ci: tidy up workflows and implement a consistent style (#1905)

* feat(ci): tidy up workflows and implement a consistent style

all workflows now use ubuntu-24.04 as the runner type to match the release workflows

codeql.yml
 - bump actions to v3
 - add least-privilege perms + concurrency to stop duplicate runs
 - ignore docs only changes

conflict_labeler.yml
 - run on opened, reopened, and synchronize
 - bump action version
 - add concurrency group to avoid duplicate labeling

cypress.yml
 - skip docs-only changes; don’t run on draft PRs
 - add concurrency to stop duplicate runs + 10m timeout

docs-deploy.yml
 - add configure-pages@v5 and bump upload-pages-artifact to v4
 - set explicit pages/id-token perms + concurrency
 - minor cleanups (working-directory, ubuntu-24.04)

helm.yml
 - switch oras discover to oras manifest fetch
 - add concurrency to stop duplicate runs

lint-helm-charts.yml
 - bump action versions
 - enforce version bumps (--check-version-increment=true)
 - add least-privilege perms + concurrency to stop duplicate runs

support.yml
 - add least-privilege perms

test-docs-deploy.yml
 - add least-privilege perms + concurrency to stop duplicate runs

* fixed line 5 syntax error

* Updated based on comments from @M0NsTeRRR in PR-1905 discussion

* updated based on 2nd review from @M0NsTeRRR in PR-1905

* Merge of PR-1904 and PR-1905

* chore(pnpm-lock.yaml): updated the pnpm-lockfile

* ci(release.yml): fix the latest tag to use context labels

* ci: fix new lines at eof, removed cypress timeout, removed legacy qemu actions

* @M0NsTeRRR self review

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>

* fix: support workflow

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>

* fix: newline

---------

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: Ludovic Ortega <github@mail.adminafk.fr>

.github/workflows/docs-deploy.yml

@@ -8,24 +8,38 @@ on:
       - 'docs/**'
       - 'gen-docs/**'
 
+permissions:
+  contents: read
+
+concurrency:
+  group: pages
+  cancel-in-progress: true
+
 jobs:
   build:
     name: Build Docusaurus
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: package.json
+          cache: 'pnpm'
+
+      - name: Get PNPM version from package.json
+        id: pnpm-version
+        shell: bash
+        run: echo "pnpm_version=$(node -p 'require(`./package.json`).packageManager.split(\"@\")[1]')" >> $GITHUB_OUTPUT
 
       - name: Pnpm Setup
         uses: pnpm/action-setup@v4
         with:
-          version: 9
+          version: ${{ steps.pnpm-version.outputs.pnpm_version }}
 
       - name: Get pnpm store directory
         shell: sh
@@ -46,38 +60,26 @@ jobs:
           pnpm install --frozen-lockfile
 
       - name: Build website
-        run: |
-          cd gen-docs
-          pnpm build
+        working-directory: gen-docs
+        run: pnpm build
 
       - name: Upload Build Artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@v4
         with:
           path: gen-docs/build
 
   deploy:
     name: Deploy to GitHub Pages
     needs: build
-    concurrency: build-deploy-pages
-
-    # Grant GITHUB_TOKEN the permissions required to make a Pages deployment
+    runs-on: ubuntu-24.04
     permissions:
-      pages: write # to deploy to Pages
-      id-token: write # to verify the deployment originates from an appropriate source
-
-    # Deploy to the github-pages environment
+      contents: read
+      pages: write
+      id-token: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-
-    runs-on: ubuntu-latest
     steps:
-      # - name: Download Build Artifact
-      #   uses: actions/download-artifact@v4
-      #   with:
-      #     name: docusaurus-build
-      #     path: gen-docs/build
-
       - name: Deploy to GitHub Pages
         id: deployment
         uses: actions/deploy-pages@v4