platform9 · cruizen · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -1,4 +1,2 @@
-.github/
-.gitpod.yml
 bin/
 tmp/
diff --git a/.editorconfig b/.editorconfig
@@ -19,3 +19,6 @@ indent_style = tab
 
 [{config.yaml.dist,config.dev.yaml}]
 indent_size = 2
+
+[.golangci.yaml]
+indent_size = 2
diff --git a/.envrc b/.envrc
@@ -1,6 +1,6 @@
-if ! has nix_direnv_version || ! nix_direnv_version 1.5.0; then
-  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.0/direnvrc" "sha256-carKk9aUFHMuHt+IWh74hFj58nY4K3uywpZbwXX0BTI="
+if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
 fi
-use flake
+use flake . --impure
 
 dotenv_if_exists
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,9 @@
 blank_issues_enabled: false
 contact_links:
+  - name: 📖 Documentation enhancement
+    url: https://github.com/dexidp/website/issues
+    about: Suggest an improvement to the documentation
+
   - name: ❓ Ask a question
     url: https://github.com/dexidp/dex/discussions/new?category=q-a
     about: Ask and discuss questions with other Dex community members
@@ -13,5 +17,5 @@ contact_links:
     about: Please ask and answer questions here
 
   - name: 💡 Dex Enhancement Proposal
-    url: https://github.com/dexidp/dex/tree/master/enhancements/README.md
+    url: https://github.com/dexidp/dex/tree/master/docs/enhancements/README.md
     about: Open a proposal for significant architectural change
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -21,15 +21,3 @@ Thank you for sending a pull request! Here are some tips for contributors:
 -->
 
 #### Special notes for your reviewer
-
-#### Does this PR introduce a user-facing change?
-
-<!--
-If no, just write "NONE" in the release-note block below.
-If yes, a release note is required:
-Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
--->
-
-```release-note
-
-```
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -11,10 +11,10 @@ to confirm receipt of the issue.
 ## Review Process
 
 Once a maintainer has confirmed the relevance of the report, a draft security
-advisory will be created on Github. The draft advisory will be used to discuss
+advisory will be created on GitHub. The draft advisory will be used to discuss
 the issue with maintainers, the reporter(s).
 If the reporter(s) wishes to participate in this discussion, then provide
-reporter Github username(s) to be invited to the discussion. If the reporter(s)
+reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
 does not wish to participate directly in the discussion, then the reporter(s)
 can request to be updated regularly via email.
 

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -7,6 +7,10 @@ updates:
       - "area/dependencies"
     schedule:
       interval: "daily"
+    groups:
+      etcd:
+        patterns:
+          - "go.etcd.io/*"
 
   - package-ecosystem: "gomod"
     directory: "/api/v2"
@@ -15,6 +19,13 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "gomod"
+    directory: "/examples"
+    labels:
+      - "area/dependencies"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "docker"
     directory: "/"
     labels:

diff --git a/.github/workflows/analysis-scorecard.yaml b/.github/workflows/analysis-scorecard.yaml
@@ -0,0 +1,47 @@
+name: OpenSSF Scorecard
+
+on:
+  branch_protection_rule:
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '30 0 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload results as artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: OpenSSF Scorecard results
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
+        with:
+          sarif_file: results.sarif