chore(deps): bump ahmadnassri/action-semantic-release from 2.2.5 to 2.2.6

[dependabot]

Bumps ahmadnassri/action-semantic-release from 2.2.5 to 2.2.6.

Release notes

Sourced from ahmadnassri/action-semantic-release's releases.

v2.2.6

2.2.6 (2023-08-09)

Bug Fixes

• include npm in base image (4d4e33f)

Commits

• 0c98629 chore(release): bump to 2.2.6 [skip ci]
• 4d4e33f fix: include npm in base image
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.1s
✅ EDITORCONFIG	editorconfig-checker	1		0	0.01s
✅ REPOSITORY	checkov	yes		no	13.24s
✅ REPOSITORY	gitleaks	yes		no	0.43s
✅ REPOSITORY	git_diff	yes		no	0.0s
✅ REPOSITORY	grype	yes		no	9.71s
✅ REPOSITORY	secretlint	yes		no	0.7s
✅ REPOSITORY	trivy-sbom	yes		no	1.3s
✅ REPOSITORY	trufflehog	yes		no	1.69s
✅ SPELL	lychee	1		0	0.22s
✅ YAML	v8r	1		0	2.06s
✅ YAML	yamllint	1		0	0.24s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[ahmadnassri]

Template Repository Sync Report

Found 36 files to update in 28 repositories

node-ahmad

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-api-problem

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-april-fools

.github/linters/.checkov.yml

--- .github/linters/.checkov.yml
+++ .github/linters/.checkov.yml
@@ -4,9 +4,8 @@
 
 quiet: true
 skip-check:
   - CKV_DOCKER_2
-  - CKV_DOCKER_8
   - CKV_GHA_3
   - BC_DKR_3
   - CKV_GIT_1
   - CKV_GIT_5

.github/linters/.mega-linter.yml

--- .github/linters/.mega-linter.yml
+++ .github/linters/.mega-linter.yml
@@ -10,18 +10,16 @@
   - SPELL_CSPELL
   - JSON_PRETTIER
   - YAML_PRETTIER
   - JAVASCRIPT_PRETTIER
-  - HTML_DJLINT
-  - REPOSITORY_DEVSKIM # temporarily disabled
 
 LOG_LEVEL: INFO
 PRINT_ALPACA: false
 CONFIG_REPORTER: false
 SHOW_ELAPSED_TIME: true
 FLAVOR_SUGGESTIONS: false
 VALIDATE_ALL_CODEBASE: false
 IGNORE_GENERATED_FILES: true
-FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*|coverage/*|.nyc_output/*)
+FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*)
 
 MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdown-lint.yml
 REPOSITORY_CHECKOV_ARGUMENTS: [--skip-path, schemas]

.github/workflows/pull_request_target.yml

--- .github/workflows/pull_request_target.yml
+++ .github/workflows/pull_request_target.yml
@@ -9,6 +9,6 @@
 permissions: read-all
 
 jobs:
   main:
-    uses: ahmadnassri/actions/.github/workflows/pull-request-target.yml@master
+    uses: ahmadnassri/actions/.github/workflows/pull-request-target-template.yml@master
     secrets: inherit

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -1,21 +1,322 @@
 # ----------------------------------------------- #
 # Note: this file originates in template-node-lib #
 # ----------------------------------------------- #
 
-name: push
-
 on:
   - push
   - workflow_dispatch
 
-permissions: read-all
+name: push
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+
+permissions:
+  contents: write
+  packages: write
+  pull-requests: write
+
+env:
+  NODE_ENV: test
+
 jobs:
-  main:
-    uses: ahmadnassri/actions/.github/workflows/push-javascript.yml@master
-    secrets: inherit
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      image-name: ${{ steps.image.outputs.name }}
+      dockerfile: ${{ steps.dockerfile.outputs.exists }}
+      repository_is_template: ${{ steps.metadata.outputs.repository_is_template }}
+      repository_default_branch: ${{ steps.metadata.outputs.repository_default_branch }}
+
+    steps:
+      - uses: actions/[email protected]
+
+      - id: metadata
+        uses: ahmadnassri/[email protected]
+
+      - id: dockerfile
+        run: echo "exists=$([[ -f "${{ github.workspace }}/Dockerfile" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
+
+      - id: image
+        run: echo "name=$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+  commit-lint:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          config: .github/linters/.commit-lint.yml
+
+  mega-linter:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: oxsecurity/megalinter/flavors/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MEGALINTER_CONFIG: .github/linters/.mega-linter.yml
+          GITHUB_COMMENT_REPORTER: true
+          GITHUB_STATUS_REPORTER: true
+
+      - uses: actions/[email protected]
+        if: ${{ success() }} || ${{ failure() }}
+        with:
+          name: mega-linter-reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+  npm-audit:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: latest
+
+      - run: npm audit
+        env:
+          NPM_CONFIG_AUDIT_LEVEL: ${{ env.NPM_CONFIG_AUDIT_LEVEL || 'critical' }}
+
+  test-strategy:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/test-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  test:
+    needs:
+      - npm-audit
+      - test-strategy
+
+    timeout-minutes: 5
+
+    name: ${{ matrix.name || format('node v{0} @ {1}', matrix.node-version, matrix.os) || 'test-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.test-strategy.outputs.matrix) }}
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: npm ci
+      - run: npm run test:ci
+
+  release:
+    needs:
+      - test
+      - metadata
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    timeout-minutes: 20
+
+    runs-on: ubuntu-latest
+
     permissions:
       contents: write
-      statuses: write
       packages: write
-      pull-requests: write
+
+    outputs:
+      published: ${{ steps.release.outputs.published }}
+      version: ${{ steps.release.outputs.release-version }}
+      version-major: ${{ steps.release.outputs.release-version-major }}
+      version-minor: ${{ steps.release.outputs.release-version-minor }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          cache: npm
+
+      - run: npm ci
+
+      - id: release
+        uses: ahmadnassri/[email protected]
+        with:
+          config: ${{ github.workspace }}/.semantic.json
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  mirror:
+    needs: release
+
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    if: ${{ needs.release.outputs.published == 'true' }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          registry-url: https://npm.pkg.github.com
+          node-version: latest
+
+      - name: publish to github registry
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          jq '.name = "@'"${GITHUB_REPOSITORY/node-/}"'"' package.json > /tmp/package.json; mv /tmp/package.json .
+          npm version --no-git-tag-version "v${{ needs.release.outputs.version }}"
+          npm publish
+
+  publish-strategy:
+    needs:
+      - metadata
+
+    timeout-minutes: 5
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/publish-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  publish-docker:
+    needs:
+      - release
+      - metadata
+      - publish-strategy
+
+    timeout-minutes: 5
+
+    if: |
+      needs.release.outputs.published == 'true' &&
+      needs.metadata.outputs.dockerfile == 'true'
+
+    name: ${{ format('publish to {0}', matrix.registry) || 'publish-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.publish-strategy.outputs.matrix) }}
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    steps:
+      - uses: actions/[email protected]
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+
+      # login to docker hub
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      # login to github container registry
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: meta
+        run: |
+          echo "name=${{ github.repository_owner }}/$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+      # publish
+      - uses: docker/build-push-action@v4
+        with:
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: |
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:latest
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version-major }}
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version }}
+          labels: |
+            org.opencontainers.image.title=${{ needs.metadata.outputs.image-name }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.version=${{ needs.release.outputs.version }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+  template-sync:
+    timeout-minutes: 5
+
+    needs:
+      - metadata
+      - test
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'true' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}

node-autoenv

.semantic.json

--- .semantic.json
+++ .semantic.json
@@ -30,10 +30,9 @@
         ]
       }
     }],
     ["@semantic-release/github", {
-      "successComment": false,
-      "failComment": false
+      "successComment": false
     }],
     "@semantic-release/npm"
   ]
 }

.github/workflows/pull_request_target.yml

--- .github/workflows/pull_request_target.yml
+++ .github/workflows/pull_request_target.yml
@@ -9,6 +9,6 @@
 permissions: read-all
 
 jobs:
   main:
-    uses: ahmadnassri/actions/.github/workflows/pull-request-target.yml@master
+    uses: ahmadnassri/actions/.github/workflows/pull-request-target-template.yml@master
     secrets: inherit

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -1,21 +1,322 @@
 # ----------------------------------------------- #
 # Note: this file originates in template-node-lib #
 # ----------------------------------------------- #
 
-name: push
-
 on:
   - push
   - workflow_dispatch
 
-permissions: read-all
+name: push
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+
+permissions:
+  contents: write
+  packages: write
+  pull-requests: write
+
+env:
+  NODE_ENV: test
+
 jobs:
-  main:
-    uses: ahmadnassri/actions/.github/workflows/push-javascript.yml@master
-    secrets: inherit
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      image-name: ${{ steps.image.outputs.name }}
+      dockerfile: ${{ steps.dockerfile.outputs.exists }}
+      repository_is_template: ${{ steps.metadata.outputs.repository_is_template }}
+      repository_default_branch: ${{ steps.metadata.outputs.repository_default_branch }}
+
+    steps:
+      - uses: actions/[email protected]
+
+      - id: metadata
+        uses: ahmadnassri/[email protected]
+
+      - id: dockerfile
+        run: echo "exists=$([[ -f "${{ github.workspace }}/Dockerfile" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
+
+      - id: image
+        run: echo "name=$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+  commit-lint:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          config: .github/linters/.commit-lint.yml
+
+  mega-linter:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: oxsecurity/megalinter/flavors/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MEGALINTER_CONFIG: .github/linters/.mega-linter.yml
+          GITHUB_COMMENT_REPORTER: true
+          GITHUB_STATUS_REPORTER: true
+
+      - uses: actions/[email protected]
+        if: ${{ success() }} || ${{ failure() }}
+        with:
+          name: mega-linter-reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+  npm-audit:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: latest
+
+      - run: npm audit
+        env:
+          NPM_CONFIG_AUDIT_LEVEL: ${{ env.NPM_CONFIG_AUDIT_LEVEL || 'critical' }}
+
+  test-strategy:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/test-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  test:
+    needs:
+      - npm-audit
+      - test-strategy
+
+    timeout-minutes: 5
+
+    name: ${{ matrix.name || format('node v{0} @ {1}', matrix.node-version, matrix.os) || 'test-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.test-strategy.outputs.matrix) }}
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: npm ci
+      - run: npm run test:ci
+
+  release:
+    needs:
+      - test
+      - metadata
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    timeout-minutes: 20
+
+    runs-on: ubuntu-latest
+
     permissions:
       contents: write
-      statuses: write
       packages: write
-      pull-requests: write
+
+    outputs:
+      published: ${{ steps.release.outputs.published }}
+      version: ${{ steps.release.outputs.release-version }}
+      version-major: ${{ steps.release.outputs.release-version-major }}
+      version-minor: ${{ steps.release.outputs.release-version-minor }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          cache: npm
+
+      - run: npm ci
+
+      - id: release
+        uses: ahmadnassri/[email protected]
+        with:
+          config: ${{ github.workspace }}/.semantic.json
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  mirror:
+    needs: release
+
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    if: ${{ needs.release.outputs.published == 'true' }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          registry-url: https://npm.pkg.github.com
+          node-version: latest
+
+      - name: publish to github registry
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          jq '.name = "@'"${GITHUB_REPOSITORY/node-/}"'"' package.json > /tmp/package.json; mv /tmp/package.json .
+          npm version --no-git-tag-version "v${{ needs.release.outputs.version }}"
+          npm publish
+
+  publish-strategy:
+    needs:
+      - metadata
+
+    timeout-minutes: 5
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/publish-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  publish-docker:
+    needs:
+      - release
+      - metadata
+      - publish-strategy
+
+    timeout-minutes: 5
+
+    if: |
+      needs.release.outputs.published == 'true' &&
+      needs.metadata.outputs.dockerfile == 'true'
+
+    name: ${{ format('publish to {0}', matrix.registry) || 'publish-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.publish-strategy.outputs.matrix) }}
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    steps:
+      - uses: actions/[email protected]
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+
+      # login to docker hub
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      # login to github container registry
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: meta
+        run: |
+          echo "name=${{ github.repository_owner }}/$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+      # publish
+      - uses: docker/build-push-action@v4
+        with:
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: |
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:latest
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version-major }}
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version }}
+          labels: |
+            org.opencontainers.image.title=${{ needs.metadata.outputs.image-name }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.version=${{ needs.release.outputs.version }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+  template-sync:
+    timeout-minutes: 5
+
+    needs:
+      - metadata
+      - test
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'true' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}

node-cloudevents-schemas

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-debug

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-error

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-glob-promise

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-marked-promise

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-metalsmith-imagemin

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-metalsmith-paths

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-metalsmith-pug

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-metalsmith-request

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-nightwatch-accessibility

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-oas-fastify

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-oas-request

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-oas-request-readme

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-oas-schemas

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-pretty-exceptions

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-serve-reload-replace

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-smart-promise

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-spawn-promise

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-static-site-generator

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-stringify-clone

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-template-literals-engine

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-terraform-unidiff

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-uncaught-extender

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -177,9 +177,9 @@
 
       - run: npm ci
 
       - id: release
-        uses: ahmadnassri/[email protected]
+        uses: ahmadnassri/[email protected]
         with:
           config: ${{ github.workspace }}/.semantic.json
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

node-updated

.github/linters/.checkov.yml

--- .github/linters/.checkov.yml
+++ .github/linters/.checkov.yml
@@ -4,9 +4,8 @@
 
 quiet: true
 skip-check:
   - CKV_DOCKER_2
-  - CKV_DOCKER_8
   - CKV_GHA_3
   - BC_DKR_3
   - CKV_GIT_1
   - CKV_GIT_5

.github/linters/.mega-linter.yml

--- .github/linters/.mega-linter.yml
+++ .github/linters/.mega-linter.yml
@@ -10,18 +10,16 @@
   - SPELL_CSPELL
   - JSON_PRETTIER
   - YAML_PRETTIER
   - JAVASCRIPT_PRETTIER
-  - HTML_DJLINT
-  - REPOSITORY_DEVSKIM # temporarily disabled
 
 LOG_LEVEL: INFO
 PRINT_ALPACA: false
 CONFIG_REPORTER: false
 SHOW_ELAPSED_TIME: true
 FLAVOR_SUGGESTIONS: false
 VALIDATE_ALL_CODEBASE: false
 IGNORE_GENERATED_FILES: true
-FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*|coverage/*|.nyc_output/*)
+FILTER_REGEX_EXCLUDE: (dist/*|README.md|test/fixtures/*|vendor/*|/schemas/*)
 
 MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdown-lint.yml
 REPOSITORY_CHECKOV_ARGUMENTS: [--skip-path, schemas]

.github/workflows/pull_request_target.yml

--- .github/workflows/pull_request_target.yml
+++ .github/workflows/pull_request_target.yml
@@ -9,6 +9,6 @@
 permissions: read-all
 
 jobs:
   main:
-    uses: ahmadnassri/actions/.github/workflows/pull-request-target.yml@master
+    uses: ahmadnassri/actions/.github/workflows/pull-request-target-template.yml@master
     secrets: inherit

.github/workflows/push.yml

--- .github/workflows/push.yml
+++ .github/workflows/push.yml
@@ -1,21 +1,322 @@
 # ----------------------------------------------- #
 # Note: this file originates in template-node-lib #
 # ----------------------------------------------- #
 
-name: push
-
 on:
   - push
   - workflow_dispatch
 
-permissions: read-all
+name: push
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+
+permissions:
+  contents: write
+  packages: write
+  pull-requests: write
+
+env:
+  NODE_ENV: test
+
 jobs:
-  main:
-    uses: ahmadnassri/actions/.github/workflows/push-javascript.yml@master
-    secrets: inherit
+  metadata:
+    runs-on: ubuntu-latest
+
+    outputs:
+      image-name: ${{ steps.image.outputs.name }}
+      dockerfile: ${{ steps.dockerfile.outputs.exists }}
+      repository_is_template: ${{ steps.metadata.outputs.repository_is_template }}
+      repository_default_branch: ${{ steps.metadata.outputs.repository_default_branch }}
+
+    steps:
+      - uses: actions/[email protected]
+
+      - id: metadata
+        uses: ahmadnassri/[email protected]
+
+      - id: dockerfile
+        run: echo "exists=$([[ -f "${{ github.workspace }}/Dockerfile" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
+
+      - id: image
+        run: echo "name=$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+  commit-lint:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          config: .github/linters/.commit-lint.yml
+
+  mega-linter:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: oxsecurity/megalinter/flavors/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MEGALINTER_CONFIG: .github/linters/.mega-linter.yml
+          GITHUB_COMMENT_REPORTER: true
+          GITHUB_STATUS_REPORTER: true
+
+      - uses: actions/[email protected]
+        if: ${{ success() }} || ${{ failure() }}
+        with:
+          name: mega-linter-reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+  npm-audit:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: latest
+
+      - run: npm audit
+        env:
+          NPM_CONFIG_AUDIT_LEVEL: ${{ env.NPM_CONFIG_AUDIT_LEVEL || 'critical' }}
+
+  test-strategy:
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/test-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  test:
+    needs:
+      - npm-audit
+      - test-strategy
+
+    timeout-minutes: 5
+
+    name: ${{ matrix.name || format('node v{0} @ {1}', matrix.node-version, matrix.os) || 'test-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.test-strategy.outputs.matrix) }}
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: ahmadnassri/[email protected]
+
+      - uses: actions/[email protected]
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: npm ci
+      - run: npm run test:ci
+
+  release:
+    needs:
+      - test
+      - metadata
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    timeout-minutes: 20
+
+    runs-on: ubuntu-latest
+
     permissions:
       contents: write
-      statuses: write
       packages: write
-      pull-requests: write
+
+    outputs:
+      published: ${{ steps.release.outputs.published }}
+      version: ${{ steps.release.outputs.release-version }}
+      version-major: ${{ steps.release.outputs.release-version-major }}
+      version-minor: ${{ steps.release.outputs.release-version-minor }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          cache: npm
+
+      - run: npm ci
+
+      - id: release
+        uses: ahmadnassri/[email protected]
+        with:
+          config: ${{ github.workspace }}/.semantic.json
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  mirror:
+    needs: release
+
+    timeout-minutes: 5
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    if: ${{ needs.release.outputs.published == 'true' }}
+
+    steps:
+      - uses: actions/[email protected]
+        with:
+          submodules: true
+
+      - uses: actions/[email protected]
+        with:
+          registry-url: https://npm.pkg.github.com
+          node-version: latest
+
+      - name: publish to github registry
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          jq '.name = "@'"${GITHUB_REPOSITORY/node-/}"'"' package.json > /tmp/package.json; mv /tmp/package.json .
+          npm version --no-git-tag-version "v${{ needs.release.outputs.version }}"
+          npm publish
+
+  publish-strategy:
+    needs:
+      - metadata
+
+    timeout-minutes: 5
+
+    # only runs on main branch for non template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'false' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.parse.outputs.matrix }}
+
+    steps:
+      - uses: actions/[email protected]
+      - id: parse
+        run: echo "matrix=$(jq -c . < .github/publish-matrix.json)" >> "$GITHUB_OUTPUT"
+
+  publish-docker:
+    needs:
+      - release
+      - metadata
+      - publish-strategy
+
+    timeout-minutes: 5
+
+    if: |
+      needs.release.outputs.published == 'true' &&
+      needs.metadata.outputs.dockerfile == 'true'
+
+    name: ${{ format('publish to {0}', matrix.registry) || 'publish-step' }}
+
+    strategy:
+      matrix: ${{ fromJSON(needs.publish-strategy.outputs.matrix) }}
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    steps:
+      - uses: actions/[email protected]
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+
+      # login to docker hub
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      # login to github container registry
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: meta
+        run: |
+          echo "name=${{ github.repository_owner }}/$(basename "${GITHUB_REPOSITORY/node-//}")" >> "$GITHUB_OUTPUT"
+
+      # publish
+      - uses: docker/build-push-action@v4
+        with:
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          tags: |
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:latest
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version-major }}
+            ${{ matrix.registry }}/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version }}
+          labels: |
+            org.opencontainers.image.title=${{ needs.metadata.outputs.image-name }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.version=${{ needs.release.outputs.version }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+  template-sync:
+    timeout-minutes: 5
+
+    needs:
+      - metadata
+      - test
+      - commit-lint
+      - mega-linter
+
+    # only runs on main branch for template repos
+    if: |
+      needs.metadata.outputs.repository_is_template == 'true' &&
+      needs.metadata.outputs.repository_default_branch == github.ref_name
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: ahmadnassri/[email protected]
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}