Initial Import

Author: Faerkeren

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Default owners for everything in the repo
+* @Graphras-com

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,30 @@
+---
+name: Bug Report
+about: Report a bug or unexpected behavior
+title: "[Bug] "
+labels: bug
+---
+
+## Describe the bug
+
+<!-- A clear and concise description of what the bug is. -->
+
+## Steps to reproduce
+
+1.
+2.
+3.
+
+## Expected behavior
+
+<!-- What you expected to happen. -->
+
+## Actual behavior
+
+<!-- What actually happened. Include error messages or logs if available. -->
+
+## Environment
+
+- OS:
+- Python version:
+- Docker version (if applicable):

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,22 @@
+---
+name: Feature Request
+about: Suggest a new feature or improvement
+title: "[Feature] "
+labels: enhancement
+---
+
+## Problem
+
+<!-- What problem does this feature solve? -->
+
+## Proposed solution
+
+<!-- Describe the solution you'd like. -->
+
+## Alternatives considered
+
+<!-- Any alternative solutions or features you've considered. -->
+
+## Additional context
+
+<!-- Any other context, screenshots, or references. -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,18 @@
+## What
+
+<!-- Brief description of the change -->
+
+## Why
+
+<!-- Motivation / issue link -->
+
+## How
+
+<!-- Implementation approach, if not obvious -->
+
+## Checklist
+
+- [ ] Tests pass locally (`pytest`)
+- [ ] Linting passes (`ruff check . && ruff format --check .`)
+- [ ] No new secrets or credentials committed
+- [ ] Documentation updated (if applicable)

.github/SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly.
+
+**Do not open a public issue.**
+
+Instead, please email security concerns to the repository maintainers via the
+contact information on the [Graphras-com](https://github.com/Graphras-com)
+organization profile.
+
+We will acknowledge receipt within 48 hours and aim to provide a fix or
+mitigation within 7 days for critical issues.

.github/dependabot.yml

@@ -0,0 +1,57 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: UTC
+    commit-message:
+      prefix: chore(actions)
+    labels:
+      - dependencies
+      - github-actions
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: UTC
+    commit-message:
+      prefix: chore(pip)
+    labels:
+      - dependencies
+      - python
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: npm
+    directory: "/frontend"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: UTC
+    commit-message:
+      prefix: chore(npm)
+    labels:
+      - dependencies
+      - javascript
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: UTC
+    commit-message:
+      prefix: chore(docker)
+    labels:
+      - dependencies
+      - docker
+    open-pull-requests-limit: 5

.github/workflows/README.md

@@ -0,0 +1,7 @@
+# Workflows
+
+This directory contains reusable and orchestrated GitHub Actions workflows for this repository.
+
+For template usage, configuration variables, and onboarding steps, see:
+
+- [`TEMPLATE_WORKFLOWS.md`](../../TEMPLATE_WORKFLOWS.md)

.github/workflows/build-and-push.yml

@@ -0,0 +1,75 @@
+name: Build and Push Docker Image
+
+on:
+  workflow_call:
+    inputs:
+      push-image:
+        description: Push image to registry.
+        required: false
+        type: boolean
+        default: false
+      environment:
+        description: GitHub Actions environment to pull variables from (e.g. staging, production).
+        required: false
+        type: string
+        default: ""
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment || null }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+
+      - name: Log in to GitHub Container Registry
+        if: ${{ inputs.push-image }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=raw,value=staging,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: ${{ inputs.push-image }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            VITE_CLIENT_ID=${{ vars.VITE_CLIENT_ID || '' }}
+            VITE_TENANT_ID=${{ vars.VITE_TENANT_ID || '' }}
+            VITE_API_SCOPE=${{ vars.VITE_API_SCOPE || '' }}
+            VITE_AUTHORITY=${{ vars.VITE_AUTHORITY || '' }}
+            VITE_BUILD_COMMIT=${{ github.sha }}
+            VITE_BUILD_TAG=${{ github.ref_type == 'tag' && github.ref_name || '' }}
+            VITE_BUILD_BRANCH=${{ github.ref_name }}
+            VITE_BUILD_TIME=${{ github.event.head_commit.timestamp || github.event.repository.updated_at }}