Merge branch 'main' of https://github.com/seedcase-project/guidebook into feat/fill-in-landing-page

Author: lwjohnst86

.copier-answers.yml

@@ -0,0 +1,11 @@
+# Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
+_commit: 0.17.10
+_src_path: gh:seedcase-project/template-website
+author_family_name: Johnston
+author_given_name: Luke
+github_board_number: '18'
+github_repo: guidebook
+github_user: seedcase-project
+hosting_provider: netlify
+is_seedcase_website: true
+review_team: '@seedcase-project/developers'

.cz.toml

@@ -0,0 +1,8 @@
+[tool.commitizen]
+version = "0.2.0"
+bump_message = "build(version): :bookmark: update version from $current_version to $new_version"
+version_schema = "semver"
+version_provider = "commitizen"
+update_changelog_on_bump = true
+# Don't regenerate the changelog on every update
+changelog_incremental = true

.editorconfig

@@ -10,6 +10,7 @@ indent_size = 2
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
+max_line_length = 88
 
 # Have a bit shorter line length for text docs
 [*.{txt,md,qmd}]

.github/CODEOWNERS

@@ -1,9 +1,2 @@
-# All members on Developers team get added to review PRs
+# All members on the team get added to review PRs
 * @seedcase-project/developers
-
-# Ignore these so we don't get added to sync PRs
-/.github/
-/.vscode/
-justfile
-.editorconfig
-.gitignore

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    commit-message:
+      prefix: ci
+      include: scope

.github/pull_request_template.md

@@ -1,10 +1,10 @@
 # Description
 
-These changes PURPOSE, because REASON.
+EXPLANATION
 
 Closes #
 
-This PR needs a quick/an in-depth review.
+Needs a quick/thorough review.
 
 ## Checklist
 

.github/workflows/add-to-project.yml

@@ -11,12 +11,14 @@ on:
       - reopened
       - opened
 
-permissions:
-  pull-requests: write
+# Limit token permissions for security
+permissions: read-all
 
 jobs:
   add-to-project:
     uses: seedcase-project/.github/.github/workflows/reusable-add-to-project.yml@main
+    permissions:
+      pull-requests: write
     with:
       app-id: ${{ vars.ADD_TO_BOARD_APP_ID }}
       board-number: 18

.github/workflows/build-website.yml

@@ -1,11 +1,16 @@
-name: Build and deploy website
+name: Build website
 
 on:
   push:
-    branches: main
+    branches:
+      - main
+
+# Limit token permissions for security
+permissions: read-all
 
 jobs:
-  build-deploy-docs:
+  build-website:
     uses: seedcase-project/.github/.github/workflows/reusable-build-docs.yml@main
+
     secrets:
       netlify-token: ${{ secrets.NETLIFY_AUTH_TOKEN }}

.github/workflows/dependency-review.yml

@@ -0,0 +1,17 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: "Security: Dependency Review"
+on: pull_request
+
+# Limit token permissions for security
+permissions: read-all
+
+jobs:
+  dependency-review:
+    uses: seedcase-project/.github/.github/workflows/reusable-dependency-review.yml@main

.github/workflows/release-project.yml

@@ -0,0 +1,21 @@
+name: Release project
+
+on:
+  push:
+    branches:
+      - main
+
+# Limit token permissions for security
+permissions: read-all
+
+jobs:
+  release-project:
+    # This job outputs env variables `previous_version` and `current_version`.
+    # The workflow needs write permissions for `GITHUB_TOKEN` to create a release.
+    permissions:
+      contents: write
+    uses: seedcase-project/.github/.github/workflows/reusable-release-project.yml@main
+    with:
+      app-id: ${{ vars.UPDATE_VERSION_APP_ID }}
+    secrets:
+      update-version-gh-token: ${{ secrets.UPDATE_VERSION_TOKEN }}