chore: add community files

.github/CONTRIBUTING.md

@@ -0,0 +1,21 @@
+# Contributing
+
+If you want to submit a pull request to fix a bug or enhance an existing
+feature, please first open an issue and link to that issue when you
+submit your pull request.
+
+If you have any questions about a possible submission, feel free to open
+an issue too.
+
+### Pull request process
+
+1. Fork this repository
+2. Create a branch in your fork to implement the changes. We recommend using
+   the issue number as part of your branch name, e.g. `1234-fixes`
+3. Ensure that any documentation is updated with the changes that are required
+   by your fix.
+4. Ensure that any samples are updated if the base image has been changed.
+5. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
+   what your changes are meant to do and provide simple steps on how to validate
+   your changes. Ensure that you reference the issue you created as well.
+   The pull request will be review before it is merged.

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,17 @@
+---
+name: Bug Report
+about: Report a bug you encountered
+labels: bug
+---
+**What happened**:
+
+**What you expected to happen**:
+
+**How to reproduce it (as minimally and precisely as possible)**:
+
+**Anything else we need to know?**:
+
+**Environment**:
+- Affected Version:
+- OS (e.g: `cat /etc/os-release`):
+- Others:

.github/ISSUE_TEMPLATE/enhancement.md

@@ -0,0 +1,8 @@
+---
+name: Enhancement Request
+about: Suggest an enhancement
+labels: enhancement
+---
+**What would you like to be added**:
+
+**Why is this needed**:

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,19 @@
+### Type of Change
+- [ ] New feature
+- [ ] Bug fix
+- [ ] Documentation update
+- [ ] Refactoring
+- [ ] Hotfix
+- [ ] Security patch
+
+### Description
+_[Provide a detailed explanation of the changes you have made. Include the reasons behind these changes and any relevant context. Link any related issues.]_
+
+### Related Issues
+_[If this pull request addresses an issue, please link to it here (e.g., Fixes #123).]_
+
+### Checklist
+- [ ] My code adheres to the coding and style guidelines of the project.
+- [ ] I have performed a self-review of my own code.
+- [ ] I have commented my code, particularly in hard-to-understand areas.
+- [ ] I have made corresponding changes to the documentation.

.github/SECURITY.md

@@ -0,0 +1,45 @@
+# Security Guidelines
+
+## How security is managed on this project
+
+The foomo team and community take security seriously and wants to ensure that
+we maintain a secure environment and provide secure solutions for the open
+source community. To help us achieve these goals, please note the
+following before using this software:
+
+- Review the software license to understand the contributor's obligations in
+  terms of warranties and suitability for purpose
+- For any questions or concerns about security, you can
+  [create an issue][new-issue] or [report a vulnerability][new-sec-issue]
+- We request that you work with our security team and opt for
+  responsible disclosure using the guidelines below
+- All security related issues and pull requests you make should be tagged with
+  "security" for easy identification
+- Please monitor this repository and update your environment in a timely manner
+  as we release patches and updates
+
+## Responsibly Disclosing Security Bugs
+
+If you find a security bug in this repository, please work with contributors
+following responsible disclosure principles and these guidelines:
+
+- Do not submit a normal issue or pull request in our public repository, instead
+  [report it directly][new-sec-issue].
+- We will review your submission and may follow up for additional details
+- If you have a patch, we will review it and approve it privately; once approved
+  for release you can submit it as a pull request publicly in the repository (we
+  give credit where credit is due)
+- We will keep you informed during our investigation, feel free to check in for
+  a status update
+- We will release the fix and publicly disclose the issue as soon as possible,
+  but want to ensure we due properly due diligence before releasing
+- Please do not publicly blog or post about the security issue until after we
+  have updated the public repo so that other downstream users have an opportunity
+  to patch
+
+## Contact / Misc
+
+If you have any questions, please reach out directly by [creating an issue][new-issue].
+
+[new-issue]: https://github.com/foomo/contentserver/issues/new/choose
+[new-sec-issue]: https://github.com/foomo/contentserver/security/advisories/new

.github/dependabot.yml

@@ -1,14 +1,52 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 version: 2
+
 updates:
   - package-ecosystem: github-actions
+    open-pull-requests-limit: 1
     directory: '/'
     schedule:
-      interval: weekly
+      day: 'sunday'
-  - package-ecosystem: gomod
+      interval: 'weekly'
+    groups:
+      github-actions:
+        patterns: ['*']
+
+  - package-ecosystem: 'gomod'
+    open-pull-requests-limit: 1
     directory: '/'
     schedule:
-      interval: weekly
+      day: 'sunday'
+      interval: 'weekly'
+    groups:
+      gomod-security:
+        applies-to: security-updates
+        update-types: ['minor', 'patch']
+        patterns: ['*']
+      gomod-update:
+        applies-to: version-updates
+        update-types: ['minor', 'patch']
+        patterns: ['*']
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
   - package-ecosystem: docker
+    open-pull-requests-limit: 1
     directory: '/build'
     schedule:
-      interval: weekly
+      day: 'sunday'
+      interval: 'weekly'
+    groups:
+      docker-security:
+        applies-to: security-updates
+        update-types: ['minor', 'patch']
+        patterns: ['*']
+      docker-update:
+        applies-to: version-updates
+        update-types: ['minor', 'patch']
+        patterns: ['*']
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]