chore: update of common workflows

.github/workflows/automatic-pr-labeler.yaml

@@ -24,7 +24,9 @@ jobs:
     if: (github.event.pull_request.merged == false) && (github.event.pull_request.user.login != 'dependabot[bot]') && (github.event.pull_request.user.login != 'github-actions[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: "Execute assign labels"
         id: action-assign-labels
@@ -42,4 +44,4 @@ jobs:
             echo "⚠️ Pull request from fork! ⚠️";
             echo "Labels will not be applied to PR. Assign them manually please.";
             echo "Labels to assign: ${{ steps.action-assign-labels.outputs.labels-next }}";
-          } >> $GITHUB_STEP_SUMMARY
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/cla.yaml

@@ -7,13 +7,29 @@ on:
     types: [opened, closed, synchronize]
 
 permissions:
-  actions: write
   contents: read
-  pull-requests: write
-  statuses: write
 
 jobs:
-  cla_assistant:
-    uses: Netcracker/qubership-workflow-hub/.github/workflows/cla.yaml@main
-    secrets:
-      personal_access_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+  CLAAssistant:
+    if: github.event.pull_request.draft == false
+    permissions:
+      actions: write
+      contents: write
+      pull-requests: write
+      statuses: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ACCESS_TOKEN }}
+        with:
+          path-to-signatures: 'signatures/version1/cla.json'
+          path-to-document: 'https://github.com/Netcracker/qubership-github-workflows/blob/main/CLA/cla.md'
+          # branch should not be protected
+          branch: 'main'
+          allowlist: NetcrackerCLPLCI,web-flow,bot*
+          remote-repository-name: cla-storage
+          remote-organization-name: Netcracker

.github/workflows/link-checker.yaml

@@ -0,0 +1,22 @@
+---
+name: Link Checker
+
+on:
+  push: null
+  repository_dispatch: null
+  workflow_dispatch: null
+permissions:
+  contents: read
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Link Checker
+        id: lychee
+        uses: lycheeverse/lychee-action@v2
+        with:
+          args: --base . --verbose --no-progress './**/*.md' --accept 100..=103,200..=299,429
+          format: markdown
+          fail: true

.github/workflows/pr-conventional-commits.yaml

@@ -16,6 +16,8 @@ jobs:
     name: Conventional Commits
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - uses: webiny/[email protected]

.github/workflows/pr-lint-title.yaml

@@ -7,6 +7,8 @@ on:
     types:
       - opened
       - edited
+      - synchronize
+      - reopened
 
 permissions:
   pull-requests: read
@@ -16,6 +18,6 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5
+      - uses: amannn/action-semantic-pull-request@v6
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/profanity-filter.yaml

@@ -14,14 +14,16 @@ permissions:
   pull-requests: write
 
 jobs:
-  call-apply-filter:
-    if: ${{ github.event_name == 'issue_comment' || github.event_name == 'issues' || (github.event_name == 'pull_request' && github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id) }}
-    uses: Netcracker/qubership-workflow-hub/.github/workflows/profanityFilter.yaml@main
-  warning:
+  apply-filter:
     runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.repo.id != github.event.pull_request.head.repo.id }}
     steps:
-      - name: "Warning"
-        run: |
-          echo "⚠️ Pull request from fork! ⚠️" >> $GITHUB_STEP_SUMMARY
-          echo "The action cannot be run over PRs from fork." >> $GITHUB_STEP_SUMMARY
+    - name: Scan issue or pull request for profanity
+      # Conditionally run the step if the actor isn't a bot
+      if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }}
+      uses: IEvangelist/[email protected]
+      id: profanity-filter
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        # See https://bit.ly/potty-mouth-replacement-strategies
+        replacement-strategy: middle-asterisk # See Replacement strategy
+        custom-profane-words-url: https://github.com/Hesham-Elbadawi/list-of-banned-words/raw/refs/heads/master/ru

.github/workflows/super-linter.yaml

@@ -29,25 +29,70 @@ permissions:
   contents: read
 
 jobs:
+  prepare-configs:
+    runs-on: ubuntu-latest
+    steps:
+    - name: "Get the common linters configuration"
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        ref: main # fix/superlinter-config
+        repository: netcracker/.github
+        persist-credentials: false
+        sparse-checkout: |
+          config/linters
+    - name: "Upload the common linters configuration"
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      with:
+        name: linter-config
+        path: "${{ github.workspace }}/config"
+        include-hidden-files: true
   run-lint:
+    needs: [prepare-configs]
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          # Full git history is needed to get a proper list of changed files within `super-linter`
-          fetch-depth: 0
+    - name: Checkout code
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        # Full git history is needed to get a proper list of changed files within `super-linter`
+        fetch-depth: 0
+        persist-credentials: false
+    - name: "Get the common linters configuration"
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+      id: download
+      with:
+        name: linter-config
+        path: /tmp/linter-config
+    - name: "Apply the common linters configuration"
+      if: ${{ steps.download.outputs.download-path != '' }}
+      run: |
+        mkdir -p ./.github/linters
+        cp --update=none -vRT /tmp/linter-config/linters ./.github/linters
+
+    - name: "Load super-linter environment file"
+      shell: bash
+      run: |
+        # shellcheck disable=2086
+        if [ -f "${GITHUB_WORKSPACE}/.github/super-linter.env" ]; then
+          echo "Applying local linter environment:"
+          grep "\S" ${GITHUB_WORKSPACE}/.github/super-linter.env | grep -v "^#"
+          grep "\S" ${GITHUB_WORKSPACE}/.github/super-linter.env | grep -v "^#" >> $GITHUB_ENV
+        elif [ -f "/tmp/linter-config/linters/super-linter.env" ]; then
+          echo "::warning:: Local linter environment file .github/super-linter.env is not found"
+          echo "Applying common linter environment:"
+          grep "\S" /tmp/linter-config/linters/super-linter.env | grep -v "^#"
+          grep "\S" /tmp/linter-config/linters/super-linter.env | grep -v "^#" >> $GITHUB_ENV
+        fi
 
-      - name: "Load super-linter environment file"
-        run: |
-          # shellcheck disable=2086
-          if [ -f "./.github/super-linter.env" ]; then
-            grep "\S" ./.github/super-linter.env | grep -v "^#"
-            grep "\S" ./.github/super-linter.env | grep -v "^#" >> $GITHUB_ENV
-          fi
+    - name: Lint Code Base
+      uses: super-linter/super-linter/slim@ffde3b2b33b745cb612d787f669ef9442b1339a6 # v8.1.0
+      env:
+        VALIDATE_ALL_CODEBASE: ${{ inputs.full_scan || false }}
+        # To report GitHub Actions status checks
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        DEFAULT_BRANCH: ${{ github.event.pull_request.base.ref || github.event.push.ref }}
 
-      - name: Lint Code Base
-        uses: super-linter/super-linter@v7
-        env:
-          VALIDATE_ALL_CODEBASE: ${{ inputs.full_scan || false }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}