feat!: bump super-linter/super-linter from slim-v8.0.0 to slim-v8.6.0 in the docker-dependencies group across 1 directory

.devcontainer/devcontainer.json

@@ -1,30 +1,30 @@
 {
-  "name": "ci-github-common",
-  "image": "mcr.microsoft.com/devcontainers/base:debian",
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:3": {
-      "moby": false
-    },
-    "ghcr.io/devcontainers/features/github-cli:1": {
-      "extensions": "nektos/gh-act"
-    }
-  },
-  "remoteEnv": {
-    "GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}"
-  },
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "eamodio.gitlens",
-        "github.vscode-github-actions",
-        "github.copilot",
-        "github.copilot-chat",
-        "ms-vscode.makefile-tools",
-        "esbenp.prettier-vscode"
-      ],
-      "settings": {
-        "terminal.integrated.defaultProfile.linux": "zsh"
-      }
-    }
-  }
+	"name": "ci-github-common",
+	"image": "mcr.microsoft.com/devcontainers/base:debian",
+	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:3": {
+			"moby": false
+		},
+		"ghcr.io/devcontainers/features/github-cli:1": {
+			"extensions": "nektos/gh-act"
+		}
+	},
+	"remoteEnv": {
+		"GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}"
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"eamodio.gitlens",
+				"github.vscode-github-actions",
+				"github.copilot",
+				"github.copilot-chat",
+				"ms-vscode.makefile-tools",
+				"esbenp.prettier-vscode"
+			],
+			"settings": {
+				"terminal.integrated.defaultProfile.linux": "zsh"
+			}
+		}
+	}
 }

.github/dependabot.yml

@@ -38,6 +38,11 @@ updates:
       interval: weekly
       day: friday
       time: "04:00"
+    cooldown:
+      default-days: 7
+      semver-major-days: 7
+      semver-minor-days: 5
+      semver-patch-days: 3
     groups:
       npm-dependencies:
         patterns:

.github/linters/.codespellrc

@@ -0,0 +1,2 @@
+[codespell]
+skip = *.svg

.github/linters/.jscpd.json

@@ -1,4 +1,4 @@
 {
-  "threshold": 5,
-  "ignore": ["**/node_modules/**", "**/actions/**/coverage/**"]
+	"threshold": 5,
+	"ignore": ["**/node_modules/**", "**/actions/**/coverage/**"]
 }

.github/workflows/greetings.yml

@@ -55,6 +55,6 @@ jobs:
     steps:
       - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
         with:
-          repo_token: ${{ secrets.github-token || github.token }}
+          repo_token: ${{ secrets.github-token || github.token }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional
           issue_message: ${{ inputs.issue_message || 'Hi, thank for reporting an issue, we will check it out very soon' }}
           pr_message: ${{ inputs.pr_message || 'Hi, thank you for creating your PR, we will check it out very soon' }}

.github/workflows/linter.md

@@ -86,6 +86,12 @@ jobs:
       # See https://github.com/super-linter/super-linter.
       linter-env: ""
 
+      # Lint toolchain to use for Super-Linter frontend validators.
+      # Supported values: biome, eslint-prettier.
+      #
+      # Default: `biome`
+      linter-toolchain: biome
+
       # JSON array of languages to analyze with CodeQL.
       # See https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/.
       # Leave empty to disable the check.
@@ -125,6 +131,8 @@ jobs:
 |                        | See <https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job>.        |              |             |                                                                                                                                                    |
 | **`linter-env`**       | Environment variables in multilines format "key=value" to pass to the linter.             | **false**    | **string**  | -                                                                                                                                                  |
 |                        | See <https://github.com/super-linter/super-linter>.                                       |              |             |                                                                                                                                                    |
+| **`linter-toolchain`** | Lint toolchain to use for Super-Linter frontend validators.                               | **false**    | **string**  | `biome`                                                                                                                                            |
+|                        | Supported values: biome, eslint-prettier.                                                 |              |             |                                                                                                                                                    |
 | **`codeql-languages`** | JSON array of languages to analyze with CodeQL.                                           | **false**    | **string**  | `["actions"]`                                                                                                                                      |
 |                        | See <https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/>. |              |             |                                                                                                                                                    |
 |                        | Leave empty to disable the check.                                                         |              |             |                                                                                                                                                    |

.github/workflows/linter.yml

@@ -22,6 +22,13 @@ on:
           See https://github.com/super-linter/super-linter.
         type: string
         required: false
+      linter-toolchain:
+        description: |
+          Lint toolchain to use for Super-Linter frontend validators.
+          Supported values: biome, eslint-prettier.
+        type: string
+        required: false
+        default: biome
       codeql-languages:
         description: |
           JSON array of languages to analyze with CodeQL.
@@ -75,14 +82,92 @@ jobs:
           fetch-depth: "${{ inputs.lint-all && 1 || 0 }}"
           persist-credentials: false
 
-      - if: ${{ inputs.linter-env }}
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           LINTER_ENV: ${{ inputs.linter-env }}
-        run: |
-          echo "$LINTER_ENV" | while IFS= read -r line; do
-            if [ -z "$line" ]; then continue; fi
-            echo "$line" >> "$GITHUB_ENV"
-          done
+          LINTER_TOOLCHAIN: ${{ inputs.linter-toolchain }}
+        with:
+          script: |
+            const toolchainVariables = {
+              biome: {
+                VALIDATE_CSS: "false",
+                VALIDATE_CSS_PRETTIER: "false",
+                VALIDATE_GRAPHQL_PRETTIER: "false",
+                VALIDATE_HTML_PRETTIER: "false",
+                VALIDATE_JAVASCRIPT_ES: "false",
+                VALIDATE_JAVASCRIPT_PRETTIER: "false",
+                VALIDATE_JSON: "false",
+                VALIDATE_JSON_PRETTIER: "false",
+                VALIDATE_JSONC: "false",
+                VALIDATE_JSONC_PRETTIER: "false",
+                VALIDATE_JSX: "false",
+                VALIDATE_JSX_PRETTIER: "false",
+                VALIDATE_TYPESCRIPT_ES: "false",
+                VALIDATE_TYPESCRIPT_PRETTIER: "false",
+                VALIDATE_TSX: "false",
+                VALIDATE_VUE: "false",
+                VALIDATE_VUE_PRETTIER: "false",
+              },
+              "eslint-prettier": {
+                VALIDATE_BIOME_FORMAT: "false",
+                VALIDATE_BIOME_LINT: "false",
+              },
+            };
+
+            function parseEnvironmentLines(serializedEnvironment) {
+              const environment = new Map();
+
+              for (const rawLine of serializedEnvironment.split("\n")) {
+                const line = rawLine.trim();
+                if (line === "") {
+                  continue;
+                }
+
+                const separatorIndex = line.indexOf("=");
+                if (separatorIndex <= 0) {
+                  throw new Error(`Invalid linter-env entry: ${rawLine}`);
+                }
+
+                const key = line.slice(0, separatorIndex).trim();
+                const value = line.slice(separatorIndex + 1);
+                if (key === "") {
+                  throw new Error(`Invalid linter-env entry: ${rawLine}`);
+                }
+
+                environment.set(key, value);
+              }
+
+              return environment;
+            }
+
+            function getToolchainEnvironment(toolchain) {
+              const environment = toolchainVariables[toolchain];
+              if (!environment) {
+                throw new Error(`Unsupported lint toolchain: ${toolchain}`);
+              }
+
+              return environment;
+            }
+
+            function mergeEnvironment(customEnvironment, defaultEnvironment) {
+              const mergedEnvironment = new Map(customEnvironment);
+
+              for (const [key, value] of Object.entries(defaultEnvironment)) {
+                if (!mergedEnvironment.has(key)) {
+                  mergedEnvironment.set(key, value);
+                }
+              }
+
+              return mergedEnvironment;
+            }
+
+            const customEnvironment = parseEnvironmentLines(process.env.LINTER_ENV ?? "");
+            const defaultEnvironment = getToolchainEnvironment(process.env.LINTER_TOOLCHAIN);
+            const mergedEnvironment = mergeEnvironment(customEnvironment, defaultEnvironment);
+
+            for (const [key, value] of mergedEnvironment) {
+              core.exportVariable(key, value);
+            }
 
       # FIXME: superlinter should auto install required dependencies. See https://github.com/super-linter/super-linter/issues/6089.
       - id: has-prettier-plugins
@@ -104,12 +189,12 @@ jobs:
         with:
           working-directory: ${{ steps.has-prettier-plugins.outputs.package-json-dir }}
 
-      - uses: super-linter/super-linter/slim@5119dcd8011e92182ce8219d9e9efc82f16fddb6 # v8.0.0
+      - uses: super-linter/super-linter/slim@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0
         env:
           VALIDATE_ALL_CODEBASE: ${{ inputs.lint-all }}
           LOG_LEVEL: WARN
           DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
-          GITHUB_TOKEN: ${{ secrets.github-token || github.token }}
+          GITHUB_TOKEN: ${{ secrets.github-token || github.token }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional
           IGNORE_GITIGNORED_FILES: "true"
 
   codeql:

.github/workflows/semantic-pull-request.yml

@@ -45,4 +45,4 @@ jobs:
     steps:
       - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
         env:
-          GITHUB_TOKEN: ${{ secrets.github-token || github.token }}
+          GITHUB_TOKEN: ${{ secrets.github-token || github.token }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional

Dockerfile

@@ -1,12 +1,6 @@
-FROM ghcr.io/super-linter/super-linter:slim-v8.0.0
+FROM ghcr.io/hoverkraft-tech/docker-base-images/super-linter:0.1.0
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=30s --retries=3 CMD ["/bin/sh","-c","test -d /github/home"]
 ARG UID=1000
 ARG GID=1000
-RUN chown -R ${UID}:${GID} /github/home
-USER ${UID}:${GID}
-
-ENV RUN_LOCAL=true 
-ENV USE_FIND_ALGORITHM=true
-ENV LOG_LEVEL=WARN
-ENV LOG_FILE="/github/home/logs"
+USER ${UID}:${GID}

Makefile

@@ -8,13 +8,11 @@ lint: ## Execute linting
 
 lint-fix: ## Execute linting and fix
 	$(call run_linter, \
-		-e FIX_JSON_PRETTIER=true \
-		-e FIX_JAVASCRIPT_PRETTIER=true \
-		-e FIX_YAML_PRETTIER=true \
 		-e FIX_MARKDOWN=true \
-		-e FIX_MARKDOWN_PRETTIER=true \
 		-e FIX_NATURAL_LANGUAGE=true \
 		-e FIX_SHELL_SHFMT=true \
+		-e FIX_BIOME_LINT=true \
+		-e FIX_BIOME_FORMAT=true \
 	)
 
 setup: ## Install npm dependencies for all package.json files under actions/
@@ -43,7 +41,6 @@ define run_linter
 	docker run \
 		-e DEFAULT_WORKSPACE="$$DEFAULT_WORKSPACE" \
 		-e FILTER_REGEX_INCLUDE="$(filter-out $@,$(MAKECMDGOALS))" \
-		-e IGNORE_GITIGNORED_FILES=true \
 		$(1) \
 		-v $$VOLUME \
 		--rm \

actions/checkout/action.yml

@@ -1,7 +1,7 @@
 name: "Checkout"
 description: |
   Action to checkout the repository compatible for PRs, issues and push events.
-  Workaround for https://github.com/actions/checkout/issues/331](https://github.com/actions/checkout/issues/331.
+  Workaround for https://github.com/actions/checkout/issues/331.
 author: hoverkraft
 branding:
   icon: git-branch

actions/create-or-update-comment/action.yml

@@ -62,7 +62,7 @@ runs:
         body-includes: ${{ inputs.title }}
         token: ${{ inputs.token || github.token }}
 
-    - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+    - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0  # zizmor: ignore[superfluous-actions] packaged comment upsert behavior is intentional
       with:
         edit-mode: replace
         comment-id: ${{ steps.find-comment.outputs.comment-id }}