build: sync with template

.editorconfig

@@ -1,3 +1,7 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
 root = true
 
 [*]

.github/FUNDING.yml

@@ -0,0 +1,5 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
+github: [ahmadnassri]

.github/dependabot.yml

@@ -1,11 +1,77 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
 version: 2
 updates:
+  - package-ecosystem: gitsubmodule
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: github-actions
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: chore
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
   - package-ecosystem: npm
     open-pull-requests-limit: 10
-    directory: /action
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: bundler
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: terraform
+    open-pull-requests-limit: 10
+    directory: /
+    commit-message:
+      prefix: build
+      prefix-development: chore
+      include: scope
+    schedule:
+      interval: daily
+      time: "10:00"
+      timezone: America/Toronto
+
+  - package-ecosystem: docker
+    open-pull-requests-limit: 10
+    directory: /
     commit-message:
       prefix: build
       prefix-development: chore
       include: scope
     schedule:
       interval: daily
+      time: "10:00"
+      timezone: America/Toronto

.github/linters/.checkov.yml

@@ -0,0 +1,11 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
+quiet: true
+skip-check:
+  - CKV_DOCKER_2
+  - CKV_GHA_3
+  - BC_DKR_3
+  - CKV_GIT_1
+  - CKV_GIT_5

.github/linters/.commit-lint.yml

@@ -1,3 +1,7 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
 extends:
   - "@commitlint/config-conventional"
 rules:

.github/linters/.markdown-lint.yml

@@ -1,3 +1,7 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
 # Heading levels should only increment by one level at a time
 MD001: false
 
@@ -36,7 +40,7 @@ MD012:
 
 # Line length
 MD013:
-  line_length: 180
+  line_length: 360
   strict: true
   stern: true
 
@@ -127,7 +131,7 @@ MD039: true
 MD040: true
 
 # First line in file should be a top level heading
-MD041: true
+MD041: false
 
 # No empty links
 MD042: true

.github/linters/.mega-linter.yml

@@ -0,0 +1,26 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
+ENABLE: ACTION,BASH,MAKEFILE,REPOSITORY,TERRAFORM,HTML,ENV,JAVASCRIPT,JSX,EDITORCONFIG,JSON,DOCKERFILE,MARKDOWN,YAML,CSS,OPENAPI,SQL
+DISABLE_LINTERS:
+  - JSON_PRETTIER
+  - JAVASCRIPT_PRETTIER
+  - YAML_PRETTIER
+  - REPOSITORY_TRIVY
+  - REPOSITORY_DEVSKIM
+  - TERRAFORM_CHECKOV
+
+CONFIG_REPORTER: false
+FAIL_IF_MISSING_LINTER_IN_FLAVOR: true
+FLAVOR_SUGGESTIONS: false
+LOG_LEVEL: INFO
+MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdown-lint.yml
+PRINT_ALPACA: false
+SHOW_ELAPSED_TIME: true
+VALIDATE_ALL_CODEBASE: false
+IGNORE_GENERATED_FILES: true
+FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*)
+REPOSITORY_CHECKOV_ARGUMENTS: [--skip-path, schemas]
+
+DISABLE_ERRORS: true # TODO: disable once https://github.com/oxsecurity/megalinter/pull/1798 is merged

.github/linters/.yamllint.yml

@@ -0,0 +1,17 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
+extends: default
+
+rules:
+  brackets:
+    max-spaces-inside: 1
+  document-start:
+    present: false
+  truthy:
+    check-keys: false
+  line-length:
+    max: 500
+  comments:
+    min-spaces-from-content: 1

.github/workflows/pull_request_target.yml

@@ -0,0 +1,82 @@
+# ------------------------------------------------------------- #
+# Note: this file is automatically managed in template-template #
+# ------------------------------------------------------------- #
+
+on: pull_request_target
+
+name: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+
+jobs:
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      repository_is_template: ${{ steps.metadata.outputs.repository_is_template }}
+
+    steps:
+      - uses: actions/checkout@v3.0.2
+
+      - uses: ahmadnassri/action-metadata@v2.1.1
+        id: metadata
+
+  auto-merge:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    # only run for dependabot PRs
+    if: ${{ github.actor == 'dependabot[bot]' }}
+
+    env:
+      PR_URL: ${{github.event.pull_request.html_url}}
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+    steps:
+      - id: dependabot
+        uses: dependabot/fetch-metadata@v1.3.3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: auto merge conditions
+        id: auto-merge
+        if: |
+          (
+            steps.dependabot.outputs.update-type == 'version-update:semver-patch' &&
+            contains('direct:development,indirect:development,direct:production,indirect:production', steps.dependabot.outputs.dependency-type)
+          ) || (
+            steps.dependabot.outputs.update-type == 'version-update:semver-minor' &&
+            contains('direct:development,indirect:development', steps.dependabot.outputs.dependency-type)
+          )
+        run: echo "::notice ::auto-merge conditions satisfied"
+
+      - name: auto approve pr
+        if: ${{ steps.auto-merge.conclusion == 'success' }}
+        run: |
+          gh pr review --approve "$PR_URL"
+          gh pr merge --auto --rebase "$PR_URL"
+
+  template-sync:
+    needs: metadata
+
+    timeout-minutes: 20
+
+    runs-on: ubuntu-latest
+
+    # only run for templates
+    if: ${{ needs.metadata.outputs.repository_is_template == 'true' }}
+
+    steps:
+      - uses: actions/checkout@v3.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - uses: ahmadnassri/action-template-repository-sync@v2
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}