Initial commit

.github/CODEOWNERS

@@ -0,0 +1,19 @@
+####################################################
+#
+# List of approvers for <project-name> project
+#
+#####################################################
+#
+# Learn about CODEOWNERS file format:
+#  https://help.github.com/en/articles/about-code-owners
+#
+
+# These owners will be the default owners for everything in
+# the repository. Unless a later match takes precedence,
+# the following users/teams will be requested for
+# review when someone opens a pull request.
+* @cisco-open/<maintainer-team-name>
+
+# Enforces admin protections for repo configuration via probot settings app.
+# ref: https://github.com/probot/settings#security-implications
+.github/settings.yml @cisco-open/<admin-team-name>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,61 @@
+---
+name: Bug Report
+description: Report a bug to help us improve.
+title: "[Bug]: "
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: Please provide a description of the problem
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: Please describe what you expected would happen
+    validations:
+      required: true
+  - type: dropdown
+    id: version
+    attributes:
+      label: Affected Version
+      description: |
+        If applicable, provide the version number or release tag where this
+        issue was encountered
+      options:
+        - v1.0.0
+        - v1.0.1
+        - v1.0.2
+        - v1.0.3
+      default: 0
+    validations:
+      required: false
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Please provide all steps to reproduce the behavior
+      placeholder: |
+        1. In this environment...
+        1. With this config...
+        1. Run `this command`...
+        1. See error...
+    validations:
+      required: true
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      description: By submitting this issue, you agree to the following
+      options:
+        - label: I have read the [contributing guidelines](/cisco-ospo/oss-template/blob/main/CONTRIBUTING.md)
+          required: true
+        - label: I have verified this does not duplicate an existing issue
+          required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,55 @@
+---
+name: Feature Request
+description: Suggest a feature for this project.
+title: "[Feature]: "
+labels: ["enhancement", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to request a feature or enhancement!
+  - type: textarea
+    id: description
+    attributes:
+      label: Problem Statement
+      description: |
+        Please describe the problem or limitation to be addressed by
+        the proposed feature
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: |
+        Please describe what you envision the solution to this
+        problem would look like
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: |
+        Please briefly describe which alternatives, if any, have been
+        considered, including merits of alternate approaches and any tradeoffs
+    validations:
+      required: false
+  - type: textarea
+    id: context
+    attributes:
+      label: Additional Context
+      description: Please provide any other information that may be relevant
+    validations:
+      required: false
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      description: By submitting this request, you agree to the following
+      options:
+        - label: I have read the [contributing guidelines](/cisco-ospo/oss-template/blob/main/CONTRIBUTING.md)
+          required: true
+        - label: |
+            I have verified this does not duplicate an existing feature request
+          required: true

.github/dependabot.yml

@@ -0,0 +1,12 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      github:
+        patterns:
+          - "actions/*"
+          - "github/*"
+    schedule:
+      interval: "weekly"

.github/linters/.markdownlint.yml

@@ -0,0 +1,39 @@
+---
+# Default state for all rules
+default: true
+# Path to configuration file to extend
+extends: null
+
+# MD013/line-length
+# https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
+MD013:
+  # Number of characters
+  line_length: 80
+  # Include code blocks
+  code_blocks: false
+  # Include tables
+  tables: false
+  # Include headings
+  headings: false
+  # Strict length checking
+  strict: false
+  # Stern length checking
+  stern: false
+
+# MD024/no-duplicate-heading
+# https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md024.md
+MD024:
+  # Only check sibling headings
+  siblings_only: true
+
+# MD025/single-title/single-h1
+# https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md025.md
+MD025:
+  # RegExp for matching title in front matter
+  front_matter_title: ""
+
+# MD041/first-line-heading/first-line-h1
+# https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md041.md
+MD041:
+  # RegExp for matching title in front matter
+  front_matter_title: ""

.github/linters/.yamllint.yml

@@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+  comments: disable
+  indentation: disable
+  truthy:
+    check-keys: false

.github/pull_request_template.md

@@ -0,0 +1,28 @@
+# Description
+
+Please provide a meaningful description of what this change will do, or is for.
+Bonus points for including links to related issues, other PRs, or technical
+references.
+
+Note that by _not_ including a description, you are asking reviewers to do extra
+work to understand the context of this change, which may lead to your PR taking
+much longer to review, or result in it not being reviewed at all.
+
+## Type of Change
+
+- [ ] Bugfix
+- [ ] New Feature
+- [ ] Breaking Change
+- [ ] Refactor
+- [ ] Documentation
+- [ ] Other (please describe)
+
+## Checklist
+
+- [ ] I have read the [contributing guidelines](/cisco-ospo/oss-template/blob/main/CONTRIBUTING.md)
+- [ ] Existing issues have been referenced (where applicable)
+- [ ] I have verified this change is not present in other open pull requests
+- [ ] Functionality is documented
+- [ ] All code style checks pass
+- [ ] New code contribution is covered by automated tests
+- [ ] All new and existing tests pass

.github/settings.yml

@@ -0,0 +1,119 @@
+---
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+
+repository:
+  # See https://developer.github.com/v3/repos/#edit for all available settings.
+
+  # The name of the repository. Changing this will rename the repository
+  name: oss-template
+
+  # A short description of the repository that will show up on GitHub
+  description: Open Source Project Template
+
+  # A URL with more information about the repository
+  #homepage: https://example.github.io/
+
+  # A comma-separated list of topics to set on the repository
+  #topics: github, probot
+
+  # Either `true` to make the repository private, or `false` to make it public.
+  #private: false
+
+  # Either `true` to enable issues for this repository, `false` to disable them.
+  has_issues: true
+
+  # Either `true` to enable projects for this repository, or `false` to disable them.
+  # If projects are disabled for the organization, passing `true` will cause an API error.
+  has_projects: true
+
+  # Either `true` to enable the wiki for this repository, `false` to disable it.
+  has_wiki: false
+
+  # Either `true` to enable downloads for this repository, `false` to disable them.
+  has_downloads: true
+
+  # Updates the default branch for this repository.
+  default_branch: main
+
+  # Either `true` to allow squash-merging pull requests, or `false` to prevent
+  # squash-merging.
+  allow_squash_merge: true
+
+  # Either `true` to allow merging pull requests with a merge commit, or `false`
+  # to prevent merging pull requests with merge commits.
+  allow_merge_commit: true
+
+  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
+  # rebase-merging.
+  allow_rebase_merge: true
+
+  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  delete_branch_on_merge: true
+
+  # Either `true` to enable automated security fixes, or `false` to disable
+  # automated security fixes.
+  enable_automated_security_fixes: true
+
+  # Either `true` to enable vulnerability alerts, or `false` to disable
+  # vulnerability alerts.
+  enable_vulnerability_alerts: true
+
+# TODO: Enable this section once GitHub teams have been created & granted access to this repository
+# See https://developer.github.com/v3/teams/#add-or-update-team-repository for options
+# teams:
+#   # The permission to grant the team. Can be one of:
+#   # * `pull` - can pull, but not push to or administer this repository.
+#   # * `push` - can pull and push, but not administer this repository.
+#   # * `admin` - can pull, push and administer this repository.
+#   # * `maintain` - Recommended for project managers who need to manage the
+#   #   repository without access to sensitive or destructive actions.
+#   # * `triage` - Recommended for contributors who need to proactively manage
+#   #   issues and pull requests without write access.
+#   - name: <project-name-admins>
+#     permission: admin
+#   - name: <project-name-maintainers>
+#     permission: maintain
+#   - name: <project-name>
+#     permission: triage
+
+# TODO: Enable this section once repository has been created & no further modifications are needed
+# branches:
+#   - name: main
+#     # https://developer.github.com/v3/repos/branches/#update-branch-protection
+#     # Branch Protection settings. Set to null to disable
+#     protection:
+#       # Required. Require at least one approving review on a pull request,
+#       # before merging. Set to null to disable.
+#       required_pull_request_reviews:
+#         # The number of approvals required. (1-6)
+#         required_approving_review_count: 1
+#         # Dismiss approved reviews automatically when a new commit is pushed.
+#         dismiss_stale_reviews: true
+#         # Blocks merge until code owners have reviewed.
+#         require_code_owner_reviews: true
+#         # Specify which users and teams can dismiss pull request reviews. Pass
+#         # an empty dismissal_restrictions object to disable. User and team
+#         # dismissal_restrictions are only available for organization-owned
+#         # repositories. Omit this parameter for personal repositories.
+#         dismissal_restrictions:
+#           users: []
+#           teams: []
+#       # Required. Require status checks to pass before merging. Set to null to disable
+#       required_status_checks:
+#         # Required. Require branches to be up to date before merging.
+#         strict: true
+#         # Required. The list of required status checks in order to merge into this branch
+#         contexts: []
+#       # Required. Enforce all configured restrictions for administrators. Set to
+#       # true to enforce required status checks for repository administrators.
+#       # Set to null to disable.
+#       enforce_admins: true
+#       # Prevent merge commits from being pushed to matching branches
+#       required_linear_history: true
+#       # Required. Restrict who can push to this branch. Team and user
+#       # restrictions are only available for organization-owned repositories. Set
+#       # to null to disable.
+#       restrictions:
+#         apps: []
+#         users: []
+#         teams: []

.github/workflows/dependency.yml

@@ -0,0 +1,30 @@
+---
+name: dependency
+
+on:
+  # Review dependencies on pull requests to the default branch
+  pull_request:
+    branches: ["main"]
+
+# Declare default permissions as read-only
+permissions: read-all
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: 🔒 harden runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: 🔂 dependency review
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        with:
+          fail-on-severity: "high"
+          deny-licenses: "AGPL-1.0, AGPL-3.0"
+          comment-summary-in-pr: true
+          warn-on-openssf-scorecard-level: 3