Add yamllint configuration and fix lint warnings

.github/workflows/ci.yml

@@ -1,5 +1,5 @@
 name: CI
-on:
+on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/codeql.yml

@@ -1,6 +1,6 @@
 name: CodeQL
 
-on:
+on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/ghcr.yml

@@ -1,5 +1,5 @@
 name: Publish Docker images (GHCR)
-on:
+on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/scorecard.yml

@@ -1,6 +1,6 @@
 name: Scorecard analysis
 
-on:
+on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/smoke.yml

@@ -3,10 +3,10 @@ name: Smoke
 permissions:
   contents: read
 
-on:
+on: # yamllint disable-line rule:truthy
   workflow_dispatch:
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
     paths-ignore:
       - docs/**
       - README.md
@@ -31,55 +31,55 @@ jobs:
       matrix:
         suite: ${{ fromJSON(needs.suites.outputs.suites) }}
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        persist-credentials: false
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
-    - name: Install Go
-      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
-      with:
-        go-version-file: go.mod
+      - name: Install Go
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
+        with:
+          go-version-file: go.mod
 
-    - name: Install Dependabot CLI
-      run: go install github.com/dependabot/cli/cmd/dependabot@latest
+      - name: Install Dependabot CLI
+        run: go install github.com/dependabot/cli/cmd/dependabot@latest
 
-    - name: Download smoke test
-      env:
-        SUITE: ${{ matrix.suite }}
-      run: |
-        gh api "repos/dependabot/smoke-tests/contents/tests/smoke-${SUITE}.yaml" -H "Accept: application/vnd.github.raw" > smoke.yaml
+      - name: Download smoke test
+        env:
+          SUITE: ${{ matrix.suite }}
+        run: |
+          gh api "repos/dependabot/smoke-tests/contents/tests/smoke-${SUITE}.yaml" -H "Accept: application/vnd.github.raw" > smoke.yaml
 
-    # Download the Proxy cache. The job is ideally 100% cached so no real calls are made.
-    - name: Download cache
-      env:
-        SUITE: ${{ matrix.suite }}
-      run: |
-        gh run download --repo dependabot/smoke-tests --name "cache-${SUITE}" --dir cache
+      # Download the Proxy cache. The job is ideally 100% cached so no real calls are made.
+      - name: Download cache
+        env:
+          SUITE: ${{ matrix.suite }}
+        run: |
+          gh run download --repo dependabot/smoke-tests --name "cache-${SUITE}" --dir cache
 
-    - name: Build proxy image
-      run: docker build -t "dependabot/proxy:latest" .
+      - name: Build proxy image
+        run: docker build -t "dependabot/proxy:latest" .
 
-    - name: ${{ matrix.suite }}
-      env:
-        LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        set -o pipefail
-        dependabot test \
-          -f=smoke.yaml \
-          -o=result.yaml \
-          --cache=cache \
-          --timeout=20m \
-          --proxy-image=dependabot/proxy:latest \
-          2>&1 | tee -a log.txt
+      - name: ${{ matrix.suite }}
+        env:
+          LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -o pipefail
+          dependabot test \
+            -f=smoke.yaml \
+            -o=result.yaml \
+            --cache=cache \
+            --timeout=20m \
+            --proxy-image=dependabot/proxy:latest \
+            2>&1 | tee -a log.txt
 
-    - name: Diff
-      if: always()
-      continue-on-error: true
-      run: diff --ignore-space-change smoke.yaml result.yaml && echo "Contents are identical"
+      - name: Diff
+        if: always()
+        continue-on-error: true
+        run: diff --ignore-space-change smoke.yaml result.yaml && echo "Contents are identical"
 
-    - name: Create summary
-      run: tail -n100 log.txt | grep -P '\d+/\d+ calls cached \(\d+%\)' >> $GITHUB_STEP_SUMMARY
+      - name: Create summary
+        run: tail -n100 log.txt | grep -P '\d+/\d+ calls cached \(\d+%\)' >> $GITHUB_STEP_SUMMARY
 
-    # No upload at the end:
-    # - If a test is uncachable in some regard, the cache would grow unbound.
-    # - We might want to consider erroring if the cache is changed.
+      # No upload at the end:
+      # - If a test is uncachable in some regard, the cache would grow unbound.
+      # - We might want to consider erroring if the cache is changed.

.github/workflows/yamllint.yml

@@ -0,0 +1,23 @@
+name: Lint YAML
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  yamllint:
+    name: yamllint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      # yamllint is pre-installed on GitHub Actions runners:
+      # https://github.com/adrienverge/yamllint/pull/588
+      - run: yamllint .

.yamllint.yaml

@@ -0,0 +1,15 @@
+---
+extends: default
+
+rules:
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  document-start: disable
+  indentation:
+    indent-sequences: consistent
+  line-length: disable
+
+ignore: |
+  # Vendored dependencies
+  vendor/