Add GitHub workflows

.github/ISSUE_TEMPLATE/BUG_REPORT.md

@@ -0,0 +1,36 @@
+---
+name: Bug Report
+about: Report a bug to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Description
+
+Please provide a description of the problem.
+
+## Expected Behavior
+
+Please describe what you expected would happen.
+
+## Actual Behavior
+
+Please describe what happened instead.
+
+## Affected Version
+
+Please provide the version number where this issue was encountered.
+
+## Steps to Reproduce
+
+1. First step
+1. Second step
+1. etc.
+
+## Checklist
+
+<!-- TODO: Update the link below to point to your project's contributing guidelines -->
+- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md)
+- [ ] I have verified this does not duplicate an existing issue

.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md

@@ -0,0 +1,25 @@
+---
+name: Feature Request
+about: Suggest a feature for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Problem Statement
+
+Please describe the problem to be addressed by the proposed feature.
+
+## Proposed Solution
+
+Please describe what you envision the solution to this problem would look like.
+
+## Alternatives Considered
+
+Please briefly describe which alternatives, if any, have been considered, including merits of alternate approaches and
+tradeoffs being made.
+
+## Additional Context
+
+Please provide any other information that may be relevant.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,27 @@
+## Description
+
+Please provide a meaningful description of what this change will do, or is for. Bonus points for including links to
+related issues, other PRs, or technical references.
+
+Note that by _not_ including a description, you are asking reviewers to do extra work to understand the context of this
+change, which may lead to your PR taking much longer to review, or result in it not being reviewed at all.
+
+## Type of Change
+
+- [ ] Bug Fix
+- [ ] New Feature
+- [ ] Breaking Change
+- [ ] Refactor
+- [ ] Documentation
+- [ ] Other (please describe)
+
+## Checklist
+
+<!-- TODO: Update the link below to point to your project's contributing guidelines -->
+- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md)
+- [ ] Existing issues have been referenced (where applicable)
+- [ ] I have verified this change is not present in other open pull requests
+- [ ] Functionality is documented
+- [ ] All code style checks pass
+- [ ] New code contribution is covered by automated tests
+- [ ] All new and existing tests pass

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      github:
+        patterns:
+          - "actions/*"
+          - "github/*"
+    schedule:
+      interval: "weekly"

.github/workflows/lint.yml

@@ -0,0 +1,24 @@
+name: lint
+
+on:
+  push:
+    branches:
+      # Run on pushes to default branch
+      - main
+  # Run against pull requests
+  pull_request:
+
+jobs:
+  markdown:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🔒 harden runner
+        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - name: ⬇️ lint markdown files
+        uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
+        with:
+          config: ".markdownlint.json"
+          args: "**/*.md .github/**/*.md"

.github/workflows/scorecard.yml

@@ -0,0 +1,29 @@
+name: scorecard
+
+on:
+  push:
+    branches:
+      # Run on pushes to default branch
+      - main
+  schedule:
+    # Run weekly on Saturdays
+    - cron: "30 1 * * 6"
+  # Run when branch protection rules change
+  branch_protection_rule:
+  # Run the workflow manually
+  workflow_dispatch:
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  run-scorecard:
+    # Call reusable workflow file
+    uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main
+    permissions:
+      id-token: write
+      security-events: write
+    secrets: inherit
+    with:
+      # Publish results of Scorecard analysis
+      publish-results: true

.github/workflows/stale.yml

@@ -0,0 +1,25 @@
+name: stale
+
+on:
+  schedule:
+    # Run weekly on Saturdays
+    - cron: "30 1 * * 6"
+  # Run the workflow manually
+  workflow_dispatch:
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  mark-stale:
+    # Call reusable workflow file
+    uses: cisco-ospo/.github/.github/workflows/_stale.yml@main
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    with:
+      days-until-stale: 60
+      days-until-close: 7
+      stale-label: "stale"
+      exempt-label: "keep"

.markdownlint.json

@@ -0,0 +1,16 @@
+{
+    "default": true,
+    "MD013": {
+        "line_length": 10000,
+        "headings": false,
+        "code_blocks": false,
+        "tables": false
+    },
+    "MD024": {
+        "siblings_only": true
+    },
+    "MD025": {
+        "front_matter_title": ""
+    },
+    "MD041": false
+}