Basic GitHub workflow creation and enablement (#2)

* ADD: GitHub workflow for super-linter

ADD: GitHub workflow for super-linter with basic configuration
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Dependabot package control rules

ADD: Dependabot package control rules basic check for github actions and docker.
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Build docker image template with cache

ADD: Build docker image template with cache for reuse possibility.
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Dockerfile image build from template

ADD: Dockerfile image build from template
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Trivy basic scans for repository

ADD: Trivy basic scans for repository
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Scorecard workflow for repository evaluation

ADD: Scorecard workflow for repository evaluation
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

* ADD: Documentation build and pages publish workflow

ADD: Documentation build and pages publish workflow
Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

---------

Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>

Author: Mionsz

.github/configs/.markdown-lint.yml

@@ -0,0 +1,37 @@
+---
+###########################
+###########################
+## Markdown Linter rules ##
+###########################
+###########################
+
+# Linter rules doc:
+# - https://github.com/DavidAnson/markdownlint
+#
+# Note:
+# To comment out a single error:
+#   <!-- markdownlint-disable -->
+#   any violations you want
+#   <!-- markdownlint-restore -->
+#
+
+###############
+# Rules by id #
+###############
+MD004: false # Unordered list style
+MD007:
+  indent: 2 # Unordered list indentation
+MD010: false
+MD013:
+  line_length: 400 # Line length 80 is far too short
+MD024: false
+MD026: false
+  # punctuation: ".,;:!。，；:" # List of not allowed
+MD029: false # Ordered list item prefix
+MD033: false # Allow inline HTML
+MD036: false # Emphasis used instead of a heading
+
+#################
+# Rules by tags #
+#################
+blank_lines: false # Error on blank lines

.github/configs/.yaml-lint.yml

@@ -0,0 +1,59 @@
+---
+###########################################
+# These are the rules used for            #
+# linting all the yaml files in the stack #
+# NOTE:                                   #
+# You can disable line with:              #
+# # yamllint disable-line                 #
+###########################################
+rules:
+  braces:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  brackets:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  colons:
+    level: warning
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    level: warning
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments: disable
+  comments-indentation: disable
+  document-end: disable
+  document-start:
+    level: warning
+    present: true
+  empty-lines:
+    level: warning
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    level: warning
+    max-spaces-after: 1
+  indentation:
+    level: warning
+    spaces: consistent
+    indent-sequences: true
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length:
+    level: warning
+    max: 80
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /.github
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+

.github/workflows/build_docker_tpl.yml

@@ -0,0 +1,95 @@
+name: build images
+
+on:
+  workflow_call:
+    inputs:
+      build_type:
+        required: false
+        type: string
+        default: 'Release'
+      docker_registry:
+        required: false
+        type: string
+        default: 'ghcr.io'
+      docker_registry_prefix:
+        required: false
+        type: string
+        default: 'openvisualcloud/media-entertainment-ai-suite'
+      docker_registry_login:
+        required: false
+        type: boolean
+        default: false
+      docker_registry_push:
+        required: false
+        type: boolean
+        default: false
+      docker_build_args:
+        required: false
+        type: string
+        default: ''
+      docker_build_platforms:
+        required: false
+        type: string
+        default: 'linux/amd64'
+      docker_image_tag:
+        required: false
+        type: string
+      docker_image_name:
+        required: true
+        type: string
+      docker_file_path:
+        required: false
+        type: string
+        default: './Dockerfile'
+    secrets:
+      docker_registry_login:
+        required: false
+      docker_registry_passkey:
+        required: false
+
+permissions:
+  contents: read
+
+jobs:
+  scan-and-build-docker-image:
+    name: "${{ inputs.docker_image_name }}: Performing scan and build of Dockerfile."
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    env:
+      BUILD_TYPE: "${{ inputs.build_type }}"
+      CONCURRENCY_GROUP: "${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}"
+      DOCKER_REGISTRY: "${{ inputs.docker_registry }}"
+      DOCKER_REGISTRY_LOGIN: "${{ github.repository == 'openvisualcloud/media-entertainment-ai-suite' && inputs.docker_registry_login }}"
+      DOCKER_BUILD_ARGS: "${{ inputs.docker_build_args }}"
+      DOCKER_PLATFORMS: "${{ inputs.docker_build_platforms }}"
+      DOCKER_IMAGE_PUSH: "${{ github.repository == 'openvisualcloud/media-entertainment-ai-suite' && inputs.docker_registry_push }}"
+      DOCKER_IMAGE_BASE: "${{ inputs.docker_registry }}/${{ inputs.docker_registry_prefix }}"
+      DOCKER_IMAGE_TAG: "${{ inputs.docker_image_tag || github.sha }}"
+      DOCKER_IMAGE_NAME: "${{ inputs.docker_image_name }}"
+      DOCKER_FILE_PATH: "${{ inputs.docker_file_path }}"
+    steps:
+      - name: "${{ inputs.docker_image_name }}: Harden Runner"
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        with:
+          egress-policy: audit
+
+      - name: "${{ inputs.docker_image_name }}: Set up Docker Buildx"
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        with:
+          buildkitd-flags: --debug
+
+      - name: "${{ inputs.docker_image_name }}: Checkout repository"
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: "${{ inputs.docker_image_name }}: Build and push image"
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        with:
+          load: true
+          push: "${{ env.DOCKER_IMAGE_PUSH }}"
+          outputs: type=docker
+          platforms: "${{ env.DOCKER_PLATFORMS }}"
+          file: "${{ env.DOCKER_FILE_PATH }}"
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}"
+          cache-from: type=gha,scope=${{ env.DOCKER_IMAGE_NAME }}
+          cache-to: type=gha,mode=max,scope=${{ env.DOCKER_IMAGE_NAME }}
+          build-args: "${{ env.DOCKER_BUILD_ARGS }}"

.github/workflows/docker_build.yml

@@ -0,0 +1,23 @@
+name: Docker Build
+
+on:
+  pull_request:
+    branches: [ "main", "dev" ]
+  push:
+    branches: [ "main", "dev" ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  ivsr-image-build:
+    name: Build sdk Docker Image
+    uses: ./.github/workflows/build_docker_tpl.yml
+    with:
+      docker_file_path:  "Dockerfile"
+      docker_image_name: "sdk"

.github/workflows/github_pages_update.yml

@@ -0,0 +1,57 @@
+name: documentation-build-and-publish
+on:
+  workflow_call:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+
+env:
+  DEBIAN_FRONTEND: noninteractive
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  publishGitHubPages:
+    name: Publish GitHub Pages
+    permissions:
+      contents: read
+      id-token: write
+      pages: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - name: Secure the runner
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
+      - name: Prepare operating system for documentation build
+        run: |
+          sudo apt-get update -y && \
+          sudo apt-get install -y --no-install-recommends make python3 python3-pip python3-sphinx
+
+      - name: Prepare environment for documentation build
+        run: python3 -m pip install sphinx_book_theme myst_parser sphinxcontrib.mermaid sphinx-copybutton
+
+      - name: Build documentation
+        run:  make -C docs/sphinx html
+
+      - name: Upload GitHub Pages artifact
+        uses: actions/upload-pages-artifact@v3.0.1
+        with:
+          path: ./docs/_build/html
+
+      - name: Publish to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/linter.yml

@@ -0,0 +1,49 @@
+name: Linter
+on:
+  pull_request:
+  workflow_call:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch to run the scans on"
+        default: "main"
+        type: string
+
+permissions:
+  contents: read
+jobs:
+  super-linter:
+    name: "super-linter: Workflow initializing"
+    runs-on: "ubuntu-22.04"
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        with:
+          egress-policy: audit
+
+      - name: checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+          ref: "${{ env.INPUT_BRANCH }}"
+
+      - name: Lint
+        uses: super-linter/super-linter/slim@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 # v7.2.0 x-release-please-version
+        env:
+          DISABLE_ERRORS: true
+          VALIDATE_ALL_CODEBASE: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BASH_SEVERITY: "warning"
+          LINTER_RULES_PATH: ".github/configs"
+          VALIDATE_BASH_EXEC: true
+          VALIDATE_BASH: true
+          VALIDATE_CPP: true
+          VALIDATE_GITHUB_ACTIONS: true
+          VALIDATE_JSON_PRETTIER: true
+          VALIDATE_JSONC_PRETTIER: true
+          VALIDATE_MARKDOWN: true
+          VALIDATE_PYTHON_BLACK: true
+          VALIDATE_YAML_PRETTIER: true