Add CI to the github repo

This change brings in several CI related changes:
1. On branch push, lint helm, lint go, run
   unit tests, validate CNAB, publish the
   docker image, publish the helm chart.
2. On branch push, also run container scanning using
   trivy and upload trivy results to the repo.
3. On tag cut (vX.Y.Z), publish the image to
   docker.io, publish the chart to docker.io,
   and bundle CNAB and upload to the marketplace ACR.

Author: kuthiala

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,115 @@
+name: "dev-workflow"
+
+on:
+  workflow_dispatch:
+  push:
+
+permissions:
+  id-token: write
+  contents: read
+  actions: read
+  security-events: write
+
+
+jobs:
+  lint_test_build:
+    runs-on: ubuntu-latest
+
+    env:
+      DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+
+      - name: Azure Login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Docker Login to Azure Container Registry
+        run: |
+          registry_name=${{ secrets.DOCKER_REGISTRY_PROD }}
+          az acr login --name ${registry_name%%.*}
+
+      - name: "lint + unit-test + build"
+        env: 
+          DOCKER_REGISTRY_PROD: ${{ secrets.DOCKER_REGISTRY_PROD }}
+        run: |
+              if [ "$GITHUB_REF_NAME" != "$DEFAULT_BRANCH" ]; then
+                time make helm-lint
+                # Only run Go linting if Go files have changed
+                if git diff --name-only HEAD~1 HEAD | grep -E '\.(go|mod)$'; then
+                  echo "Go files detected in changes, running Go linters..."
+                  time make lint
+                  git diff --exit-code
+                else
+                  echo "No Go files changed, skipping Go linting..."
+                fi
+                time make test
+              fi
+              time make publish
+              time make publish-helm
+
+  validate_cnab:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+
+      - name: Azure Login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Docker Login to Azure Container Registry
+        run: |
+          registry_name=${{ secrets.DOCKER_REGISTRY_PROD }}
+          az acr login --name ${registry_name%%.*}
+
+      - name: "validate-cnab"
+        run: time make validate-cnab
+
+  security_scanning:
+    needs: [lint_test_build, validate_cnab]
+    runs-on: ubuntu-latest
+
+    env:
+      DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+
+      - name: Azure Login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Docker Login to Azure Container Registry
+        run: |
+          registry_name=${{ secrets.DOCKER_REGISTRY_PROD }}
+          az acr login --name ${registry_name%%.*}
+
+      - name: "NLK image scanning"
+        env: 
+          DOCKER_REGISTRY_PROD: ${{ secrets.DOCKER_REGISTRY_PROD }}
+        run: time make scan-container-image
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results/trivy/trivy-results.sarif

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,77 @@
+name: dockerhub-release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  dockerhub-release:
+    runs-on: ubuntu-latest
+    if: >
+      startsWith(github.ref_name, 'v') &&
+      github.ref_type == 'tag' &&
+      contains(github.ref_name, '.')
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Azure Login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Docker Login to the Source Azure Container Registry
+        run: |
+          registry_name=${{ secrets.DOCKER_REGISTRY_PROD }}
+          az acr login --name ${registry_name%%.*}
+
+      - name: Release Docker Image to Dockerhub
+        run: make release-docker-image
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          DOCKER_REGISTRY_PROD: ${{ secrets.DOCKER_REGISTRY_PROD }}
+
+      - name: Release Helm Chart to Dockerhub
+        run: make release-helm-chart
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          DOCKER_REGISTRY_PROD: ${{ secrets.DOCKER_REGISTRY_PROD }}
+
+  cnab-release:
+    needs: [dockerhub-release]
+    runs-on: ubuntu-latest
+
+    if: >
+      startsWith(github.ref_name, 'v') &&
+      github.ref_type == 'tag' &&
+      contains(github.ref_name, '.')
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Azure Login via OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_MARKETPLACE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_MARKETPLACE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_MARKETPLACE_SUBSCRIPTION_ID }}
+
+      - name: Docker Login to the Marketplace Azure Container Registry
+        run: |
+          registry_name=${{ secrets.DOCKER_REGISTRY_MARKETPLACE }}
+          az acr login --name ${registry_name%%.*}
+
+      - name: Release CNAB Bundle to Marketplace Registry
+        run: make release-cnab
+        env:
+          DOCKER_REGISTRY_PROD: ${{ secrets.DOCKER_REGISTRY_PROD }}