✨ Add community health files and governance templates

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,50 @@
+---
+name: Bug Report
+about: Report a bug to help us improve
+title: '🐛 '
+labels: 'bug :bug:'
+assignees: stoe
+---
+
+## Description
+
+A clear and concise description of what the bug is.
+
+## Steps to Reproduce
+
+Steps to reproduce the behavior:
+
+1. Run command `...`
+2. With arguments `...`
+3. See error
+
+## Expected Behavior
+
+A clear and concise description of what you expected to happen.
+
+## Actual Behavior
+
+What actually happened instead of the expected behavior.
+
+## Environment
+
+- **OS**: (e.g., macOS 14.0, Ubuntu 22.04, Windows 11)
+- **Node.js version**: (e.g., 18.0.0, 20.9.0)
+- **action-reporting-cli version**: (e.g., 1.0.0)
+- **Command used**: (e.g., `npx action-reporting-cli --help`)
+
+## Screenshots or Output
+
+If applicable, include terminal output, error messages, or screenshots:
+
+```
+Paste error output here
+```
+
+## Additional Context
+
+Add any other context about the problem here, such as:
+
+- Custom configuration files
+- Environment variables
+- Recent changes to your setup

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,6 @@
+blank_issues_enabled: false
+
+contact_links:
+  - name: LinkedIn
+    url: https://www.linkedin.com/in/stoe
+    about: Find me on LinkedIn.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,39 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: '🚧 '
+labels: 'feature-request :construction:'
+assignees: stoe
+---
+
+## Description
+
+A clear and concise description of what you would like to happen.
+
+## Problem Statement
+
+Is your feature request related to a problem? Please describe the problem:
+
+## Proposed Solution
+
+Describe the solution or feature you'd like to see implemented:
+
+## Alternative Solutions
+
+Have you considered alternative approaches or solutions?
+
+## Use Case
+
+Describe a use case where this feature would be helpful:
+
+## Example
+
+If applicable, provide example input/output or code:
+
+```
+Example here
+```
+
+## Additional Context
+
+Add any other context, mockups, or references here.

.github/code_of_conduct.md

@@ -0,0 +1,47 @@
+# Contributor Covenant Code of Conduct
+
+## Our Commitment
+
+We are committed to providing a welcoming and inspiring community for all. We pledge to create an environment of mutual respect where all participants feel valued and heard.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+- Being patient and understanding with new contributors
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information (doxing) without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+- Discrimination based on race, color, religion, gender, gender identity and expression, age, national origin, political belief, disability, sexual orientation, marital status, or veteran status
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces and also applies when an individual is representing the project or its community in public spaces. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainers at [github@stoelzle.me](mailto:github@stoelzle.me). All complaints will be reviewed and investigated promptly and fairly.
+
+All project maintainers are obligated to respect the privacy and security of the reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

.github/contributing.md

@@ -6,13 +6,15 @@ This document outlines the process for contributing to the project and provides
 
 ## Code of Conduct
 
-By participating in this project, you are expected to uphold our Code of Conduct. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
+By participating in this project, you are expected to uphold our [Code of Conduct](./code_of_conduct.md). We are committed to providing a welcoming and inspiring community for all. Please report unacceptable behavior to [github@stoelzle.me](mailto:github@stoelzle.me).
+
+For more information on community standards and best practices, see the [GitHub Communities Guide](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions).
 
 ## How Can I Contribute?
 
 ### Reporting Bugs
 
-Before creating bug reports, please check the existing issues to avoid duplicates. When you create a bug report, include as many details as possible:
+Before creating bug reports, please check the existing issues to avoid duplicates. Use the [Bug Report template](./issue_template/bug-report.md) when creating a bug report. When you create a bug report, include as many details as possible:
 
 - A clear and descriptive title
 - Steps to reproduce the behavior
@@ -21,14 +23,17 @@ Before creating bug reports, please check the existing issues to avoid duplicate
 - Environment details (OS, Node.js version, etc.)
 - Command line arguments you used with the tool
 
+See [About issue and pull request templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates) for more information.
+
 ### Suggesting Enhancements
 
-Enhancement suggestions are tracked as GitHub issues. When creating an enhancement suggestion:
+Enhancement suggestions are tracked as GitHub issues. Use the [Feature Request template](./issue_template/feature-request.md) when creating an enhancement suggestion:
 
 - Use a clear and descriptive title
 - Provide a detailed description of the proposed functionality
 - Explain why this enhancement would be useful
 - Include code examples or mockups if applicable
+- Consider starting a discussion in [GitHub Discussions](https://github.com/stoe/action-reporting-cli/discussions) first for early feedback
 
 ### Pull Requests
 
@@ -39,9 +44,47 @@ Follow these steps to submit your contributions:
 3. Make your changes (see [Development Guidelines](#development-guidelines))
 4. Run tests to ensure they pass (`npm test`)
 5. Commit your changes using a descriptive commit message that follows our [commit message guidelines](#commit-message-guidelines)
+   - **All commits must be signed with a verified signature** (see [Commit Signing](#commit-signing))
 6. Push to your branch (`git push origin my-new-feature`)
-7. Create a new Pull Request
+7. Create a new Pull Request using the [Pull Request template](./pull_request_template.md)
+
+Pull requests that affect functionality must include updates to the relevant documentation in the README.md file.
+
+#### Labels
+
+Please add one or more repository labels to your pull request:
+
+- `bug :bug:`
+- `feature-request :construction:`
+- `dependency :robot:`
+- `github-action :robot:`
+- `help wanted :hand:`
+- `wontfix :no_entry:` (if the pull request closes as not planned)
+
+#### Commit Signing
+
+We require all commits to be signed with a verified signature to maintain the integrity and security of this project.
+
+**How to sign your commits:**
+
+- **GPG**: [Signing commits with GPG](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- **SSH**: [Signing commits with SSH](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits-with-ssh-key)
+- **Web UI**: Commits made through GitHub's web interface are automatically signed
+
+To configure automatic commit signing locally:
+
+```sh
+# For GPG
+git config --global user.signingKey <KEY_ID>
+git config --global commit.gpgsign true
+
+# For SSH
+git config --global gpg.format ssh
+git config --global user.signingKey ~/.ssh/id_ed25519.pub
+git config --global commit.gpgsign true
+```
 
+, please use the [Pull Request template](./pull_request_template.md). Pull requests that affect functionality must include updates to the relevant documentation in the README.md file
 When submitting pull requests that affect functionality, please make sure to update the relevant documentation in the README.md file as well.
 
 ## Development Guidelines
@@ -136,6 +179,7 @@ Examples:
 ## Additional Resources
 
 - [GitHub Pull Request Documentation](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests)
+- [GitHub Communities Guide](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions)
 - [Test documentation](../test/readme.md) for detailed testing information
 
 Thanks for contributing to action-reporting-cli!

.github/pull_request_template.md

@@ -0,0 +1,51 @@
+## Description
+
+Please include a summary of the changes and related context. Explain why this change is needed.
+
+## Type of Change
+
+Please select the relevant option:
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] Documentation update
+- [ ] Dependency update
+
+## Related Issues
+
+Closes: #(issue number)
+
+## Changes Made
+
+- Bullet point 1
+- Bullet point 2
+- Bullet point 3
+
+## Testing
+
+Please describe the tests you ran and how to reproduce them:
+
+```
+Commands to test:
+1.
+2.
+3.
+```
+
+## Checklist
+
+Please ensure your contribution adheres to the following:
+
+- [ ] My commits are signed with a verified signature (required)
+- [ ] I have followed the code style guidelines in this project
+- [ ] I have updated the README.md if applicable
+- [ ] I have added tests for new functionality
+- [ ] All tests pass locally (`npm test`, including pretest linting)
+- [ ] I have run the formatter (`npm run format`)
+- [ ] I have added/updated documentation for any new or changed functionality
+- [ ] My pull request title is descriptive and follows Gitmoji conventions
+
+## Additional Context
+
+Add any other relevant context or screenshots here.

.github/security.md

@@ -1,6 +1,39 @@
 # Security Policy
 
-If you discover a security issue in this repo, please open a [private security advisory](https://github.com/stoe/action-reporting-cli/security/advisories/new).
-Please do not open a public issue.
+## Reporting Security Vulnerabilities
 
-Thanks for helping make this project safe for everyone.
+If you discover a security vulnerability in this repository, please report it responsibly by opening a [private security advisory](https://github.com/stoe/action-reporting-cli/security/advisories/new).
+
+**Please do not open a public issue** for security vulnerabilities, as this could expose the vulnerability before a fix is available.
+
+Thanks for helping keep this project safe for everyone.
+
+## Security Requirements for Contributors
+
+### Verified Commit Signatures
+
+All contributions must be made with **verified commit signatures**. This is a core security requirement that ensures:
+
+- Authenticity of contributions
+- Protection against unauthorized code injection
+- Compliance with security best practices
+
+Commit signing is mandatory for all pull requests. Unsigned commits will be requested to be updated before merge.
+
+**Learn more about commit signing:**
+
+- [About commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
+- [Signing commits with GPG](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- [Signing commits with SSH](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits-with-ssh-key)
+
+## Dependency Security
+
+We regularly update dependencies and monitor for known vulnerabilities. Contributors are encouraged to:
+
+- Keep dependencies up to date
+- Report any known vulnerabilities in dependencies
+- Follow the [Contributing Guidelines](./contributing.md) when submitting dependency updates
+
+## Contact
+
+For security-related questions or concerns, contact [github@stoelzle.me](mailto:github@stoelzle.me).