🌱 Standardize governance workflows, pre-commit, and remove legacy CI

- Add dependabot.yml for automated dependency updates
- Add pre-commit config with trailing-whitespace, end-of-file-fixer,
  check-yaml, check-json, shellcheck, hadolint, markdownlint, yamllint
- Add markdownlint and yamllint configs with relaxed rules for existing code
- Install hadolint in CI workflow for Dockerfile linting
- Add agentic workflows: link-checker, typo-checker, upstream-monitor
- Add copilot-setup-steps and actions-lock for agentic workflow support
- Add docs/upstream-versions.md for dependency tracking
- Remove legacy crate-ci/typos and check-typos workflows (replaced by
  agentic typo-checker)
- Remove legacy md-link-check workflow (replaced by agentic link-checker)
- Fix existing code issues: trailing whitespace, missing EOF newlines,
  shellcheck warnings, YAML indentation, markdownlint auto-fixes

Signed-off-by: Andy Anderson <andy@clubanderson.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Andrew Anderson <andy@clubanderson.com>

Author: clubanderson

.gitattributes

@@ -0,0 +1,2 @@
+.github/workflows/*.lock.yml linguist-generated=true merge=ours
+.github/workflows/*.campaign.g.md linguist-generated=true merge=ours

.github/ISSUE_TEMPLATE/blank_issue.md

@@ -5,4 +5,4 @@ title: ''
 labels: needs-triage
 assignees: ''
 
----
+---

.github/ISSUE_TEMPLATE/bug_report.md

@@ -20,6 +20,7 @@ assignees: ''
 **Anything else we need to know?**:
 
 **Environment**:
+
 - Kubernetes version (use `kubectl version`):
 - llm-d-scheduler version (use `git describe --tags --dirty --always` if you built from source, or specify the tag if you used a tagged version or image):
 - Cloud provider or hardware configuration:

.github/ISSUE_TEMPLATE/new-release.md

@@ -35,6 +35,7 @@ This document defines the process for releasing llm-d-inference-scheduler.
    ```shell
    export RC=1
    ```
+
 1. If needed, clone the llm-d-inference-scheduler [repo].
 
    ```shell
@@ -43,7 +44,7 @@ This document defines the process for releasing llm-d-inference-scheduler.
 
 ## Release Process
 
-### Create or Checkout branch 
+### Create or Checkout branch
 
 1. If you already have the repo cloned, ensure it’s up-to-date and your local branch is clean.
 
@@ -101,7 +102,7 @@ This document defines the process for releasing llm-d-inference-scheduler.
 1. Pushing the tag triggers CI action to build and publish the container image to the [ghcr registry].
 1. Test the steps in the tagged quickstart guide after the PR merges. TODO add e2e tests! <!-- link to an e2e tests once we have such one -->
 
-### Create the release!
+### Create the release
 
 1. Create a [new release]:
     1. Choose the tag that you created for the release.

.github/aw/actions-lock.json

@@ -0,0 +1,14 @@
+{
+  "entries": {
+    "actions/github-script@v8": {
+      "repo": "actions/github-script",
+      "version": "v8",
+      "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
+    },
+    "github/gh-aw/actions/setup@v0.45.0": {
+      "repo": "github/gh-aw/actions/setup",
+      "version": "v0.45.0",
+      "sha": "58d1d157fbac0f1204798500faefc4f7461ebe28"
+    }
+  }
+}

.github/dependabot.yml

@@ -26,7 +26,7 @@ updates:
         update-types: ["version-update:semver-major", "version-update:semver-minor"]
       # Ignore major updates for all packages
       - dependency-name: "*"
-        update-types: ["version-update:semver-major"]        
+        update-types: ["version-update:semver-major"]
     groups:
       go-dependencies:
         patterns:

.github/workflows/auto-assign.yaml

@@ -83,4 +83,4 @@ jobs:
             -H "Accept: application/vnd.github.v3+json" \
             "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/requested_reviewers" \
             -d "{\"reviewers\": $payload}" \
-            | jq -r '.message? // "ok"'
+            | jq -r '.message? // "ok"'

.github/workflows/check-typos.yaml

@@ -40,8 +40,19 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v6
 
-      - name: Sanity check repo contents
-        run: ls -la
+      - name: Set up Python (for pre-commit and CGO)
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install hadolint
+        run: |
+          curl -sL -o /usr/local/bin/hadolint \
+            https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
+          chmod +x /usr/local/bin/hadolint
+
+      - name: Run pre-commit checks
+        uses: pre-commit/action@v3.0.1
 
       - name: Extract Go version from go.mod
         run: sed -En 's/^go (.*)$/GO_VERSION=\1/p' go.mod >> $GITHUB_ENV
@@ -71,7 +82,7 @@ jobs:
       - name: Run lint checks
         uses: golangci/golangci-lint-action@v9
         with:
-          version: "v2.8.0"
+          version: "v2.1.6"
           args: "--config=./.golangci.yml"
           skip-cache: true
         env:

.github/workflows/ci-pr-checks.yaml

@@ -1,20 +1,9 @@
-name: Check Signed Commits in PR
-
-on:
-  pull_request_target:
+name: Check Signed Commits
+on: pull_request_target
 
 jobs:
-  check-signed-commits:
-    name: Check signed commits in PR
-    runs-on: ubuntu-latest
+  signed-commits:
+    uses: llm-d/llm-d-infra/.github/workflows/reusable-signed-commits.yml@main
     permissions:
       contents: read
-      pull-requests: write # Required to post comments on PRs
-    steps:
-      - name: Check signed commits in PR
-        uses: 1Password/check-signed-commits-action@v1 # Use the action
-        with:
-          comment: |
-            🚨 Unsigned commits detected! Please sign your commits.
-
-            For instructions on how to set up GPG/SSH signing and verify your commits, please see [GitHub Documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification).
+      pull-requests: write