First commit setup of repo

.envrc_sample

@@ -0,0 +1,2 @@
+export GIT_TOKEN=""
+export REVIEWDOG_TOKEN=""

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# default PR approval group
+# * @org/group

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,8 @@
+# Brief description of changes
+
+## How does this PR make you feel in gif/meme format?
+
+## Reviewer Section
+
+- [ ] Have you asked any questions needed?
+- [ ] Have you checked the plan for any issues?

.github/actionlint.yml

@@ -0,0 +1,3 @@
+self-hosted-runner:
+  labels:
+    - central-actions-runner

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "03:00"
+      timezone: "America/Denver"
+    open-pull-requests-limit: 5
+    labels:
+      - "chore"

.github/settings.yml

@@ -0,0 +1,148 @@
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+
+repository:
+  # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
+
+  # The name of the repository. Changing this will rename the repository
+  name: central-actions-example
+
+  # A short description of the repository that will show up on GitHub
+  description: Centralized Github Actions
+
+  # A URL with more information about the repository
+  # homepage: https://example.github.io/
+
+  # A comma-separated list of topics to set on the repository
+  topics: github, probot
+
+  # Either `true` to make the repository private, or `false` to make it public.
+  private: false
+
+  # Either `true` to enable issues for this repository, `false` to disable them.
+  has_issues: true
+
+  # Either `true` to enable projects for this repository, or `false` to disable them.
+  # If projects are disabled for the organization, passing `true` will cause an API error.
+  has_projects: false
+
+  # Either `true` to enable the wiki for this repository, `false` to disable it.
+  has_wiki: false
+
+  # Either `true` to enable downloads for this repository, `false` to disable them.
+  has_downloads: true
+
+  # Updates the default branch for this repository.
+  default_branch: main
+
+  # Either `true` to allow squash-merging pull requests, or `false` to prevent
+  # squash-merging.
+  allow_squash_merge: true
+
+  # Either `true` to allow merging pull requests with a merge commit, or `false`
+  # to prevent merging pull requests with merge commits.
+  allow_merge_commit: true
+
+  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
+  # rebase-merging.
+  allow_rebase_merge: true
+
+  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  delete_branch_on_merge: true
+
+  # Either `true` to enable automated security fixes, or `false` to disable
+  # automated security fixes.
+  enable_automated_security_fixes: false
+
+  # Either `true` to enable vulnerability alerts, or `false` to disable
+  # vulnerability alerts.
+  enable_vulnerability_alerts: false
+# Labels: define labels for Issues and Pull Requests
+# labels:
+#   - name: bug
+#     color: CC0000
+#     description: An issue with the system 🐛.
+
+#   - name: feature
+#     # If including a `#`, make sure to wrap it with quotes!
+#     color: "#336699"
+#     description: New functionality.
+
+#   - name: Help Wanted
+#     # Provide a new name to rename an existing label
+#     new_name: first-timers-only
+
+# Milestones: define milestones for Issues and Pull Requests
+# milestones:
+#   - title: milestone-title
+#     description: milestone-description
+#     # The state of the milestone. Either `open` or `closed`
+#     state: open
+
+# Collaborators: give specific users access to this repository.
+# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
+# collaborators:
+# - username: bkeepers
+#   permission: push
+# - username: hubot
+#   permission: pull
+
+# Note: `permission` is only valid on organization-owned repositories.
+# The permission to grant the collaborator. Can be one of:
+# * `pull` - can pull, but not push to or administer this repository.
+# * `push` - can pull and push, but not administer this repository.
+# * `admin` - can pull, push and administer this repository.
+# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
+
+# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
+# teams:
+# - name: core
+#   # The permission to grant the team. Can be one of:
+#   # * `pull` - can pull, but not push to or administer this repository.
+#   # * `push` - can pull and push, but not administer this repository.
+#   # * `admin` - can pull, push and administer this repository.
+#   # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
+#   # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
+#   permission: admin
+# - name: docs
+#   permission: push
+
+# This currently isn't working https://github.com/repository-settings/app/issues/625
+branches:
+  - name: main
+    # https://docs.github.com/en/rest/reference/repos#update-branch-protection
+    # Branch Protection settings. Set to null to disable
+    protection:
+      # Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
+      required_pull_request_reviews:
+        # The number of approvals required. (1-6)
+        required_approving_review_count: 1
+        # Dismiss approved reviews automatically when a new commit is pushed.
+        dismiss_stale_reviews: true
+        # Blocks merge until code owners have reviewed.
+        require_code_owner_reviews: false
+        # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
+        # dismissal_restrictions:
+        #   users: []
+        #   teams: []
+      # Required. Require status checks to pass before merging. Set to null to disable
+      required_status_checks:
+        # Required. Require branches to be up to date before merging.
+        strict: true
+        # Required. The list of status checks to require in order to merge into this branch
+        contexts:
+          [
+            "actionlint-check/actionlint",
+            "yamllint-check/yamllint",
+            "markdownlint-check/markdownlint",
+            "shellcheck/shellcheck",
+          ]
+      # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
+      enforce_admins: false
+      # Prevent merge commits from being pushed to matching branches
+      required_linear_history: true
+      # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
+      restrictions:
+        apps: null
+        users: null
+        teams: null

.github/workflows/actionlint.yml

@@ -0,0 +1,27 @@
+# Workflow Version: 1.0.7
+name: Actionlint
+
+on:
+  workflow_call:
+    inputs:
+      runner:
+        required: true
+        type: string
+        description: Runner to use
+
+jobs:
+  actionlint:
+    runs-on: ${{ inputs.runner }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run actionlint
+        uses: reviewdog/action-actionlint@v1
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }}
+        with:
+          github_token: ${{ secrets.GIT_TOKEN }}
+          reporter: github-pr-review
+          fail_on_error: true

.github/workflows/ca_actionlint.yml

@@ -0,0 +1,13 @@
+# Workflow Version: 1.0.6
+name: Action Lint Check
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, edited, synchronize]
+
+jobs:
+  actionlint-check:
+    uses: ./.github/workflows/actionlint.yml
+    with:
+      runner: central-actions-runner
+    secrets: inherit

.github/workflows/ca_auto_increment.yml

@@ -0,0 +1,23 @@
+# Workflow Version: 1.0.1
+name: Auto Increment and Release
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/*.yml"
+
+jobs:
+  auto-increment-release:
+    permissions:
+      id-token: write
+      actions: write
+      checks: read
+      contents: read
+      pull-requests: write
+
+    uses: ./.github/workflows/wf_auto_increment.yml
+    with:
+      runner: central-actions-runner
+    secrets: inherit

.github/workflows/ca_markdownlint.yml

@@ -0,0 +1,13 @@
+# Workflow Version: 1.0.1
+name: Markdownlint Check
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, edited, synchronize]
+
+jobs:
+  markdownlint-check:
+    uses: ./.github/workflows/markdownlint.yml
+    with:
+      runner: central-actions-runner
+    secrets: inherit

.github/workflows/ca_shellcheck.yml

@@ -0,0 +1,13 @@
+# Workflow Version: 1.0.2
+name: Shellcheck
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, edited, synchronize]
+
+jobs:
+  shellcheck-check:
+    uses: ./.github/workflows/shellcheck.yml
+    with:
+      runner: central-actions-runner
+    secrets: inherit

.github/workflows/ca_yamllint.yml

@@ -0,0 +1,13 @@
+# Workflow Version: 1.0.2
+name: Yamllint Check
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, edited, synchronize]
+
+jobs:
+  yamllint-check:
+    uses: ./.github/workflows/yamllint.yml
+    with:
+      runner: central-actions-runner
+    secrets: inherit

.github/workflows/hadolint.yml

@@ -0,0 +1,53 @@
+# Workflow Version: 1.0.3
+name: Hadolint Check
+
+on:
+  workflow_call:
+    inputs:
+      dockerfile:
+        required: true
+        type: string
+        description: Path to dockerfile
+      runner:
+        required: true
+        type: string
+        description: Runner to use
+
+jobs:
+  hadolint-check:
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: hadolint/[email protected]
+        id: hadolint
+        with:
+          dockerfile: ${{ inputs.dockerfile }}
+
+      - name: Update Pull Request
+        uses: actions/github-script@v7
+        if: github.event_name == 'pull_request'
+        with:
+          script: |
+            const hadolintOutcome = "${{ steps.hadolint.outcome }}";
+            const hadolintResults = process.env.HADOLINT_RESULTS;
+            let output = '';
+
+            if (hadolintOutcome === 'success') {
+              output = "#### Your Hadolint results are nice and clean";
+            } else {
+              output = `
+                #### Hadolint Results
+                \`\`\`
+                ${hadolintResults}
+                \`\`\`
+              `;
+            }
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            });

.github/workflows/markdownlint.yml

@@ -0,0 +1,31 @@
+# Workflow Version: 1.0.2
+---
+name: MarkdownLint
+
+on:
+  workflow_call:
+    inputs:
+      runner:
+        required: true
+        type: string
+        description: Runner to use
+
+jobs:
+  markdownlint:
+    name: markdownlint
+    runs-on: ${{ inputs.runner }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GIT_TOKEN }}
+
+      - name: markdownlint
+        uses: reviewdog/action-markdownlint@v0
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }}
+        with:
+          github_token: ${{ secrets.GIT_TOKEN }}
+          reporter: github-pr-review
+          fail_on_error: "true"