From a0bcd719bed4b71228213a00d7b8690e3b44bbd4 Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Tue, 21 Oct 2025 22:46:06 +0200
Subject: [PATCH 1/3] build: Add review workflow for shell formatting (#1527)

---
 .github/workflows/review.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/review.yml

diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
new file mode 100644
index 0000000..e18ca8c
--- /dev/null
+++ b/.github/workflows/review.yml
@@ -0,0 +1,19 @@
+on:
+  pull_request:
+
+name: "Review"
+
+jobs:
+  review:
+    name: review
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Review
+        uses: reviewdog/action-shfmt@v1
+        with:
+          shfmt_flags: "-i 2 -ci -bn"
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}

From f661df3abc0b6bebe97f03919336f1763109308a Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Tue, 21 Oct 2025 23:19:54 +0200
Subject: [PATCH 2/3] build: Update QEMU base image to v7.27 (#1528)

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 6dd3afd..bf6dab2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 ARG VERSION_ARG="latest"
 FROM scratch AS build-amd64
 
-COPY --from=qemux/qemu:7.26 / /
+COPY --from=qemux/qemu:7.27 / /
 
 ARG TARGETARCH
 ARG DEBCONF_NOWARNINGS="yes"

From c1c44c4da760d8e9c686db90c6841f9da7b3c4fd Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Wed, 22 Oct 2025 01:23:25 +0200
Subject: [PATCH 3/3] build: Add code quality checks (#1529)

---
 .github/workflows/review.yml | 49 +++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
index e18ca8c..51f8503 100644
--- a/.github/workflows/review.yml
+++ b/.github/workflows/review.yml
@@ -3,6 +3,11 @@ on:
 
 name: "Review"
 
+permissions:
+  contents: read
+  pull-requests: write
+  checks: write
+
 jobs:
   review:
     name: review
@@ -12,8 +17,50 @@ jobs:
         name: Checkout
         uses: actions/checkout@v5
       -
-        name: Review
+        name: Spelling
+        uses: reviewdog/action-misspell@v1
+        with:
+          locale: "US"
+          level: warning
+          pattern: |
+            *.md
+            *.sh
+          reporter: github-pr-review
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: Hadolint
+        uses: reviewdog/action-hadolint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          hadolint_ignore: DL3006 DL3008
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: YamlLint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: ActionLint
+        uses: reviewdog/action-actionlint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: Shellformat
         uses: reviewdog/action-shfmt@v1
         with:
+          level: warning
           shfmt_flags: "-i 2 -ci -bn"
           github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+      -
+        name: Shellcheck
+        uses: reviewdog/action-shellcheck@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          shellcheck_flags: -x -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028
+          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}