feat: use our own actions in our workflows (#377)

* feat: use our own actions in our workflows

* fix: add missing inputs to validate-inputs, refactor node

* chore: cr comment fixes

* fix: update-validators formatting

* chore: update validators, add tests, conventions

* feat: validate severity with severity_enum

* feat: add 10 generic validators to improve input validation coverage

Add comprehensive validation system improvements across multiple phases:

Phase 2A - Quick Wins:
- Add multi_value_enum validator for 2-10 value enumerations
- Add exit_code_list validator for Unix/Linux exit codes (0-255)
- Refactor coverage_driver to use multi_value_enum

Phase 2B - High-Value Validators:
- Add key_value_list validator with shell injection prevention
- Add path_list validator with path traversal and glob support

Quick Wins - Additional Enums:
- Add network_mode validator for Docker network modes
- Add language_enum validator for language detection
- Add framework_mode validator for PHP framework modes
- Update boolean pattern to include 'push'

Phase 2C - Specialized Validators:
- Add json_format validator for JSON syntax validation
- Add cache_config validator for Docker BuildKit cache configs

Improvements:
- All validators include comprehensive security checks
- Pattern-based validation with clear error messages
- 23 new test methods with edge case coverage
- Update special case mappings for 20+ inputs
- Fix build-args mapping test expectation

Coverage impact: 22 actions now at 100% validation (88% → 92%)
Test suite: 762 → 785 tests (+23 tests, all passing)

* chore: regenerate rules.yml with improved validator coverage

Regenerate validation rules for all actions with new validators:

- compress-images: 86% → 100% (+1 input: ignore-paths)
- docker-build: 63% → 100% (+4 inputs: cache configs, platform-build-args)
- docker-publish: 73% → 100% (+1 input: build-args)
- language-version-detect: 67% → 100% (+1 input: language)
- php-tests: 89% (fixed framework→framework_mode mapping)
- prettier-lint: 86% → 100% (+2 inputs: file-pattern, plugins)
- security-scan: 86% (maintained coverage)

Overall: 23 of 25 actions now at 100% validation coverage (92%)

* fix: address PR #377 review comments

- Add | None type annotations to 6 optional parameters (PEP 604)
- Standardize injection pattern: remove @# from comma_separated_list validator
  (@ and # are not shell injection vectors, allows npm scoped packages)
- Remove dead code: unused value expression in key_value_list validator
- Update tests to reflect injection pattern changes

_tests/shared/validation_core.py

@@ -521,6 +521,16 @@ class ActionFileParser:
         except (OSError, ValueError, yaml.YAMLError, AttributeError):
             return []
 
+    @staticmethod
+    def get_action_runs_using(action_file: str) -> str:
+        """Get the runs.using value from an action.yml file."""
+        try:
+            data = ActionFileParser.load_action_file(action_file)
+            runs = data.get("runs", {})
+            return runs.get("using", "unknown")
+        except (OSError, ValueError, yaml.YAMLError, AttributeError):
+            return "unknown"
+
     @staticmethod
     def _get_required_property(input_data: dict, property_name: str) -> str:
         """Get the required/optional property."""
@@ -787,6 +797,11 @@ Examples:
     mode_group.add_argument("--inputs", metavar="ACTION_FILE", help="List action inputs")
     mode_group.add_argument("--outputs", metavar="ACTION_FILE", help="List action outputs")
     mode_group.add_argument("--name", metavar="ACTION_FILE", help="Get action name")
+    mode_group.add_argument(
+        "--runs-using",
+        metavar="ACTION_FILE",
+        help="Get action runs.using value",
+    )
     mode_group.add_argument(
         "--validate-yaml",
         metavar="YAML_FILE",
@@ -834,6 +849,12 @@ def _handle_name_command(args):
     print(name)
 
 
+def _handle_runs_using_command(args):
+    """Handle the runs-using command."""
+    runs_using = ActionFileParser.get_action_runs_using(args.runs_using)
+    print(runs_using)
+
+
 def _handle_validate_yaml_command(args):
     """Handle the validate-yaml command."""
     try:
@@ -853,6 +874,7 @@ def _execute_command(args):
         "inputs": _handle_inputs_command,
         "outputs": _handle_outputs_command,
         "name": _handle_name_command,
+        "runs_using": _handle_runs_using_command,
         "validate_yaml": _handle_validate_yaml_command,
     }