feat: use our own actions in our workflows (#377)

* feat: use our own actions in our workflows

* fix: add missing inputs to validate-inputs, refactor node

* chore: cr comment fixes

* fix: update-validators formatting

* chore: update validators, add tests, conventions

* feat: validate severity with severity_enum

* feat: add 10 generic validators to improve input validation coverage

Add comprehensive validation system improvements across multiple phases:

Phase 2A - Quick Wins:
- Add multi_value_enum validator for 2-10 value enumerations
- Add exit_code_list validator for Unix/Linux exit codes (0-255)
- Refactor coverage_driver to use multi_value_enum

Phase 2B - High-Value Validators:
- Add key_value_list validator with shell injection prevention
- Add path_list validator with path traversal and glob support

Quick Wins - Additional Enums:
- Add network_mode validator for Docker network modes
- Add language_enum validator for language detection
- Add framework_mode validator for PHP framework modes
- Update boolean pattern to include 'push'

Phase 2C - Specialized Validators:
- Add json_format validator for JSON syntax validation
- Add cache_config validator for Docker BuildKit cache configs

Improvements:
- All validators include comprehensive security checks
- Pattern-based validation with clear error messages
- 23 new test methods with edge case coverage
- Update special case mappings for 20+ inputs
- Fix build-args mapping test expectation

Coverage impact: 22 actions now at 100% validation (88% → 92%)
Test suite: 762 → 785 tests (+23 tests, all passing)

* chore: regenerate rules.yml with improved validator coverage

Regenerate validation rules for all actions with new validators:

- compress-images: 86% → 100% (+1 input: ignore-paths)
- docker-build: 63% → 100% (+4 inputs: cache configs, platform-build-args)
- docker-publish: 73% → 100% (+1 input: build-args)
- language-version-detect: 67% → 100% (+1 input: language)
- php-tests: 89% (fixed framework→framework_mode mapping)
- prettier-lint: 86% → 100% (+2 inputs: file-pattern, plugins)
- security-scan: 86% (maintained coverage)

Overall: 23 of 25 actions now at 100% validation coverage (92%)

* fix: address PR #377 review comments

- Add | None type annotations to 6 optional parameters (PEP 604)
- Standardize injection pattern: remove @# from comma_separated_list validator
  (@ and # are not shell injection vectors, allows npm scoped packages)
- Remove dead code: unused value expression in key_value_list validator
- Update tests to reflect injection pattern changes

validate-inputs/tests/test_docker_validator.py

@@ -274,6 +274,71 @@ class TestDockerValidator:
         result = self.validator.validate_inputs(inputs)
         assert isinstance(result, bool)
 
+    def test_validate_registry_valid(self):
+        """Test registry enum validation with valid values."""
+        valid_registries = [
+            "dockerhub",
+            "github",
+            "both",
+        ]
+
+        for registry in valid_registries:
+            self.validator.errors = []
+            result = self.validator.validate_registry(registry)
+            assert result is True, f"Should accept registry: {registry}"
+
+    def test_validate_registry_invalid(self):
+        """Test registry enum validation with invalid values."""
+        invalid_registries = [
+            "",  # Empty
+            "   ",  # Whitespace only
+            "docker",  # Wrong value (should be dockerhub)
+            "hub",  # Wrong value
+            "ghcr",  # Wrong value
+            "gcr",  # Wrong value
+            "both,github",  # Comma-separated not allowed
+            "DOCKERHUB",  # Uppercase
+            "DockerHub",  # Mixed case
+            "docker hub",  # Space
+            "github.com",  # Full URL not allowed
+        ]
+
+        for registry in invalid_registries:
+            self.validator.errors = []
+            result = self.validator.validate_registry(registry)
+            assert result is False, f"Should reject registry: {registry}"
+
+    def test_validate_sbom_format_valid(self):
+        """Test SBOM format validation with valid values."""
+        valid_formats = [
+            "spdx-json",
+            "cyclonedx-json",
+            "",  # Empty is optional
+        ]
+
+        for sbom_format in valid_formats:
+            self.validator.errors = []
+            result = self.validator.validate_sbom_format(sbom_format)
+            assert result is True, f"Should accept SBOM format: {sbom_format}"
+
+    def test_validate_sbom_format_invalid(self):
+        """Test SBOM format validation with invalid values."""
+        invalid_formats = [
+            "spdx",  # Missing -json suffix
+            "cyclonedx",  # Missing -json suffix
+            "json",  # Just json
+            "spdx-xml",  # Wrong format
+            "cyclonedx-xml",  # Wrong format
+            "SPDX-JSON",  # Uppercase
+            "spdx json",  # Space
+            "invalid",  # Invalid value
+        ]
+
+        for sbom_format in invalid_formats:
+            self.validator.errors = []
+            result = self.validator.validate_sbom_format(sbom_format)
+            assert result is False, f"Should reject SBOM format: {sbom_format}"
+
     def test_empty_values_handling(self):
         """Test that empty values are handled appropriately."""
         # Some Docker fields might be required, others optional
@@ -281,3 +346,5 @@ class TestDockerValidator:
         assert isinstance(self.validator.validate_docker_tag(""), bool)
         assert isinstance(self.validator.validate_architectures(""), bool)
         assert isinstance(self.validator.validate_prefix(""), bool)
+        # Registry should reject empty values
+        assert self.validator.validate_registry("") is False