Consider package-lock.json when building the dev-container so we can
enforce a known-working dependency chain. This caused issues in the past
when commitlint and release-please had bugs in new versions that
impacted our build pipeline.
- Add support to run Checkov against infrastructure as code descriptors
that are in a given (configurable) directory. Defaults to lint the
whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
issues right away with this change.
- Implement a job to preview the release notes
- Include build, ci, and dependency updates
- Add emoji to section headings to match the existing release notes
- Add documentation about how to run release-please from the CLI
- Check if the PR contains a single commit, and fail otherwise.
- Enable commitlint to check if commits adhere to the
conventialcommits.org spec.
- Update the the pull request template to point to the conventional
commit spec.
- Update the dependabot configuration to add the "build(...)" prefix to
commits.
