ci: add OSS automation workflows and CODEOWNERS

- Add stale.yml to auto-close inactive issues/PRs
- Add scorecard.yml for OpenSSF security health checks
- Add labeler.yml to auto-label PRs by file paths
- Add CODEOWNERS for auto-review assignment
- Add all-contributors config for contributor recognition

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: JasonXuDeveloper - 傑 <jason@xgamedev.net>

Author: JasonXuDeveloper

.all-contributorsrc

@@ -0,0 +1,14 @@
+{
+  "projectName": "JEngine",
+  "projectOwner": "JasonXuDeveloper",
+  "repoType": "github",
+  "repoHost": "https://github.com",
+  "files": ["README.md"],
+  "imageSize": 100,
+  "commit": true,
+  "commitConvention": "angular",
+  "contributors": [],
+  "contributorsPerLine": 7,
+  "skipCi": true,
+  "contributorsSortAlphabetically": false
+}

.github/CODEOWNERS

@@ -0,0 +1,18 @@
+# CODEOWNERS - Auto-assign reviewers for pull requests
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default owner for everything
+* @JasonXuDeveloper
+
+# Core package
+/UnityProject/Packages/com.jasonxudeveloper.jengine.core/ @JasonXuDeveloper
+
+# Util package
+/UnityProject/Packages/com.jasonxudeveloper.jengine.util/ @JasonXuDeveloper
+
+# CI/CD workflows
+/.github/workflows/ @JasonXuDeveloper
+
+# Documentation
+/*.md @JasonXuDeveloper
+/docs/ @JasonXuDeveloper

.github/labeler.yml

@@ -0,0 +1,42 @@
+# Auto-labeler configuration
+# https://github.com/actions/labeler
+
+# Core package changes
+core:
+  - changed-files:
+      - any-glob-to-any-file: 'UnityProject/Packages/com.jasonxudeveloper.jengine.core/**'
+
+# Util package changes
+util:
+  - changed-files:
+      - any-glob-to-any-file: 'UnityProject/Packages/com.jasonxudeveloper.jengine.util/**'
+
+# CI/CD changes
+ci:
+  - changed-files:
+      - any-glob-to-any-file: '.github/workflows/**'
+      - any-glob-to-any-file: '.github/*.yml'
+
+# Documentation changes
+documentation:
+  - changed-files:
+      - any-glob-to-any-file: '**/*.md'
+      - any-glob-to-any-file: 'docs/**'
+
+# Test changes
+tests:
+  - changed-files:
+      - any-glob-to-any-file: 'UnityProject/Assets/Tests/**'
+      - any-glob-to-any-file: '**/*Tests*/**'
+      - any-glob-to-any-file: '**/*.Tests.cs'
+
+# Editor code changes
+editor:
+  - changed-files:
+      - any-glob-to-any-file: '**/Editor/**'
+
+# Sample/demo changes
+samples:
+  - changed-files:
+      - any-glob-to-any-file: 'UnityProject/Assets/Samples/**'
+      - any-glob-to-any-file: '**/Samples~/**'

.github/workflows/labeler.yml

@@ -0,0 +1,20 @@
+name: Auto Labeler
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Apply labels based on changed files
+        uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/labeler.yml
+          sync-labels: true

.github/workflows/scorecard.yml

@@ -0,0 +1,40 @@
+name: OpenSSF Scorecard
+
+on:
+  # Run on pushes to master and weekly
+  push:
+    branches: [master]
+  schedule:
+    # Run every Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write  # Upload to Security tab
+      id-token: write         # Publish results
+      actions: read
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Run Scorecard analysis
+        uses: ossf/scorecard-action@v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload to Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/stale.yml

@@ -0,0 +1,47 @@
+name: Stale Issues and PRs
+
+on:
+  schedule:
+    # Run daily at midnight UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Mark stale issues and PRs
+        uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+          # Issue settings
+          stale-issue-message: |
+            This issue has been automatically marked as stale because it has not had recent activity.
+            It will be closed in 14 days if no further activity occurs.
+            If this issue is still relevant, please comment or remove the stale label.
+          stale-issue-label: 'stale'
+          days-before-issue-stale: 60
+          days-before-issue-close: 14
+          exempt-issue-labels: 'pinned,security,bug,enhancement,help wanted,good first issue'
+
+          # PR settings
+          stale-pr-message: |
+            This pull request has been automatically marked as stale because it has not had recent activity.
+            It will be closed in 14 days if no further activity occurs.
+            If this PR is still relevant, please comment, push changes, or remove the stale label.
+          stale-pr-label: 'stale'
+          days-before-pr-stale: 30
+          days-before-pr-close: 14
+          exempt-pr-labels: 'pinned,security,work-in-progress'
+
+          # Close message
+          close-issue-message: 'This issue was closed due to inactivity. Feel free to reopen if still relevant.'
+          close-pr-message: 'This PR was closed due to inactivity. Feel free to reopen if still relevant.'
+
+          # Operations per run (to avoid rate limiting)
+          operations-per-run: 100