v1.18.1

chore(release): merge develop into main v1.18.1 (#161)

* chore(deps): bump aws-actions/configure-aws-credentials in the aws group

Bumps the aws group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).


Updates `aws-actions/configure-aws-credentials` from 4 to 6
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v6)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: aws
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(refs): pin all @develop refs to v1.18.0 in workflows and v1.x.x in READMEs (#160)

* chore(refs): pin all @develop refs to v1.18.0 in workflows and v1.x.x in README examples

* fix(lint): quote GITHUB_OUTPUT in release-notification SC2086

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v1.18.1-beta.3

chore(deps): bump fgrosse/go-coverage-report in the go-tooling group …

v1.18.1-beta.2

chore(refs): pin all @develop refs to v1.18.0 in workflows and v1.x.x…

v1.18.1-beta.1

Merge pull request #159 from LerianStudio/dependabot/github_actions/d…

v1.18.0

Merge pull request #157 from LerianStudio/develop

Develop

v1.18.0-beta.4

feat(changed-paths): add shared_paths input to trigger full matrix on…

v1.18.0-beta.3

feat(ci): add YAML and GitHub Actions lint analysis for PRs (#148)

* feat(ci): add YAML and GitHub Actions lint analysis for PRs

Add self-pr-analysis workflow that runs yamllint and actionlint
on pull requests to validate YAML syntax and GitHub Actions
workflow correctness.

* fix(ci): scope yamllint and actionlint to changed files only

Filter both linters to only check files modified in the PR instead
of scanning the entire repository. Falls back to full scan on
workflow_dispatch.

* fix(ci): register blacksmith runner label for actionlint

Add actionlint config with blacksmith-4vcpu-ubuntu-2404 as a known
self-hosted runner label to avoid false-positive runner-label errors.

* feat(ci): add pinned actions check, markdown link check, typos, and self-pr-validation

- Pinned Actions Check: fails on uses: @main/@master (skips LerianStudio)
- Markdown Link Check: validates links in changed .md files
- Spelling Check: typos-cli across the codebase
- self-pr-validation: thin entrypoint calling pr-validation.yml
  with source branch enforcement for PRs to main
- Add .github/markdown-link-check-config.json
- Update dependabot groups for new actions

* refactor(ci): merge self-pr-analysis into self-pr-validation

Consolidate all PR checks into a single self-pr-validation workflow:
PR validation, YAML lint, actionlint, pinned actions, markdown link
check, and spelling. Remove self-pr-analysis.yml.

* feat(lint): add lint composites and refactor self-pr-validation

Create 5 composite actions under src/lint/:
- yamllint: YAML syntax validation
- actionlint: GitHub Actions workflow validation
- pinned-actions: ensures uses: refs are pinned
- markdown-link-check: validates links in .md files
- typos: spelling check via typos-cli

Refactor self-pr-validation to use composites directly with a
shared changed-files detection job for all lint checks.

* feat(config): extract changed-workflows composite from self-pr-validation

Create src/config/changed-workflows composite that categorizes
changed files by type (YAML, workflows, actions, markdown) for
downstream lint jobs. Refactor self-pr-validation to use it.

* fix(ci): add changed-files dependency to typos job

* fix(config): fix find operator precedence and require github-token in changed-workflows

- Fix find -name operator precedence bug: wrap -name flags in \( \)
  so both .yml and .yaml files are returned in workflow_dispatch fallback
- Make github-token required to prevent silent auth failures with gh CLI
- Fix yamllint glob pattern to recursively match .yml files

* feat(lint): add step summaries to all lint and detection composites

Each composite now writes a GitHub Step Summary before running,
listing the files it will process (or scope for typos). Feedback
is self-contained in each composite, not in the workflow.

* refactor(lint): replace step summaries with log output in lint composites

* refactor(lint): add file count and list to log step in lint composites

* refactor(lint): use group annotations and sed for file log in lint composites

* fix(changed-workflows): replace while loop with sed to fix step summary list rendering

* fix(lint): action-files csv, actionlint covers src/ composites, log changed-files to stdout

* feat(notify): add pr-lint-reporter composite and lint-report job to post PR comments

* refactor(notify): replace files collapse with failures collapse in pr-lint-reporter

* feat(lint): scope spelling check to changed files only, add all-files detection

* feat(notify): fetch job annotations to show per-file errors in failures collapse

* fix(lint): use env vars for input interpolation in run blocks, fix grep -Fq, gate typos on changed files

* fix(lint): scope actionlint to workflow files only to avoid composite false positives

* fix(notify): filter only failure-level annotations in lint reporter to exclude warnings

* chore(deps): upgrade actions/checkout to v6 in self-pr-validation

* feat(lint): enforce full semver pinning in pinned-actions check

* feat(lint): warn on internal unpinned actions instead of failing in pinned-actions check

* feat(lint): restrict external actions to final releases only, allow pre-releases for internal

* feat(lint): warn on internal pre-release tags (beta/rc) instead of allowing silently

* fix(lint): anchor uses: grep to start of line to avoid false matches in shell scripts

* fix(lint): align pinned-actions description and error message with actual validation rules

- gate lint-report on changed-files success to avoid misleading skipped summaries
- paginate annotation fetches in pr-lint-reporter (per_page 100)
- fix pinned-actions description and error message to reflect final-release-only rule for externals

* chore(lint): clean up markdown-link-check and yamllint configs

* ci(self): remove edited trigger to prevent reruns on CodeRabbit updates

* fix(lint): tighten markdown config, fix pinned-actions grep pattern, scope workflow permissions

* fix(lint): add pull-requests read to changed-files job, strip inline comments in pinned-actions

* feat(lint): add shellcheck and readme-check composites to PR lint pipeline

* fix(lint): quote shellcheck description, add pr-lint-reporter README

* fix(lint): quote step name containing run: in shellcheck composite

* fix(lint): remove GHA expression syntax from Python comment in shellcheck

* fix(lint): use shell variable placeholder for GHA expressions, exclude SC2154

* fix(lint): respect shell type and count all severity findings in shellcheck

* fix(lint): fix GHA regex for nested braces, correct shellcheck line offset

* feat(lint): add composite-schema lint to validate input conventions

* fix(lint): scope composite-schema to src/ action files only via dedicated output

* feat(lint): extend composite-schema with name, description, steps, kebab-case and reserved prefix checks

* feat(lint): validate composite directory depth matches src/<capability>/<name>/action.yml

* fix(lint): apply directory depth check only after confirming composite action

* fix(lint): gate validation job to PR events, harden composite-schema inputs, escape JS file paths with toJSON

* fix(lint): add actions:read permission, harden composite-schema type guards, fix README example

* fix(lint): fix inputs normalization false-negative and double-count, align README example guard

* fix(lint): treat YAML parse errors as violations, enforce action.yml filename in path check

v1.18.0-beta.2

Merge pull request #153 from LerianStudio/fix/channel-aware-tag-compa…

v1.18.0-beta.1

Merge pull request #146 from LerianStudio/main

chore: backmerge

v1.16.0-beta.17

feat(security): Docker Scout integration with policy enforcement and …