Remove obsolete Azure DevOps configurations and enhance documentation

.editorconfig

@@ -0,0 +1,16 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
+
+[*.{yml,yaml,json,md}]
+indent_size = 2
+
+[*.sh]
+indent_style = space
+indent_size = 4

.github/workflows/bicep_deployment.yaml

@@ -1,9 +1,8 @@
 name: Azure Bicep Deployment
 
+# Manual only: the deploy step references ./main.bicep, which does not exist in
+# this repo yet. Add a main.bicep and re-enable a push trigger when ready.
 on:
-  push:
-    branches:
-      - main
   workflow_dispatch:
     inputs:
       resource_group:
@@ -41,5 +40,5 @@ jobs:
 
       - name: Deploy Infrastructure using Bicep
         run: |
-          az group create -l $LOCATION -n $RESOURCE_GROUP
-          az deployment group create -f ./main.bicep -g $RESOURCE_GROUP
+          az group create -l "$LOCATION" -n "$RESOURCE_GROUP"
+          az deployment group create -f ./main.bicep -g "$RESOURCE_GROUP"

.github/workflows/linter.yml

@@ -1,19 +1,40 @@
-name: SuperLinter
+name: Linter
 
-on: [pull_request]
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+permissions:
+  contents: read
+  statuses: write
 
 jobs:
   build:
     name: Linter
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter@v4.2.2
+        uses: super-linter/super-linter/slim@v7
         env:
+          # Super-Linter v7 enables ~50 validators by default. This is a curated
+          # opt-in: only the listed validators run (high-signal for a
+          # PowerShell / Bash / docs repo). PowerShell is also covered by the
+          # dedicated scriptanalyzer.yml workflow.
           VALIDATE_ALL_CODEBASE: false
-          VALIDATE_MARKDOWN: false
           DEFAULT_BRANCH: main
+          LINTER_RULES_PATH: .
+          VALIDATE_BASH: true
+          VALIDATE_YAML: true
+          VALIDATE_GITHUB_ACTIONS: true
+          VALIDATE_GITLEAKS: true
+          VALIDATE_MARKDOWN: true
+          # Exclude the vendored AVM agent playbook and informal cheatsheets from
+          # linting, plus any local Python venv / bytecode.
+          FILTER_REGEX_EXCLUDE: '(\.github/agents/|cheatsheets/|\.venv/|__pycache__/|/path/to/)'
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/scriptanalyzer.yml

@@ -1,17 +1,32 @@
 name: ScriptAnalyzer
 
-on: [pull_request]
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+permissions:
+  contents: read
 
 jobs:
-  job:
-    name: "Run PSSA"
+  analyze:
+    name: Run PSScriptAnalyzer
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: ScriptAnalyzer
+        uses: actions/checkout@v4
+
+      - name: Run PSScriptAnalyzer
         shell: pwsh
         run: |
-          # $VerbosePreference = "Continue"
-          Install-Module PSScriptAnalyzer -RequiredVersion 1.19.0 -Force
-          Invoke-ScriptAnalyzer -Path . -Recurse -ReportSummary
+          Set-PSRepository PSGallery -InstallationPolicy Trusted
+          Install-Module PSScriptAnalyzer -Scope CurrentUser -Force
+          $settings = Join-Path $PWD 'PSScriptAnalyzerSettings.psd1'
+          $params = @{ Path = '.'; Recurse = $true; ReportSummary = $true }
+          if (Test-Path $settings) { $params.Settings = $settings }
+          $results = Invoke-ScriptAnalyzer @params
+          $results | Format-Table -AutoSize
+          if ($results | Where-Object Severity -in 'Error', 'Warning') {
+            Write-Error "PSScriptAnalyzer found $($results.Count) issue(s)."
+            exit 1
+          }

.github/workflows/template-sync.yml

@@ -0,0 +1,34 @@
+name: Template Sync
+
+# Keeps repositories generated from this template in sync with its scaffolding.
+# Runs in the generated repo (skipped in the template itself) and opens a PR
+# whenever this template changes. Protect repo-specific files via .templatesyncignore.
+
+on:
+  schedule:
+    - cron: '0 6 * * 1' # Mondays 06:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  sync:
+    name: Sync from template
+    runs-on: ubuntu-latest
+    # No-op in the template repository itself.
+    if: github.repository != 'segraef/Template'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Sync from template
+        uses: AndreasAugustin/actions-template-sync@v2
+        with:
+          source_repo_path: segraef/Template
+          upstream_branch: main
+          pr_labels: template-sync
+          pr_title: "chore: sync from segraef/Template"

.gitignore

@@ -10,5 +10,20 @@
 !.vscode/extensions.json
 *.code-workspace
 
-#Python
+# Python
+__pycache__/
+*.py[cod]
+.venv/
+venv/
+env/
 .env
+*.egg-info/
+.pytest_cache/
+
+# Node
+node_modules/
+npm-debug.log*
+
+# Logs / local
+*.log
+*.tmp

.markdownlint.yaml

@@ -0,0 +1,14 @@
+# markdownlint configuration (consumed by Super-Linter's MARKDOWN validator).
+default: true
+
+# Long lines are fine: tables, badge URLs and reference links exceed 80 cols.
+MD013: false
+
+# Allow repeated sibling headings across sections (e.g. Added/Changed/Fixed per
+# CHANGELOG release).
+MD024:
+  siblings_only: true
+
+# Badges and icons use inline HTML / images in headings.
+MD033: false
+MD041: false

.pipelines/variables.yml

@@ -1,8 +1,8 @@
 variables:
   vmImage: 'ubuntu-latest'
   poolName: ''
-  serviceConnection: '<SERVICE_CONNECTION'
+  serviceConnection: '<SERVICE_CONNECTION>'
   location: 'West Europe'
-  resourceGroupName: '<RESOURCE_GROUP_NAME'
+  resourceGroupName: '<RESOURCE_GROUP_NAME>'
   azurePowerShellVersion: 'latestVersion'
   preferredAzurePowerShellVersion: ''

.templatesyncignore

@@ -0,0 +1,21 @@
+# Files Template Sync must never overwrite in this repository.
+# Syntax follows .gitignore semantics (AndreasAugustin/actions-template-sync).
+
+# Repository identity and history.
+README.md
+CHANGELOG.md
+LICENSE
+.github/CODEOWNERS
+.github/workflows/template-sync.yml
+
+# This repository's own code and content. The template only supplies the
+# shared scaffolding (_Template.ps1, Write-Log.psm1, _Template.sh, log.sh,
+# PSScriptAnalyzerSettings.psd1, linter/scriptanalyzer workflows), which is
+# intentionally NOT ignored so it keeps tracking the template.
+PowerShell/Snippets/**
+Python/**
+flask/**
+JavaScript/**
+REST/**
+graphql/**
+cheatsheets/**

Bash/_Template.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# verb-noun.sh - one-line summary of what this script does.
+#
+# Description: what it automates, prerequisites (CLIs, auth) and side effects.
+# Usage:       ./verb-noun.sh <name>
+# Author:      Sebastian Gräf
+# Repo:        https://github.com/segraef/Scripts
+
+set -euo pipefail
+
+script_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+# shellcheck source-path=SCRIPTDIR source=log.sh
+. "${script_dir}/log.sh"
+
+main() {
+    local name="${1:-world}"
+
+    log_info "Executing $(basename -- "${BASH_SOURCE[0]}")."
+    log_info "Hello, ${name}."
+    log_info "Finished."
+}
+
+main "$@"