ci: add pull request check Gitea actions

.github/config/markdownlint.yaml

@@ -0,0 +1,4 @@
+---
+# no-duplicate-heading
+MD024:
+  siblings_only: true

.github/config/yamllint.yaml

@@ -0,0 +1,4 @@
+rules:
+  comments:
+    # https://github.com/redhat-developer/vscode-yaml/issues/433
+    min-spaces-from-content: 1

.github/workflows/actionlint-check.yaml

@@ -0,0 +1,41 @@
+---
+name: actionlint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: actionlint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: actionlint installation
+        working-directory: /bin
+        run: |
+          set -e
+
+          INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/rhysd/actionlint/e11169d0656294827d65370a3c76a2325406da85/scripts/download-actionlint.bash"
+          ACTIONLINT_VERSION="1.7.5"
+
+          INSTALL_SCRIPT_CHECKSUM="99ab9f1d97c31c9a051e6902305f7ea9f48e7e7e1b0ee41f64aa831c86655168  download-actionlint.bash"
+          ACTIONLINT_CHECKSUM="3d74253aa0cf645e6224fd53f2d56776998c7c05a0d3c12307463285515898f8  actionlint"
+
+          wget -O download-actionlint.bash "$INSTALL_SCRIPT_URL"
+          echo "$INSTALL_SCRIPT_CHECKSUM" | sha256sum --check
+
+          bash download-actionlint.bash "$ACTIONLINT_VERSION"
+          echo "$ACTIONLINT_CHECKSUM" | sha256sum --check
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: actionlint check
+        run: actionlint

.github/workflows/checkov-check.yaml

@@ -0,0 +1,33 @@
+---
+name: checkov check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: checkov check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: Python installation
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
+        with:
+          python-version: "3.13.1"
+      - name: Rust toolchain installation
+        uses: dtolnay/rust-toolchain@0579bb9e1907e560c2f263f705f93655a44a07e5
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: checkov installation
+        run: pip install --no-cache-dir --require-hashes -r .github/dependencies/checkov-check/requirements.txt
+      - name: checkov check
+        run: checkov --directory .

.github/workflows/conventional-commit-messages-check.yaml

@@ -0,0 +1,29 @@
+---
+name: conventional commit messages check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: conventional commit messages check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: conventional commit messages check
+        uses: davidglezz/action-conventional-commits-check@ea8ae44ab9c7b79c1da0bd811a6ee6c5768ce476
+        with:
+          target-branch: ${{ github.event.pull_request.base.ref }}
+          current-branch: ${{ github.event.pull_request.head.ref }}
+          pattern: "^(build|chore|ci|docs|feat|fix|hotfix|perf|refactor|revert|style|test){1}(\\([[:alnum:]._-]+\\))?(!)?: ([[:alnum:]])+([[:space:][:print:]]*)$"

.github/workflows/conventional-commits.yml

@@ -1,24 +0,0 @@
-name: conventional commits
-
-on:
-  pull_request:
-    types: [ opened, synchronize, reopened, edited ]
-
-permissions: { }
-
-jobs:
-  build:
-    name: conventional commits
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      pull-requests: read
-      packages: read
-      statuses: write
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: conventional commits check
-        uses: webiny/action-conventional-commits@v1.3.0
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/conventional-pull-request-title-check.yaml

@@ -0,0 +1,24 @@
+---
+name: conventional pull request title check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: conventional pull request title check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: conventional pull request title check
+        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98
+        with:
+          task_types: '["build","chore","ci","docs","feat","fix","hotfix","perf","refactor","revert","style","test"]'
+          add_label: "false"

.github/workflows/conventional-pull-requests.yml

@@ -1,23 +0,0 @@
-name: conventional pull requests
-
-on:
-  pull_request:
-    types: [ opened, synchronize, reopened, edited ]
-
-permissions: { }
-
-jobs:
-  build:
-    name: conventional pull requests
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      pull-requests: read
-      packages: read
-      statuses: write
-    steps:
-      - name: conventional pull requests check
-        uses: ytanikin/PRConventionalCommits@1.1.0
-        with:
-          task_types: '["build","chore","ci","docs","feat","fix","perf","refactor","revert","style","test"]'
-          add_label: 'false'

.github/workflows/dotenv-linter-check.yaml

@@ -0,0 +1,41 @@
+---
+name: dotenv-linter check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: dotenv-linter check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: dotenv-linter installation
+        working-directory: /bin
+        run: |
+          set -e
+
+          INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/ced5b9b28d9a1a309fe900cb992d69dba91205dc/install.sh"
+          DOTENV_LINTER_VERSION="v3.3.0"
+
+          INSTALL_SCRIPT_CHECKSUM="3b883cbc2bc3b48b6acd794802326a50fcbfeff7d5cd61e457c54fd6072bd809  dotenv-linter-install.sh"
+          DOTENV_LINTER_CHECKSUM="4bf3efb743a1e3383ab3407ff48c6147dd527dac35b736e224a26425df00a2ee  dotenv-linter"
+
+          wget -O dotenv-linter-install.sh "$INSTALL_SCRIPT_URL"
+          echo "$INSTALL_SCRIPT_CHECKSUM" | sha256sum --check
+
+          sh dotenv-linter-install.sh -- -b . "$DOTENV_LINTER_VERSION"
+          echo "$DOTENV_LINTER_CHECKSUM" | sha256sum --check
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: dotenv-linter check
+        run: dotenv-linter

.github/workflows/gitleaks-check.yaml

@@ -0,0 +1,38 @@
+---
+name: GitLeaks check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: GitLeaks check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: GitLeaks installation
+        working-directory: /bin
+        run: |
+          set -e
+
+          VERSION="v8.22.0"
+          CHECKSUM="3f95fef7e361adafed2b1bb9c591ba3bc6b595b4f296b346257301b7bf04be15  gitleaks.tar.gz"
+
+          wget -O "gitleaks.tar.gz" "https://github.com/gitleaks/gitleaks/releases/download/$VERSION/gitleaks_8.22.0_linux_arm64.tar.gz"
+          echo "$CHECKSUM" | sha256sum --check
+
+          tar xzf gitleaks.tar.gz
+          chmod +x gitleaks
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: GitLeaks check
+        run: gitleaks git && gitleaks dir

.github/workflows/hadolint-check.yaml

@@ -0,0 +1,43 @@
+---
+name: hadolint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: hadolint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: hadolint installation
+        working-directory: /bin
+        run: |
+          set -e
+
+          VERSION="v2.12.0"
+          CHECKSUM="5798551bf19f33951881f15eb238f90aef023f11e7ec7e9f4c37961cb87c5df6 hadolint"
+
+          wget -O hadolint "https://github.com/hadolint/hadolint/releases/download/$VERSION/hadolint-Linux-arm64"
+          echo "$CHECKSUM" | sha256sum --check
+
+          chmod +x hadolint
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: hadolint check
+        run: |
+          STATUS=0
+          while read -r file; do
+            echo "Linting $file..."
+            hadolint "$file" || STATUS=1
+          done < <(find . -name "Dockerfile")
+          exit $STATUS

.github/workflows/htmlhint-check.yaml

@@ -0,0 +1,27 @@
+---
+name: htmlhint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: htmlhint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: dependencies installation
+        run: npm install
+      - name: htmlhint check
+        run: npx htmlhint "**/*.html"

.github/workflows/lint.yml

@@ -1,43 +0,0 @@
-name: lint
-
-on:
-  pull_request:
-    types: [ opened, synchronize, reopened, edited ]
-
-permissions: { }
-
-jobs:
-  build:
-    name: lint
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
-      packages: read
-      statuses: write
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v4
-        with:
-          # Super-linter needs the full git history to get the list of files that changed across commits
-          fetch-depth: 0
-      - name: Super-linter check
-        uses: super-linter/super-linter@v7.0.0 # x-release-please-version
-        env:
-          # to report GitHub Actions status checks
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VALIDATE_ALL_CODEBASE: false
-          VALIDATE_JAVASCRIPT_PRETTIER: false
-          VALIDATE_JAVASCRIPT_STANDARD: false
-          VALIDATE_JSCPD: false
-          VALIDATE_RUST_2015: false
-          VALIDATE_RUST_2018: false
-          VALIDATE_SQLFLUFF: false
-          FIX_CSS_PRETTIER: true
-          FIX_HTML_PRETTIER: true
-          FIX_JAVASCRIPT_ES: true
-          FIX_JSON_PRETTIER: true
-          FIX_RUST_2021: true
-          FIX_RUST_CLIPPY: true
-          FIX_TYPESCRIPT_ES: true
-          FIX_YAML_PRETTIER: true

.github/workflows/markdownlint-check.yaml

@@ -0,0 +1,27 @@
+---
+name: markdownlint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: markdownlint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: dependencies installation
+        run: npm install
+      - name: markdownlint check
+        run: npx markdownlint --config .github/config/markdownlint.yaml "**/*.md" --ignore node_modules

.github/workflows/prettier-check.yaml

@@ -0,0 +1,27 @@
+---
+name: Prettier check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: Prettier check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: dependencies installation
+        run: npm install
+      - name: Prettier check
+        run: npx prettier . --check

.github/workflows/rust-check.yaml

@@ -0,0 +1,43 @@
+---
+name: Rust check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: Rust check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: dependencies installation
+        run: >
+          apt-get update && apt-get install -y
+          libgtk-3-dev=3.24.33-1ubuntu2.2
+          libjavascriptcoregtk-4.1-dev=2.46.4-0ubuntu0.22.04.1
+          libsoup-3.0-dev=3.0.7-0ubuntu1
+          libwebkit2gtk-4.1-dev=2.46.4-0ubuntu0.22.04.1
+          libxdo-dev=1:3.20160805.1-4
+      - name: Rust toolchain installation
+        uses: dtolnay/rust-toolchain@0579bb9e1907e560c2f263f705f93655a44a07e5
+        with:
+          components: clippy, rustfmt
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: npm build
+        run: npm install && npm run build
+      - name: rustfmt check
+        run: cargo fmt --all --check
+      - name: Clippy check
+        run: cargo clippy --all-targets --all-features -- --deny warnings
+      - name: test check
+        run: cargo test --all --all-targets --all-features

.github/workflows/shellcheck-check.yaml

@@ -0,0 +1,28 @@
+---
+name: ShellCheck check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: ShellCheck check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: ShellCheck installation
+        run: apt-get update && apt-get install -y shellcheck=0.8.0-2
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: ShellCheck check
+        # https://www.shellcheck.net/wiki/Recursiveness
+        run: find . -type f -name "*.sh" -print0 | xargs -0 shellcheck

.github/workflows/stylelint-check.yaml

@@ -0,0 +1,27 @@
+---
+name: Stylelint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: Stylelint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: dependencies installation
+        run: npm install
+      - name: Stylelint check
+        run: npx stylelint "**/*.css"

.github/workflows/yamllint-check.yaml

@@ -0,0 +1,27 @@
+---
+name: yamllint check
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: {}
+
+jobs:
+  build:
+    name: yamllint check
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
+    steps:
+      - name: yamllint installation
+        run: apt-get update && apt-get install -y yamllint=1.26.3-1
+      - name: code checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: yamllint check
+        run: yamllint -c .github/config/yamllint.yaml .

.idea/dataSources.local.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
-  <component name="dataSourceStorageLocal" created-in="RR-243.21565.245">
+  <component name="dataSourceStorageLocal" created-in="RR-243.22562.230">
     <data-source name="todo_baggins@localhost" uuid="1658668c-c2b8-426d-a22f-16fbad9eff0b">
       <database-info product="PostgreSQL" version="16.4 (Debian 16.4-1.pgdg120+1)" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.6.0" dbms="POSTGRES" exact-version="16.4" exact-driver-version="42.6">
         <identifier-quote-string>&quot;</identifier-quote-string>