ci: migrate governance workflows to reusable + add gh-aw checks

- Replace 7 inline governance workflows (prow, stale/unstale,
  signed-commits, non-main-gatekeeper) with thin callers to
  llm-d/llm-d-infra reusable workflows
- Add .pre-commit-config.yaml with file hygiene, shellcheck,
  hadolint, markdownlint, yamllint, and zizmor hooks
- Add pre-commit CI job to ci-pr-checks.yaml
- Replace standalone check-typos.yaml and md-link-check.yml with
  gh-aw AI-powered typo-checker and link-checker workflows
- Add copilot-setup-steps.yml, actions-lock.json, and .gitattributes
  for gh-aw infrastructure

Signed-off-by: Andy Anderson <andy@clubanderson.com>
Signed-off-by: Andrew Anderson <andy@clubanderson.com>

Author: clubanderson

.gitattributes

@@ -0,0 +1,2 @@
+.github/workflows/*.lock.yml linguist-generated=true merge=ours
+.github/workflows/*.campaign.g.md linguist-generated=true merge=ours

.github/aw/actions-lock.json

@@ -0,0 +1,14 @@
+{
+  "entries": {
+    "actions/github-script@v8": {
+      "repo": "actions/github-script",
+      "version": "v8",
+      "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
+    },
+    "github/gh-aw/actions/setup@v0.45.0": {
+      "repo": "github/gh-aw/actions/setup",
+      "version": "v0.45.0",
+      "sha": "58d1d157fbac0f1204798500faefc4f7461ebe28"
+    }
+  }
+}

.github/workflows/check-typos.yaml

@@ -9,6 +9,26 @@ on:
       - main
 
 jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install pre-commit and tools
+        run: |
+          pip install pre-commit
+          sudo apt-get update && sudo apt-get install -y shellcheck
+          curl -sL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && chmod +x /usr/local/bin/hadolint
+
+      - name: Run pre-commit
+        run: pre-commit run --all-files
+
   check-changes:
     runs-on: ubuntu-latest
     outputs:

.github/workflows/ci-pr-checks.yaml

@@ -1,20 +1,8 @@
-name: Check Signed Commits in PR
-
-on:
-  pull_request_target:
-
+name: Check Signed Commits
+on: pull_request_target # zizmor: ignore[dangerous-triggers]
 jobs:
-  check-signed-commits:
-    name: Check signed commits in PR
-    runs-on: ubuntu-latest
+  signed-commits:
+    uses: llm-d/llm-d-infra/.github/workflows/reusable-signed-commits.yml@main
     permissions:
       contents: read
-      pull-requests: write # Required to post comments on PRs
-    steps:
-      - name: Check signed commits in PR
-        uses: 1Password/check-signed-commits-action@v1 # Use the action
-        with:
-          comment: |
-            🚨 Unsigned commits detected! Please sign your commits.
-
-            For instructions on how to set up GPG/SSH signing and verify your commits, please see [GitHub Documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification).
+      pull-requests: write

.github/workflows/ci-signed-commits.yaml

@@ -0,0 +1,20 @@
+name: "Copilot Setup Steps"
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Install gh-aw extension
+        run: |
+          curl -fsSL https://raw.githubusercontent.com/githubnext/gh-aw/refs/heads/main/install-gh-aw.sh | bash
+
+      - name: Verify gh-aw installation
+        run: gh aw version