chore: sync files with stordco/common-config-elixir

[stord-engineering-account]

No description provided.

[coveralls]

Pull Request Test Coverage Report for Build 22685506968

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 86.111%

---

Totals
Change from base Build 125d60ac79b683f542adc4eb67cfe6b9536af346:	0.0%
Covered Lines:	31
Relevant Lines:	36

---

💛 - Coveralls

[Copilot]

Pull request overview

This PR syncs configuration files from the stordco/common-config-elixir repository, standardizing CI/CD workflows, linting rules, and security scanning across Stord's Elixir projects. The synchronization includes adding Trivy security scanning, updating GitHub Actions to SHA-pinned versions, and modernizing the release-please configuration.

Changes:

• Added Trivy security scanning with filesystem vulnerability detection and automated cache updates
• Updated all GitHub Actions to SHA-pinned versions with version comments for improved security
• Migrated release-please from v3 to v4 with updated configuration supporting hotfix and docs commit types
• Enhanced CI workflow with changed file detection to conditionally run jobs based on modified files
• Updated Credo configuration to conditionally load ExcellentMigrations checks and relaxed some readability rules

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.trivy/fs-config.yaml	New Trivy filesystem scan configuration with vulnerability severity levels
.github/workflows/trivy.yaml	New workflow to update Trivy vulnerability database cache daily
.github/workflows/staging.yaml	Updated actions to SHA-pinned versions, added MIX_ENV and actions:read permission
.github/workflows/release.yaml	Migrated from release-please v3 to v4, updated configuration file paths
.github/workflows/production.yaml	Updated checkout action to SHA-pinned v4.3.0
.github/workflows/pr.yaml	Replaced custom PR title action with inline script, added hotfix and docs commit types
.github/workflows/common-config-elixir.yaml	Updated checkout and setup-node actions to SHA-pinned versions
.github/workflows/ci.yaml	Added Changed job for conditional execution, Trivy scan, SHA-pinned actions, warnings-as-errors flags
.github/release-please-manifest.json	New manifest file defining current version (1.0.2)
.github/release-please-config-stable.json	Added hotfix and docs commit types to changelog configuration
.github/pull_request_template.md	Added "Related Ticket(s)" section for Jira issue references
.credo.exs	Conditional ExcellentMigrations loading, relaxed BlockPipe and SinglePipe checks, added from to PipeChainStart exclusions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Spelling error: "seperate" should be "separate". This appears in the help text that will be displayed to users when their PR title doesn't match the expected format.

Suggested change

	Starting a commit with \`hotfix\` will result in a seperate hotfix release PR.
	Starting a commit with \`hotfix\` will result in a separate hotfix release PR.

[Copilot]

The Documentation job references needs.Changed.outputs.documentation on line 148, but the documentation output is commented out in the Changed job (line 40). This will cause the Documentation job's condition to always evaluate to false (or empty), which means the job will be skipped entirely. Either uncomment the output in the Changed job or remove the condition check from the Documentation job.

Suggested change

	if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }}
	if: ${{ !startsWith(github.head_ref, 'release-please--branches') }}