chore 📦: Add new markdown lint configuration, Ansible best practices, README guidelines, AI PR review workflow, and security checks.

This commit includes the addition of a new markdown lint configuration to disable MD041 rule. It also introduces an Ansible best practices file, README guidelines for comprehensive project files, an AI PR review workflow, and new security checks using Gitleaks and markdown-lint.

.gitea/workflows/AiReviewPR.yaml

@@ -0,0 +1,37 @@
+---
+# https://github.com/kekxv/AiReviewPR
+name: ai-reviews
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  review:
+    name: Review PR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          # Number of commits to fetch. 0 indicates all history for all
+          # branches and tags.
+          # Default: 1
+          fetch-depth: 0
+          # The base URL for the GitHub instance that you are trying to clone
+          # from, will use environment defaults to fetch from the same instance
+          # that the workflow is running from unless specified.
+          # Example URLs are https://github.com or
+          # https://my-ghes-server.example.com
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Review code
+        uses: kekxv/AiReviewPR@v0.1.0
+        with:
+          model: ${{ vars.OLLAMA_MODEL }}
+          host: http://192.168.2.233:11435
+          # host: ${{ vars.OLLAMA_HOST }}
+          # ai_token: ${{ secrets.AI_TOKEN }}
+          REVIEW_PULL_REQUEST: false
+          LANGUAGE: English

.gitea/workflows/ansible-lint.yml

@@ -1,15 +1,17 @@
-# .github/workflows/ansible-lint.yml
+---
+# .gitea/workflows/ansible-lint.yml
 name: ansible-lint
 
 on: [pull_request, issues, push]
 
 jobs:
   build:
-    name: Ansible Lint # Naming the build is important to use it as a status check
+    name: Ansible Lint
+    # Naming the build is important to use it as a status check
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           github-server-url: ${{ vars.GIT_SERVER_URL }}
 
@@ -21,7 +23,11 @@ jobs:
       - name: Install ansible-lint
         run: |
           python -m pip install --upgrade pip
-          pip install ansible ansible-lint
+          pip install ansible ansible-lint yamllint
+
+      - name: Run yamllint
+        run: |
+          yamllint .
 
       - name: Run ansible-lint
         run: |

.gitea/workflows/gitleaks.yml

@@ -0,0 +1,35 @@
+---
+name: Gitleaks Scan
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Install Gitleaks
+        run: |
+          curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
+          | tar -xz
+          sudo mv gitleaks /usr/local/bin/
+
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Run Gitleaks
+        run: |
+          gitleaks dir . \
+            --redact=10 \
+            --verbose \
+            --exit-code 1
+        # gitleaks detect \
+        #   --source . \
+        #   --no-git \
+        #   --redact=20 \
+        #   --verbose \
+        #   --exit-code 1

.gitea/workflows/markdown-lint.yml

@@ -0,0 +1,71 @@
+---
+# .gitea/workflows/markdown-lint.yml
+name: Markdown Lint
+
+on: [pull_request, issues, push]
+
+jobs:
+  build:
+    name: markdown-lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Install Node.js & markdownlint
+        run: |
+          apt-get update && apt-get install -y npm
+          npm install -g markdownlint-cli2
+
+      - name: Run lint
+        run: markdownlint-cli2 "**/*.md" "#node_modules"
+
+# on:
+#   push:
+#     branches:
+#       - main
+#   pull_request:
+#     branches:
+#       - main
+
+# jobs:
+#   markdown-lint:
+#     runs-on: docker
+#     container:
+#       image: node:20-alpine
+#     steps:
+#       - name: Install dependencies
+#         run: |
+#           apk add --no-cache git
+#           npm install -g markdownlint-cli2
+
+#       - name: Run Markdown lint
+#         run: |
+#           markdownlint-cli2 "**/*.md" "#node_modules"
+
+#########################################à
+
+# ---
+# https://github.com/marketplace/actions/markdownlint-cli2-action
+# name: Markdown Lint
+
+# on: [pull_request, push]
+
+# jobs:
+#   build:
+#     name: markdown-lint
+#     runs-on: ubuntu-latest
+#     steps:
+#       - name: Checkout code
+#         uses: actions/checkout@v4
+#         with:
+#           github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+#       - name: Markdown lint
+#         uses: DavidAnson/markdownlint-cli2-action@v22
+#         with:
+#           globs: '**/*.md'
+#           fix: true
+#           continue-on-error: true

.gitea/workflows/stale.yml

@@ -0,0 +1,72 @@
+---
+# This workflow warns and then closes issues and PRs that have
+# had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+    - cron: '21 3 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
+
+    steps:
+  # - name: Checkout code
+  #   uses: actions/checkout@v4
+  #   with:
+  #     # Number of commits to fetch. 0 indicates all history for all branches
+  #     # and tags.
+  #     # Default: 1
+  #     fetch-depth: 0
+  #     # The base URL for the GitHub instance that you are trying to clone from,
+  #     # will use environment defaults to fetch from the same instance that the
+  #     # workflow is running from unless specified.
+  #     # Example URLs are https://github.com or
+  #     # https://my-ghes-server.example.com
+  #     github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+  # The 90 day stale policy
+  # Used for:
+  # - Issues & PRs
+  # - No PRs marked as no-stale or pinned
+  # - No issues marked as no-stale, help-wanted or pinned
+      - name: 90 days stale issues & PRs policy
+        uses: actions/stale@v9.1.0
+        with:
+          # repo-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          days-before-stale: 90
+          days-before-close: 7
+          operations-per-run: 150
+          remove-stale-when-updated: true
+          stale-issue-label: "stale"
+          exempt-issue-labels: "no-stale,help-wanted,pinned,enhancement"
+          stale-issue-message: >
+            There hasn't been any activity on this issue recently. To keep our
+            backlog manageable we have to clean old issues, as many of them have
+            already been resolved with the latest updates.
+
+            Please make sure to update to the latest version and check if that
+            solves the issue. Let us know if that works for you by adding a
+            comment 👍
+
+            This issue has now been marked as stale and will be closed if no
+            further activity occurs. Thank you for your contributions.
+
+          stale-pr-label: "stale"
+          exempt-pr-labels: "no-stale,pinned"
+          stale-pr-message: >
+            There hasn't been any activity on this pull request recently. This
+            pull request has been automatically marked as stale because of that
+            and will be closed if no further activity occurs within 7 days.
+
+            Thank you for your contributions.