Add repo maintenance automation

Boyeep · Boyeep · commit 4769b7dbecb8 · 2026-03-22T01:36:37.000+07:00
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @Boyeep
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -0,0 +1,52 @@
+name: Bug Report
+description: Report a bug in the starter kit or its developer workflow.
+title: "[Bug]: "
+labels:
+  - bug
+body:
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: What is going wrong?
+      placeholder: A short description of the bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Reproduction
+      description: How can someone reproduce the issue?
+      placeholder: |
+        1. Go to ...
+        2. Run ...
+        3. Upload ...
+        4. Observe ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What should have happened instead?
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Include OS, Node version, Python version, and anything else relevant.
+      placeholder: Windows 11, Node 22, Python 3.12, Docker Desktop off, etc.
+    validations:
+      required: false
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs or Screenshots
+      description: Paste any helpful logs, stack traces, or screenshots.
+    validations:
+      required: false
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security report
+    url: https://github.com/Boyeep/nextjs-python-computer-vision-kit/security/advisories/new
+    about: Please report sensitive security issues privately.
diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml
@@ -0,0 +1,45 @@
+name: Feature Request
+description: Propose a new capability or improvement for the template.
+title: "[Feature]: "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What problem would this solve for users of the repo?
+      placeholder: The starter currently lacks ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed Solution
+      description: Describe the improvement you want to see.
+    validations:
+      required: true
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - Frontend
+        - Backend
+        - API contract
+        - CI/CD
+        - Docs
+        - Docker / deployment
+        - Developer workflow
+    validations:
+      required: true
+
+  - type: textarea
+    id: notes
+    attributes:
+      label: Extra Context
+      description: Links, mockups, tradeoffs, or implementation notes.
+    validations:
+      required: false
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/backend"
+    schedule:
+      interval: "weekly"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,21 @@
+## Summary
+
+- what changed
+- why it changed
+
+## Verification
+
+- [ ] `npm run check:contract`
+- [ ] `npm run check`
+- [ ] `npm run check:images` if Docker was available
+
+## Contract Impact
+
+- [ ] no API contract changes
+- [ ] updated `docs/openapi.yaml`
+- [ ] ran `npm run api:types`
+- [ ] updated frontend usage of generated types
+
+## Screenshots or Notes
+
+Add UI screenshots, API examples, or rollout notes if they help reviewers.
diff --git a/README.md b/README.md
@@ -9,6 +9,7 @@ It gives you a polished upload-to-inference UI, a typed OpenAPI contract, CPU-fr
   <a href="#screenshots">Screenshots</a> ·
   <a href="#what-you-get">What you get</a> ·
   <a href="./CONTRIBUTING.md">Contributing</a> ·
+  <a href="./SECURITY.md">Security</a> ·
   <a href="./soon.md">Roadmap</a>
 </p>
 
@@ -71,6 +72,7 @@ These pipelines are intentionally lightweight. They prove the repo shape and dev
 - `docs/`: OpenAPI contract and screenshot assets
 - `scripts/`: root development and verification commands
 - `.github/`: template CI workflow
+- `SECURITY.md`: vulnerability reporting guidance
 
 ## Quick Start
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported Versions
+
+This repository is a starter template, so security fixes are generally applied to the
+latest version on `main`.
+
+## Reporting A Vulnerability
+
+Please do not open a public issue for sensitive security reports.
+
+Use GitHub security advisories for private disclosure:
+
+`https://github.com/Boyeep/nextjs-python-computer-vision-kit/security/advisories/new`
+
+If the issue is not sensitive and is more of a hardening or best-practice improvement,
+you can open a normal issue instead.
+
+## Scope Notes
+
+Useful reports include:
+
+- dependency vulnerabilities in the shipped template
+- insecure default configuration in frontend, backend, or Docker files
+- unsafe upload handling or API behavior
+- secrets exposure in docs, scripts, or CI
+
+Reports that depend entirely on downstream customizations may still be useful, but they
+may be treated as template hardening suggestions rather than direct vulnerabilities.
