ci: add github actions and dependabot

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,41 @@
+# For more information see: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code
+
+name: 'CodeQL'
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request_review:
+    branches: [master, develop]
+    types: [submitted]
+
+jobs:
+  analyze:
+    if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved' && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER') && !github.event.pull_request.draft && github.event.pull_request.state == 'open') }}
+    name: 'Analyze'
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript']
+
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
+
+      - name: 'Initialize CodeQL'
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: 'Autobuild'
+        uses: github/codeql-action/autobuild@v1
+
+      - name: 'Perform CodeQL Analysis'
+        uses: github/codeql-action/analyze@v1

.github/workflows/commitlint.yml

@@ -0,0 +1,20 @@
+# For more information see: https://github.com/marketplace/actions/commit-linter
+
+name: 'Lint Commit Messages'
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request_review:
+    branches: [master, develop]
+    types: [submitted]
+
+jobs:
+  commitlint:
+    if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved' && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER') && !github.event.pull_request.draft && github.event.pull_request.state == 'open') }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: 'actions/checkout@v2'
+        with:
+          fetch-depth: 0
+      - uses: 'wagoid/commitlint-github-action@v2'

.github/workflows/nodejs.yml

@@ -0,0 +1,38 @@
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: 'Node.js CI'
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request_review:
+    branches: [master, develop]
+    types: [submitted]
+
+jobs:
+  ci_app:
+    if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved' && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER') && !github.event.pull_request.draft && github.event.pull_request.state == 'open') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [14.x]
+    steps:
+      - uses: 'actions/checkout@v2'
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: 'actions/setup-node@v2.1.4'
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: 'Cache dependencies'
+        uses: 'actions/cache@v2'
+        with:
+          path: |
+            **/node_modules
+          key: ${{ runner.os }}-${{ hashFiles('**/package.json') }}
+
+      - name: 'Install dependencies'
+        run: 'npm install'
+
+      - name: 'Run the tests'
+        run: 'npm test'