feat: Add enhanced use-bundler with cross-platform environment detection

.github/dependabot.yml

@@ -0,0 +1,40 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "actions-mn/maintainers"
+    assignees:
+      - "actions-mn/maintainers"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "automated"
+    versioning-strategy: increase
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "actions-mn/maintainers"
+    assignees:
+      - "actions-mn/maintainers"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "github-actions"
+      - "automated"

.github/workflows/lint-and-test.yml

@@ -0,0 +1,26 @@
+name: lint-and-test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint and Test
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: 'yarn'
+
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - run: yarn format-check
+    - run: yarn test

.github/workflows/release.yml

@@ -0,0 +1,80 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: 'yarn'
+
+    - name: Install dependencies
+      run: yarn install --frozen-lockfile
+
+    - name: Build action
+      run: yarn build
+
+    - name: Package action
+      run: |
+        # Ensure dist directory exists and is committed
+        git add dist/
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git diff --staged --quiet || git commit -m "Update dist for release ${{ github.ref_name }}"
+
+    - name: Create Release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: Release ${{ github.ref }}
+        body: |
+          ## Changes in this Release
+
+          See the [CHANGELOG](CHANGELOG.md) for detailed information about this release.
+
+          ## Usage
+
+          ```yaml
+          - uses: actions-mn/setup@${{ github.ref_name }}
+            with:
+              version: 'latest'
+          ```
+        draft: false
+        prerelease: false
+
+  update-major-tag:
+    name: Update Major Version Tag
+    runs-on: ubuntu-latest
+    needs: release
+    if: startsWith(github.ref, 'refs/tags/v')
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Update major version tag
+      run: |
+        # Extract major version from tag (e.g., v1.2.3 -> v1)
+        TAG=${GITHUB_REF#refs/tags/}
+        MAJOR_VERSION=$(echo $TAG | cut -d. -f1)
+
+        # Update or create the major version tag
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git tag -fa $MAJOR_VERSION -m "Update $MAJOR_VERSION to $TAG"
+        git push origin $MAJOR_VERSION --force

.github/workflows/security.yml

@@ -0,0 +1,71 @@
+name: Security
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * 1'  # Weekly on Mondays
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v4
+      with:
+        fail-on-severity: moderate
+        allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC
+
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: 'yarn'
+
+    - name: Install dependencies
+      run: yarn install --frozen-lockfile
+
+    - name: Run security audit
+      run: yarn audit --level moderate

.github/workflows/test-bundler-docker.yml

@@ -0,0 +1,65 @@
+name: test-bundler-docker
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.head_ref || github.ref_name }}"
+  cancel-in-progress: true
+
+jobs:
+  test-bundler-docker:
+    name: Test use-bundler in ${{ matrix.name }} container
+    runs-on: ubuntu-latest
+    container: ${{ matrix.container }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: "Metanorma"
+            container: "metanorma/metanorma:latest"
+            needs-setup: false
+          - name: "Ruby"
+            container: "ruby:3.3.7-slim-bookworm"
+            needs-setup: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Create a minimal Gemfile for testing
+      - name: Create test Gemfile
+        run: |
+          cat > Gemfile << 'EOF'
+          source 'https://rubygems.org'
+          gem 'metanorma-cli'
+          EOF
+
+      # Setup Ruby only for containers that need it
+      - name: Setup Ruby
+        if: matrix.needs-setup
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+
+      # Test the enhanced use-bundler functionality
+      - name: Test setup-metanorma with use-bundler
+        uses: ./
+        with:
+          use-bundler: true
+
+      # Verify the setup worked
+      - name: Verify tools are functional
+        run: |
+          # Verify all tools are functional
+          ruby --version
+          bundle --version
+          bundle exec metanorma version
+          bundle exec fontist help