Add comprehensive CI/CD workflows for Forgejo Actions

- ci.yml: Complete CI pipeline with lint, type-check, tests, build, security, and i18n validation
- code-quality.yml: Advanced code analysis including complexity, TODO tracking, and import analysis
- dependency-review.yml: Automated dependency update review with security checks
- pr-labeler.yml: Intelligent PR labeling based on files and content
- release.yml: Automated release process with changelog generation
- Documentation and best practices guide

Features:
- Multi-node testing (Node 18, 20)
- Security scanning for hardcoded secrets
- Bundle size impact analysis
- Translation key validation
- Complexity analysis and code quality metrics

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

.forgejo/workflows/code-quality.yml

@@ -0,0 +1,141 @@
+name: Code Quality
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  code-quality:
+    runs-on: ubuntu-latest
+    name: Code Quality Checks
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Full history for better analysis
+          
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          
+      - name: Install dependencies
+        run: npm ci
+        
+      - name: Check code complexity
+        run: |
+          echo "Analyzing code complexity..."
+          npx -y complexity-report src/**/*.ts src/**/*.js --format json > complexity.json || true
+          
+          node -e "
+          try {
+            const report = JSON.parse(require('fs').readFileSync('complexity.json', 'utf8'));
+            console.log('\\n📊 Code Complexity Report:');
+            
+            const files = report.reports || [];
+            const complex = files.filter(f => f.aggregate?.cyclomatic > 10);
+            
+            if (complex.length > 0) {
+              console.log('\\n⚠️  Files with high complexity (>10):');
+              complex.forEach(f => {
+                console.log(\`  - \${f.path}: Cyclomatic complexity = \${f.aggregate.cyclomatic}\`);
+              });
+            } else {
+              console.log('✅ All files have acceptable complexity');
+            }
+          } catch (e) {
+            console.log('ℹ️  Complexity analysis not available');
+          }
+          "
+          
+      - name: Check for console.log statements
+        run: |
+          echo "Checking for console.log statements..."
+          FILES=$(grep -r "console\.log" --include="*.ts" --include="*.js" \
+            --exclude-dir=node_modules --exclude-dir=dist --exclude-dir=public/dist \
+            --exclude-dir=tests --exclude-dir=scripts \
+            src/ || true)
+          
+          if [ -n "$FILES" ]; then
+            echo "⚠️  Found console.log statements (consider using proper logging):"
+            echo "$FILES"
+          else
+            echo "✅ No console.log statements in source code"
+          fi
+          
+      - name: Check for TODO/FIXME comments
+        run: |
+          echo "Checking for TODO/FIXME comments..."
+          TODOS=$(grep -r "TODO\|FIXME\|HACK\|XXX" --include="*.ts" --include="*.js" \
+            --exclude-dir=node_modules --exclude-dir=dist \
+            . || true)
+          
+          if [ -n "$TODOS" ]; then
+            echo "📝 Found TODO/FIXME comments:"
+            echo "$TODOS"
+            echo ""
+            echo "ℹ️  Consider creating issues for these items"
+          else
+            echo "✅ No TODO/FIXME comments found"
+          fi
+          
+      - name: Check for large files
+        run: |
+          echo "Checking for large files..."
+          LARGE_FILES=$(find . -type f -size +1M \
+            -not -path "./node_modules/*" \
+            -not -path "./.git/*" \
+            -not -path "./dist/*" \
+            -not -path "./coverage/*" \
+            -not -name "*.db" \
+            -not -name "package-lock.json")
+          
+          if [ -n "$LARGE_FILES" ]; then
+            echo "⚠️  Found large files (>1MB):"
+            echo "$LARGE_FILES" | xargs -I {} sh -c 'echo "  - {} ($(du -h {} | cut -f1))"'
+            echo ""
+            echo "Consider if these files should be in the repository"
+          else
+            echo "✅ No large files detected"
+          fi
+          
+      - name: Check TypeScript strict mode
+        run: |
+          echo "Verifying TypeScript strict mode..."
+          STRICT=$(grep -E '"strict":\s*true' tsconfig.json)
+          
+          if [ -n "$STRICT" ]; then
+            echo "✅ TypeScript strict mode is enabled"
+          else
+            echo "⚠️  Consider enabling TypeScript strict mode for better type safety"
+          fi
+          
+      - name: Analyze import statements
+        run: |
+          echo "Analyzing imports..."
+          
+          # Check for circular dependencies
+          npx -y madge --circular --extensions ts,js src/ || true
+          
+          # Check for unused exports
+          echo ""
+          echo "Checking for potentially unused exports..."
+          npx -y ts-unused-exports tsconfig.json --excludePathsFromReport=src/types || true
+          
+      - name: Generate PR comment
+        if: always()
+        run: |
+          echo "## 🔍 Code Quality Report" > pr-comment.md
+          echo "" >> pr-comment.md
+          echo "All automated code quality checks have been run. Please review the logs above for details." >> pr-comment.md
+          echo "" >> pr-comment.md
+          echo "### Checklist" >> pr-comment.md
+          echo "- [ ] ESLint passes" >> pr-comment.md
+          echo "- [ ] TypeScript compiles without errors" >> pr-comment.md
+          echo "- [ ] Tests pass" >> pr-comment.md
+          echo "- [ ] No high complexity code" >> pr-comment.md
+          echo "- [ ] No hardcoded secrets" >> pr-comment.md
+          echo "" >> pr-comment.md
+          echo "_This comment was generated automatically by the Code Quality workflow._" >> pr-comment.md