feat(gh): add default github repo files (#53)

.ansible-lint

@@ -2,4 +2,4 @@ skip_list:
   # Role name virtio-win does not match ``^[a-z][a-z0-9_]+$`` pattern
   - role-name
   # Lines should be no longer than 160 chars
-  - yaml
+  - yaml[line-length]

.github/renovate.json5

@@ -1,5 +1,9 @@
 {
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  // # keep-sorted start block=yes
+  "git-submodules": {
+    enabled: true,
+  },
   // Keep the extends started with ":" at the end of the list to allow overriding
   extends: [
     "config:recommended",
@@ -12,9 +16,6 @@
     ":enableVulnerabilityAlertsWithLabel(security)",
     ":pinSkipCi",
   ],
-  "git-submodules": {
-    enabled: true,
-  },
   labels: [
     "renovate",
     "renovate/{{replace '.*/' '' depName}}",
@@ -55,4 +56,5 @@
     },
   ],
   separateMinorPatch: true,
+  // # keep-sorted end
 }

.github/workflows/mega-linter.yml

@@ -37,7 +37,7 @@ jobs:
           chmod a+x README.sh
 
       - name: 💡 MegaLinter
-        uses: oxsecurity/megalinter@b38cdf1f0cbe056fad4112cb7cd99c2b574c9617 # v8.1.0
+        uses: oxsecurity/megalinter@d8c95fc6f2237031fb9e9322b0f97100168afa6e # v8.2.0
         env:
           GITHUB_COMMENT_REPORTER: false
           # Disabled due to error: [GitHub Status Reporter] Error posting Status for REPOSITORY with ...: 403

.github/workflows/molecule.yml

@@ -18,10 +18,10 @@ jobs:
     strategy:
       matrix:
         distro:
-          - ubuntu2204
-          - ubuntu2004
           - debian10
           - fedora33
+          - ubuntu2004
+          - ubuntu2204
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -34,7 +34,12 @@ jobs:
           python-version: 3.x
 
       - name: Install test dependencies
-        run: pip3 install ansible molecule-plugins[docker] docker
+        run: |
+          set -euxo pipefail
+          pip3 install ansible molecule-plugins[docker] docker
+          if [ -f "${GITHUB_REPOSITORY#*/}/requirements.yml" ]; then
+            ansible-galaxy install -r "${GITHUB_REPOSITORY#*/}/requirements.yml"
+          fi
 
       - name: Run tests
         env:

.github/workflows/release-ansible-galaxy.yml

@@ -28,7 +28,7 @@ jobs:
       - name: Set up Python 3
         uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
-          python-version: "3.x"
+          python-version: 3.x
 
       - name: Install Ansible
         run: pip3 install ansible-base

.github/workflows/renovate.yml

@@ -23,20 +23,22 @@ on:
     - cron: 0 0-3 * * 0
 
 env:
+  # keep-sorted start
   # https://docs.renovatebot.com/troubleshooting/#log-debug-levels
   LOG_LEVEL: ${{ inputs.logLevel || 'debug' }}
+  RENOVATE_AUTOMERGE: "true"
+  # Renovate Automerge
+  RENOVATE_AUTOMERGE_TYPE: branch
+  # https://docs.renovatebot.com/self-hosted-configuration/#dryrun
+  # Run renovate in dry-run mode if executed in branches other than main - prevents versions in PRs/branches from being updated
+  RENOVATE_DRY_RUN: ${{ inputs.dryRun || ( github.head_ref || github.ref_name ) != 'main' || false }}
+  # https://docs.renovatebot.com/configuration-options/#platformcommit
+  RENOVATE_PLATFORM_COMMIT: "true"
   # https://docs.renovatebot.com/self-hosted-configuration/#repositories
   RENOVATE_REPOSITORIES: ${{ github.repository }}
   # https://docs.renovatebot.com/self-hosted-configuration/#username
   RENOVATE_USERNAME: ${{ github.repository_owner }}
-  # https://docs.renovatebot.com/configuration-options/#platformcommit
-  RENOVATE_PLATFORM_COMMIT: "true"
-  # https://docs.renovatebot.com/self-hosted-configuration/#dryrun
-  # Run renovate in dry-run mode if executed in branches other than main - prevents versions in PRs/branches from being updated
-  RENOVATE_DRY_RUN: ${{ inputs.dryRun || ( github.head_ref || github.ref_name ) != 'main' || false }}
-  # Renovate Automerge
-  RENOVATE_AUTOMERGE_TYPE: branch
-  RENOVATE_AUTOMERGE: "true"
+  # keep-sorted end
 
 permissions: read-all
 

.github/workflows/stale.yml

@@ -16,6 +16,7 @@ jobs:
     steps:
       - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
         with:
+          # keep-sorted start
           close-issue-message: |
             This issue has not seen any activity since it was marked stale.
             Closing.
@@ -32,3 +33,4 @@ jobs:
           stale-pr-message: |
             This PR is stale because it has been open 60 days with no activity.
             Remove stale label or comment or this will be closed in 7 days.
+          # keep-sorted end

.gitignore

@@ -1,6 +1,9 @@
-# pre-commit config file
-.pre-commit-config.yaml
+# keep-sorted start newline_separated=yes
+*.py[cod]
 
 # Python byte-compiled / optimized files
 *__pycache__/
-*.py[cod]
+
+# pre-commit config file
+.pre-commit-config.yaml
+# keep-sorted end

.mega-linter.yml

@@ -1,6 +1,7 @@
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation
 
+# keep-sorted start newline_separated=yes
 ANSIBLE_ANSIBLE_LINT_PRE_COMMANDS:
   - command: |
       mkdir -pv "${HOME}/.ansible/roles" && \
@@ -26,6 +27,7 @@ FILTER_REGEX_EXCLUDE: CHANGELOG.md
 FORMATTERS_DISABLE_ERRORS: false
 
 MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
+
 MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: CHANGELOG.md
 
 # Remove initial MegaLinter graphic
@@ -41,7 +43,7 @@ REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS16
 
 REPOSITORY_KICS_ARGUMENTS: --fail-on high
 
-REPOSITORY_TRIVY_ARGUMENTS: --ignorefile .trivyignore.yaml --severity HIGH,CRITICAL --ignore-unfixed
+REPOSITORY_TRIVY_ARGUMENTS: --severity HIGH,CRITICAL --ignore-unfixed
 
 TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES:
   - GITHUB_TOKEN
@@ -51,3 +53,4 @@ TYPESCRIPT_PRETTIER_ARGUMENTS: --html-whitespace-sensitivity=ignore
 VALIDATE_ALL_CODEBASE: true
 
 YAML_PRETTIER_ARGUMENTS: --no-error-on-unmatched-pattern
+# keep-sorted end