From 1f08420fbebfdbecd67ccfcb71527660da08a3a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= <stefan@stoelzle.me>
Date: Fri, 17 Apr 2026 09:24:00 +0200
Subject: [PATCH 1/4] =?UTF-8?q?=F0=9F=93=9D=20Enhance=20governance=20docum?=
 =?UTF-8?q?entation=20with=20security=20and=20contribution=20standards?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/contributing.md | 52 +++++++++++++++++++++++++++++++++++++----
 .github/security.md     | 39 ++++++++++++++++++++++++++++---
 2 files changed, 84 insertions(+), 7 deletions(-)

diff --git a/.github/contributing.md b/.github/contributing.md
index 1984af4..80e0a20 100644
--- a/.github/contributing.md
+++ b/.github/contributing.md
@@ -6,13 +6,15 @@ This document outlines the process for contributing to the project and provides
 
 ## Code of Conduct
 
-By participating in this project, you are expected to uphold our Code of Conduct. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
+By participating in this project, you are expected to uphold our [Code of Conduct](./code_of_conduct). We are committed to providing a welcoming and inspiring community for all. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
+
+For more information on community standards and best practices, see the [GitHub Communities Guide](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions).
 
 ## How Can I Contribute?
 
 ### Reporting Bugs
 
-Before creating bug reports, please check the existing issues to avoid duplicates. When you create a bug report, include as many details as possible:
+Before creating bug reports, please check the existing issues to avoid duplicates. Use the [Bug Report template](./issue_template/bug-report.md) when creating a bug report. When you create a bug report, include as many details as possible:
 
 - A clear and descriptive title
 - Steps to reproduce the behavior
@@ -21,14 +23,17 @@ Before creating bug reports, please check the existing issues to avoid duplicate
 - Environment details (OS, Node.js version, etc.)
 - Command line arguments you used with the tool
 
+See [About issue and pull request templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates) for more information.
+
 ### Suggesting Enhancements
 
-Enhancement suggestions are tracked as GitHub issues. When creating an enhancement suggestion:
+Enhancement suggestions are tracked as GitHub issues. Use the [Feature Request template](./issue_template/feature-request.md) when creating an enhancement suggestion:
 
 - Use a clear and descriptive title
 - Provide a detailed description of the proposed functionality
 - Explain why this enhancement would be useful
 - Include code examples or mockups if applicable
+- Consider starting a discussion in [GitHub Discussions](https://github.com/stoe/action-reporting-cli/discussions) first for early feedback
 
 ### Pull Requests
 
@@ -39,9 +44,47 @@ Follow these steps to submit your contributions:
 3. Make your changes (see [Development Guidelines](#development-guidelines))
 4. Run tests to ensure they pass (`npm test`)
 5. Commit your changes using a descriptive commit message that follows our [commit message guidelines](#commit-message-guidelines)
+   - **All commits must be signed with a verified signature** (see [Commit Signing](#commit-signing))
 6. Push to your branch (`git push origin my-new-feature`)
-7. Create a new Pull Request
+7. Create a new Pull Request using the [Pull Request template](./pull_request_template.md)
+
+Pull requests that affect functionality must include updates to the relevant documentation in the README.md file.
+
+#### Labels
+
+Please add one or more repository labels to your pull request:
+
+- `bug :bug:`
+- `feature-request :construction:`
+- `dependency :robot:`
+- `github-action :robot:`
+- `help wanted :hand:`
+- `wontfix :no_entry:` (if the pull request closes as not planned)
+
+#### Commit Signing
+
+We require all commits to be signed with a verified signature to maintain the integrity and security of this project.
+
+**How to sign your commits:**
+
+- **GPG**: [Signing commits with GPG](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- **SSH**: [Signing commits with SSH](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits-with-ssh-key)
+- **Web UI**: Commits made through GitHub's web interface are automatically signed
+
+To configure automatic commit signing locally:
+
+```sh
+# For GPG
+git config --global user.signingKey <KEY_ID>
+git config --global commit.gpgsign true
+
+# For SSH
+git config --global gpg.format ssh
+git config --global user.signingKey ~/.ssh/id_ed25519.pub
+git config --global commit.gpgsign true
+```
 
+, please use the [Pull Request template](./pull_request_template.md). Pull requests that affect functionality must include updates to the relevant documentation in the README.md file
 When submitting pull requests that affect functionality, please make sure to update the relevant documentation in the README.md file as well.
 
 ## Development Guidelines
@@ -136,6 +179,7 @@ Examples:
 ## Additional Resources
 
 - [GitHub Pull Request Documentation](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests)
+- [GitHub Communities Guide](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions)
 - [Test documentation](../test/readme.md) for detailed testing information
 
 Thanks for contributing to action-reporting-cli!
diff --git a/.github/security.md b/.github/security.md
index 1d8f6fd..8da6fd8 100644
--- a/.github/security.md
+++ b/.github/security.md
@@ -1,6 +1,39 @@
 # Security Policy
 
-If you discover a security issue in this repo, please open a [private security advisory](https://github.com/stoe/action-reporting-cli/security/advisories/new).
-Please do not open a public issue.
+## Reporting Security Vulnerabilities
 
-Thanks for helping make this project safe for everyone.
+If you discover a security vulnerability in this repository, please report it responsibly by opening a [private security advisory](https://github.com/stoe/action-reporting-cli/security/advisories/new).
+
+**Please do not open a public issue** for security vulnerabilities, as this could expose the vulnerability before a fix is available.
+
+Thanks for helping keep this project safe for everyone.
+
+## Security Requirements for Contributors
+
+### Verified Commit Signatures
+
+All contributions must be made with **verified commit signatures**. This is a core security requirement that ensures:
+
+- Authenticity of contributions
+- Protection against unauthorized code injection
+- Compliance with security best practices
+
+Commit signing is mandatory for all pull requests. Unsigned commits will be requested to be updated before merge.
+
+**Learn more about commit signing:**
+
+- [About commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
+- [Signing commits with GPG](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- [Signing commits with SSH](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits-with-ssh-key)
+
+## Dependency Security
+
+We regularly update dependencies and monitor for known vulnerabilities. Contributors are encouraged to:
+
+- Keep dependencies up to date
+- Report any known vulnerabilities in dependencies
+- Follow the [Contributing Guidelines](./contributing.md) when submitting dependency updates
+
+## Contact
+
+For security-related questions or concerns, contact [github@stoelzle.me](mailto:github@stoelzle.me).

From 88e32b8689318b17e275c0225e83bd9234fd65ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= <stefan@stoelzle.me>
Date: Fri, 17 Apr 2026 09:24:59 +0200
Subject: [PATCH 2/4] =?UTF-8?q?=E2=9C=A8=20Add=20GitHub=20community=20temp?=
 =?UTF-8?q?lates=20for=20issues=20and=20pull=20requests?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/code_of_conduct.md                | 47 ++++++++++++++++++++
 .github/issue_template/bug_report.md      | 50 ++++++++++++++++++++++
 .github/issue_template/config.yml         |  6 +++
 .github/issue_template/feature_request.md | 39 +++++++++++++++++
 .github/pull_request_template.md          | 52 +++++++++++++++++++++++
 5 files changed, 194 insertions(+)
 create mode 100644 .github/code_of_conduct.md
 create mode 100644 .github/issue_template/bug_report.md
 create mode 100644 .github/issue_template/config.yml
 create mode 100644 .github/issue_template/feature_request.md
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/code_of_conduct.md b/.github/code_of_conduct.md
new file mode 100644
index 0000000..cbe4f7c
--- /dev/null
+++ b/.github/code_of_conduct.md
@@ -0,0 +1,47 @@
+# Contributor Covenant Code of Conduct
+
+## Our Commitment
+
+We are committed to providing a welcoming and inspiring community for all. We pledge to create an environment of mutual respect where all participants feel valued and heard.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+- Being patient and understanding with new contributors
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information (doxing) without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+- Discrimination based on race, color, religion, gender, gender identity and expression, age, national origin, political belief, disability, sexual orientation, marital status, or veteran status
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces and also applies when an individual is representing the project or its community in public spaces. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainers at [github@stoelzle.me](mailto:github@stoelzle.me). All complaints will be reviewed and investigated promptly and fairly.
+
+All project maintainers are obligated to respect the privacy and security of the reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
diff --git a/.github/issue_template/bug_report.md b/.github/issue_template/bug_report.md
new file mode 100644
index 0000000..6b1d08e
--- /dev/null
+++ b/.github/issue_template/bug_report.md
@@ -0,0 +1,50 @@
+---
+name: Bug Report
+about: Report a bug to help us improve
+title: '🐛 '
+labels: 'bug :bug:'
+assignees: stoe
+---
+
+## Description
+
+A clear and concise description of what the bug is.
+
+## Steps to Reproduce
+
+Steps to reproduce the behavior:
+
+1. Run command `...`
+2. With arguments `...`
+3. See error
+
+## Expected Behavior
+
+A clear and concise description of what you expected to happen.
+
+## Actual Behavior
+
+What actually happened instead of the expected behavior.
+
+## Environment
+
+- **OS**: (e.g., macOS 14.0, Ubuntu 22.04, Windows 11)
+- **Node.js version**: (e.g., 18.0.0, 20.9.0)
+- **action-reporting-cli version**: (e.g., 1.0.0)
+- **Command used**: (e.g., `npx action-reporting-cli --help`)
+
+## Screenshots or Output
+
+If applicable, include terminal output, error messages, or screenshots:
+
+```
+Paste error output here
+```
+
+## Additional Context
+
+Add any other context about the problem here, such as:
+
+- Custom configuration files
+- Environment variables
+- Recent changes to your setup
diff --git a/.github/issue_template/config.yml b/.github/issue_template/config.yml
new file mode 100644
index 0000000..553dbed
--- /dev/null
+++ b/.github/issue_template/config.yml
@@ -0,0 +1,6 @@
+blank_issues_enabled: false
+
+contact_links:
+  - name: LinkedIn
+    url: https://www.linkedin.com/in/stoe
+    about: Find me on LinkedIn.
diff --git a/.github/issue_template/feature_request.md b/.github/issue_template/feature_request.md
new file mode 100644
index 0000000..96eeea2
--- /dev/null
+++ b/.github/issue_template/feature_request.md
@@ -0,0 +1,39 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: '🚧 '
+labels: 'feature-request :construction:'
+assignees: stoe
+---
+
+## Description
+
+A clear and concise description of what you would like to happen.
+
+## Problem Statement
+
+Is your feature request related to a problem? Please describe the problem:
+
+## Proposed Solution
+
+Describe the solution or feature you'd like to see implemented:
+
+## Alternative Solutions
+
+Have you considered alternative approaches or solutions?
+
+## Use Case
+
+Describe a use case where this feature would be helpful:
+
+## Example
+
+If applicable, provide example input/output or code:
+
+```
+Example here
+```
+
+## Additional Context
+
+Add any other context, mockups, or references here.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..7f6072d
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,52 @@
+## Description
+
+Please include a summary of the changes and related context. Explain why this change is needed.
+
+## Type of Change
+
+Please select the relevant option:
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] Documentation update
+- [ ] Dependency update
+
+## Related Issues
+
+Closes: #(issue number)
+
+## Changes Made
+
+- Bullet point 1
+- Bullet point 2
+- Bullet point 3
+
+## Testing
+
+Please describe the tests you ran and how to reproduce them:
+
+```
+Commands to test:
+1.
+2.
+3.
+```
+
+## Checklist
+
+Please ensure your contribution adheres to the following:
+
+- [ ] My commits are signed with a verified signature (required)
+- [ ] I have followed the code style guidelines in this project
+- [ ] I have updated the README.md if applicable
+- [ ] I have added tests for new functionality
+- [ ] All tests pass locally (`npm test`)
+- [ ] I have run the linter (`npm run lint`)
+- [ ] I have run the formatter (`npm run format`)
+- [ ] I have added/updated documentation for any new or changed functionality
+- [ ] My pull request title is descriptive and follows Gitmoji conventions
+
+## Additional Context
+
+Add any other relevant context or screenshots here.

From 326852c42fff2ca442bec9406655d10747097496 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= <stefan@stoelzle.me>
Date: Fri, 17 Apr 2026 11:39:54 +0200
Subject: [PATCH 3/4] Apply suggestions from code review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Stefan Stölzle <stoe@github.com>
---
 .github/contributing.md          | 2 +-
 .github/pull_request_template.md | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/contributing.md b/.github/contributing.md
index 80e0a20..56e8f96 100644
--- a/.github/contributing.md
+++ b/.github/contributing.md
@@ -6,7 +6,7 @@ This document outlines the process for contributing to the project and provides
 
 ## Code of Conduct
 
-By participating in this project, you are expected to uphold our [Code of Conduct](./code_of_conduct). We are committed to providing a welcoming and inspiring community for all. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
+By participating in this project, you are expected to uphold our [Code of Conduct](./code_of_conduct.md). We are committed to providing a welcoming and inspiring community for all. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
 
 For more information on community standards and best practices, see the [GitHub Communities Guide](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions).
 
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 7f6072d..695f11f 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -41,8 +41,7 @@ Please ensure your contribution adheres to the following:
 - [ ] I have followed the code style guidelines in this project
 - [ ] I have updated the README.md if applicable
 - [ ] I have added tests for new functionality
-- [ ] All tests pass locally (`npm test`)
-- [ ] I have run the linter (`npm run lint`)
+- [ ] All tests pass locally (`npm test`, including pretest linting)
 - [ ] I have run the formatter (`npm run format`)
 - [ ] I have added/updated documentation for any new or changed functionality
 - [ ] My pull request title is descriptive and follows Gitmoji conventions

From 64bcdbc217e0937d830b328bed06867b9eaaae31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= <stefan@stoelzle.me>
Date: Fri, 17 Apr 2026 11:43:44 +0200
Subject: [PATCH 4/4] =?UTF-8?q?=F0=9F=9A=9A=20Capitalise=20`.github/ISSUE?=
 =?UTF-8?q?=5FTEMPLATE`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/{issue_template => ISSUE_TEMPLATE}/bug_report.md      | 0
 .github/{issue_template => ISSUE_TEMPLATE}/config.yml         | 0
 .github/{issue_template => ISSUE_TEMPLATE}/feature_request.md | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 rename .github/{issue_template => ISSUE_TEMPLATE}/bug_report.md (100%)
 rename .github/{issue_template => ISSUE_TEMPLATE}/config.yml (100%)
 rename .github/{issue_template => ISSUE_TEMPLATE}/feature_request.md (100%)

diff --git a/.github/issue_template/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
similarity index 100%
rename from .github/issue_template/bug_report.md
rename to .github/ISSUE_TEMPLATE/bug_report.md
diff --git a/.github/issue_template/config.yml b/.github/ISSUE_TEMPLATE/config.yml
similarity index 100%
rename from .github/issue_template/config.yml
rename to .github/ISSUE_TEMPLATE/config.yml
diff --git a/.github/issue_template/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
similarity index 100%
rename from .github/issue_template/feature_request.md
rename to .github/ISSUE_TEMPLATE/feature_request.md