ci: add quality_checks template

.github/workflows/quality_checks.yml

@@ -0,0 +1,67 @@
+name: Quality checks 👌🧪
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  dependency-review:
+    name: Vulnerable dependencies 🔎
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/[email protected]
+        with:
+          show-progress: false
+
+      - name: Scan
+        uses: actions/[email protected]
+        with:
+          ## Workaround from https://github.com/actions/dependency-review-action/issues/456
+          ## TODO: Remove when necessary
+          base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
+          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
+  pr_context:
+    name: Save PR context as artifact
+    if: ${{ always() && !cancelled() && github.event_name == 'pull_request' }}
+    runs-on: ubuntu-latest
+    ## Add needed jobs here
+    needs:
+      - dependency-review
+
+    steps:
+      - name: Save PR context
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+          PR_SHA: ${{ github.sha }}
+        run: |
+          echo $PR_NUMBER > PR_number
+          echo $PR_SHA > PR_sha
+
+      - name: Upload PR number as artifact
+        uses: actions/[email protected]
+        with:
+          compression-level: 0
+          name: PR_context
+          path: |
+            PR_number
+            PR_sha
+
+  conventional_commits:
+    name: Conventional commits check 💬
+    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout ⬇️
+        uses: actions/[email protected]
+        with:
+          show-progress: false
+
+      - name: Check if all commits comply with the specification
+        uses: webiny/[email protected]