Add yamllint to linters

We've got a lot of YAML in this repo... as this repo gets more popular,
we'll benefit from having some consistency / linter in place.

I loosened up the default rule set a bit to allow flexibility for a
variety of styles, as long as things were internally consistent to the
file.

.github/dependabot.yml

@@ -9,7 +9,7 @@ updates:
     groups:
       aws-sdk:
         patterns:
-        - "aws-sdk-*"
+          - "aws-sdk-*"
 
   # Watch the per-ecosystem native helpers
   - package-ecosystem: "composer"

.github/workflows/ci.yml

@@ -1,5 +1,5 @@
 name: Specs
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - "main"
@@ -242,3 +242,5 @@ jobs:
         with:
           bundler-cache: true
       - run: ./bin/lint
+      # yamllint is installed in GitHub Actions base runner image: https://github.com/adrienverge/yamllint/pull/588
+      - run: yamllint .

.github/workflows/codeql-analysis.yml

@@ -11,7 +11,7 @@
 #
 name: "CodeQL"
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches: [ main ]
   pull_request:
@@ -45,41 +45,41 @@ jobs:
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL (ruby)
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        config: |
-          paths-ignore:
-            - 'bundler/spec/fixtures/projects/bundler1/invalid_ruby/Gemfile'
-            - 'bundler/spec/fixtures/projects/bundler2/invalid_ruby/Gemfile'
-      if: matrix.language == 'ruby'
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL (ruby)
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          config: |
+            paths-ignore:
+              - 'bundler/spec/fixtures/projects/bundler1/invalid_ruby/Gemfile'
+              - 'bundler/spec/fixtures/projects/bundler2/invalid_ruby/Gemfile'
+        if: matrix.language == 'ruby'
 
-    - name: Initialize CodeQL (others)
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-      if: matrix.language != 'ruby'
+      - name: Initialize CodeQL (others)
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+        if: matrix.language != 'ruby'
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      # - run: |
+      #   make bootstrap
+      #   make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/dependency-review.yml

@@ -1,5 +1,5 @@
 name: Dependency Review
-on: [pull_request]
+on: [pull_request]  # yamllint disable-line rule:truthy
 
 permissions:
   contents: read

.github/workflows/gems-bump-version.yml

@@ -1,5 +1,5 @@
 name: Gems - Bump Version
-on:
+on:  # yamllint disable-line rule:truthy
   schedule:
     - cron: '25 1 * * THU'
   workflow_dispatch:

.github/workflows/gems-release-to-rubygems.yml

@@ -1,5 +1,5 @@
 name: Gems - Release to RubyGems
-on:
+on:  # yamllint disable-line rule:truthy
   release:
     # It's fine to trigger on every release because if we tag a release w/o
     # bumping the Gem version, RubyGems will reject it with an error that the

.github/workflows/images-branch.yml

@@ -1,7 +1,7 @@
 name: Branch images
 env:
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-on:
+on:  # yamllint disable-line rule:truthy
   pull_request:
     branches:
       - main

.github/workflows/images-latest.yml

@@ -1,7 +1,7 @@
 name: Latest images
 env:
   UPDATER_IMAGE: "ghcr.io/dependabot/dependabot-updater-"
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/images-updater-core.yml

@@ -1,7 +1,7 @@
 name: Updater-Core image
 env:
   UPDATER_CORE_IMAGE: "ghcr.io/dependabot/dependabot-updater-core"
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

.github/workflows/labeler.yml

@@ -1,6 +1,6 @@
 name: Pull Request Labeler
 
-on:
+on:  # yamllint disable-line rule:truthy
   - pull_request_target
 
 jobs: