observed this issue
+      placeholder: |
+        vX.Y.Z
+      render: markdown
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: |
+        Copy and paste any relevant log output.
+        This will be automatically formatted into code, so no need for backticks.
+        Enable debug logging, either on GitHub Actions, or when running locally.
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: |
+        Steps to reproduce the issue.
+      placeholder: |
+        1. In this environment...
+        1. With this config...
+        1. Run '...'
+        1. See error...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References? Anything that will give us more context about the issue you are encountering!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,31 @@
+---
+name: Feature request
+description: Suggest a new feature for this project.
+title: "[Feature] "
+labels:
+  - enhancement
+assignees:
+  - thomasleplus
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request!
+  - type: textarea
+    attributes:
+      label: Feature description
+      description: |
+        A clear and concise description of what the desired feature is and why it would be useful.
+      render: markdown
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        If you think that there are some implementation details to be taken into consideration, or anything that is not obvious from the previous description, please specify it here.
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+      render: markdown
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/question.yml

@@ -0,0 +1,20 @@
+---
+name: Question
+description: Ask a question.
+title: "[Question] "
+labels:
+  - question
+assignees:
+  - thomasleplus
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request!
+  - type: textarea
+    attributes:
+      label: What is your question?
+      description: Please include as many details and examples as possible.
+      render: markdown
+    validations:
+      required: true

.github/dependabot.yml

@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/pull_request_template.md

@@ -0,0 +1,17 @@
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable-next-line MD041 -->
+## Readiness checklist
+<!-- prettier-ignore-end -->
+
+Please check the boxes below to confirm that you have followed the
+required guidelines for contributions:
+
+- [ ] If this pull request includes code changes, they were all properly tested. Automated tests were also included where possible.
+- [ ] If applicagle, this pull request includes the relevant documentation for this change.
+- [ ] If this pull request is related to an existing issue, you can use the same description below but in any case include a [link](https://docs.github.com/en/issues/tracking-your-work-with-issues/using-issues/linking-a-pull-request-to-an-issue) like `Fixes #ISSUE_NUMBER.` or `Closese #ISSUE_NUMBER.`.
+- [ ] All the commits in this pull request were squashed into a single commit. That commit is [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification).
+
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable-next-line MD041 -->
+## Description
+<!-- prettier-ignore-end -->

.github/workflows/automerge.yml

@@ -0,0 +1,40 @@
+---
+name: "Dependabot auto-merge"
+on: pull_request
+
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Authenticate CLI with a PAT
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        if: env.RELEASE_TOKEN != ''
+        shell: bash
+        run: echo "${RELEASE_TOKEN}" | gh auth login --with-token
+      - name: Enable auto-merge for Dependabot PRs
+        shell: bash
+        run: |
+          # Checking the PR title is a poor substitute for the actual PR changes
+          # but as long as this is used only with dependabot PRs,
+          # it should be safe to assume that the title is not misleading.
+          regexp='^Bump .* from [0-9]+\.[0-9]+(\.[0-9]+)?(\.[0-9]+)?(\-[a-z]+)? to [0-9]+\.[0-9]+(\.[0-9]+)?(\.[0-9]+)?(\-[a-z]+)?( in .*)?$'
+          if ! [[ "${PR_TITLE}" =~ ${regexp} ]] ; then
+            echo 'Non-semver upgrade, needs manual review.'
+          elif [ "${BASH_REMATCH[3]}" != "${BASH_REMATCH[6]}" ] ; then
+            echo 'Version suffixes do not match, needs manual review.'
+          else
+            echo 'Automated review approval.'
+            gh pr review --approve "${PR_URL}"
+          fi
+          gh pr merge --auto --squash "${PR_URL}"
+        env:
+          PR_TITLE: ${{github.event.pull_request.title}}
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+---
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+name: "CodeQL"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * 0"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    # Ignore PRs coming from forks or from dependabot since they don't have the required permissions.
+    if: ${{ (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+          queries: +security-and-quality
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18

.github/workflows/dependency-review.yml

@@ -0,0 +1,15 @@
+---
+name: "Dependency Review"
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@0659a74c94536054bfa5aeb92241f70d680cc78e # v4

.github/workflows/devskim.yml

@@ -0,0 +1,38 @@
+---
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: DevSkim
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * 0"
+
+permissions: {}
+
+jobs:
+  lint:
+    name: DevSkim
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
+
+      - name: Upload DevSkim scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        with:
+          should-scan-archives: true
+          sarif_file: devskim-results.sarif

.github/workflows/jslint.yml

@@ -0,0 +1,25 @@
+---
+name: "JSLint"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * 0"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  lint:
+    name: Check with JSLint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Install JSLint
+        shell: bash
+        run: sudo npm install -g jslint
+      - name: Run JSLint
+        shell: bash
+        run: jslint --browser javascripts/*.js