ops updates, fixes, dependabot config

.github/dependabot.yml

@@ -0,0 +1,19 @@
+---
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    assignees:
+      - "kerberizer"
+
+  # Maintain dependencies for JS
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    assignees:
+      - "kerberizer"

.github/workflows/docker-publish.yml

@@ -6,9 +6,11 @@ on:  # yamllint disable-line rule:truthy
     branches:
       - main
       - develop
-    tags:
-      - v*.*.*
-    workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
 
 env:
   REGISTRY: ghcr.io
@@ -27,15 +29,18 @@ jobs:
       id-token: write
 
     steps:
+
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.7
         with:
           submodules: recursive
 
       # TODO: Temporary solution for using different backends.
       - name: Set up appropriate backend
         run: >-
-          if [[ '${{ github.ref }}' == 'refs/heads/main' ]]; then
+          if [[ '${{ github.event_name }}' == 'pull_request' ]]; then
+            api_url='https://api-test2.ramanchada.ideaconsult.net/template'
+          elif [[ '${{ github.ref }}' == 'refs/heads/main' ]]; then
             api_url="https://api.ramanchada.ideaconsult.net/template"
           elif [[ '${{ github.ref }}' == 'refs/heads/develop' ]]; then
             api_url='https://api-test.ramanchada.ideaconsult.net/template'
@@ -49,19 +54,19 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@v3.7.0
         with:
-          cosign-release: 'v2.2.3'
+          cosign-release: 'v2.4.1'
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@v3.7.1
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -71,12 +76,18 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v5.6.1
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.description=Template Designer Service
+            org.opencontainers.image.licenses=MIT
+            org.opencontainers.image.title=template-designer
+            org.opencontainers.image.url=https://github.com/ideaconsult/templateforge/blob/main/README.md
+            org.opencontainers.image.vendor=IDEAconsult
           tags: |
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'develop') }}
-            type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }}
+            type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main' }}
             type=ref,event=branch
             type=ref,event=tag
             type=ref,event=pr
@@ -85,22 +96,22 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6.10.0
         with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           context: .
+          labels: ${{ steps.meta.outputs.labels }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish
       # transparency data even for private images, pass --force to cosign below.
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
+        if: github.event_name != 'pull_request'
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
           TAGS: ${{ steps.meta.outputs.tags }}

.yamllint.yml

@@ -0,0 +1,7 @@
+---
+extends: default
+rules:
+  line-length:
+    max: 119
+  new-lines:
+    type: platform

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:lts-alpine as requirements-stage
+FROM node:lts-alpine AS requirements-stage
 
 WORKDIR /tmp
 
@@ -15,17 +15,7 @@ RUN npm install
 #RUN npm run lint
 RUN npm run build-docker
 
-FROM nginx:mainline
 
-LABEL maintainer="Luchesar ILIEV <[email protected]>" \
-      org.opencontainers.image.created=$BUILD_DATE \
-      org.opencontainers.image.description="Template Designer Service" \
-      org.opencontainers.image.revision=$VCS_REF \
-      org.opencontainers.image.schema-version="1.0" \
-      org.opencontainers.image.source="https://github.com/ideaconsult/templateforge" \
-      org.opencontainers.image.title="template-designer" \
-      org.opencontainers.image.url="https://github.com/ideaconsult/templateforge/blob/main/README.md" \
-      org.opencontainers.image.vendor="IDEAconsult" \
-      org.opencontainers.image.version="latest"
+FROM nginx:mainline
 
 COPY --from=requirements-stage /tmp/dist /usr/share/nginx/html