Merge pull request #28 from photon-hq/feat/eng-441-github-templates-and-workflows

feat ✨: add GitHub issue templates and security workflows

Author: LingJueYa

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,57 @@
+---
+name: Bug Report
+description: Report a bug encountered while using imessage-kit SDK
+labels:
+  - bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a bug! Please fill out the form below to help us understand and fix the issue.
+
+  - type: checkboxes
+    id: confirmations
+    attributes:
+      label: Pre-submission checklist
+      options:
+        - label: I have searched existing issues and this is not a duplicate
+          required: true
+        - label: I have read the [README](https://github.com/photon-hq/imessage-kit#readme)
+          required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: What happened?
+      description: A clear and concise description of what the bug is.
+      placeholder: Describe the bug...
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect to happen?
+      placeholder: Describe what you expected...
+    validations:
+      required: true
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: Steps to reproduce
+      description: Minimal code or steps to reproduce the issue.
+      placeholder: |
+        1. Initialize SDK with...
+        2. Call method...
+        3. See error...
+      render: typescript
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional context
+      description: Any other context, screenshots, or information that might help.
+

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,9 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 Questions & Discussions
+    url: https://github.com/photon-hq/imessage-kit/discussions
+    about: Ask questions, share ideas, or discuss usage with the community
+  - name: 📖 Documentation
+    url: https://github.com/photon-hq/imessage-kit#readme
+    about: Check the README and examples before opening an issue

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -0,0 +1,67 @@
+---
+name: Feature Request
+description: Suggest a new feature or enhancement
+labels:
+  - enhancement
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for suggesting a feature! Please provide as much detail as possible to help us understand your idea.
+
+  - type: textarea
+    id: feature
+    attributes:
+      label: What would you like to be added?
+      description: A clear and concise description of the feature.
+      placeholder: I would like the SDK to support...
+    validations:
+      required: true
+
+  - type: textarea
+    id: rationale
+    attributes:
+      label: Why is this needed?
+      description: Explain the problem this feature would solve.
+      placeholder: Currently, I cannot do X because...
+    validations:
+      required: true
+
+  - type: textarea
+    id: use-case
+    attributes:
+      label: Example usage
+      description: Show how you would use this feature in code.
+      placeholder: |
+        const sdk = new IMessageSDK({ ... })
+        
+        // Example of how the new feature would work
+        await sdk.newFeature()
+      render: typescript
+
+  - type: dropdown
+    id: impact
+    attributes:
+      label: How many users would benefit?
+      options:
+        - Few (niche use case)
+        - Some (common scenario)
+        - Many (most users would benefit)
+    validations:
+      required: true
+
+  - type: dropdown
+    id: willing-to-contribute
+    attributes:
+      label: Would you be willing to contribute this feature?
+      options:
+        - "Yes, I can submit a PR"
+        - "Yes, with guidance"
+        - "No, but I can help test"
+        - "No"
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional context
+      description: Any other context, mockups, or references.

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,41 @@
+---
+name: "CodeQL"
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '20 14 * * 5'
+
+permissions: read-all
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript-typescript']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/scorecards.yml

@@ -0,0 +1,44 @@
+---
+name: Scorecards supply-chain security
+
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '45 1 * * 0'
+  push:
+    branches: ["main"]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@v4
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/stale.yml

@@ -0,0 +1,28 @@
+---
+name: Mark and close stale issues and PRs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          days-before-stale: 90
+          days-before-close: 21
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          exempt-issue-labels: 'pinned,help wanted,good first issue'
+          exempt-pr-labels: 'pinned,help wanted'
+          stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.'
+          stale-pr-message: 'This pull request has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.'
+          close-issue-message: 'This issue has been automatically closed because it has been stale for 21 days with no additional activity. If you believe this was closed in error or still requires attention, please feel free to reopen or create a new issue with updated details.'
+          close-pr-message: 'This pull request has been automatically closed because it has been stale for 21 days with no additional activity. If you believe this was closed in error or would like to continue the work, please reopen the pull request or open a new one with updated changes.'
+          operations-per-run: 30