DBACLD-151564 - Put in place tooling

Author: lgrateau

.github/workflows/check-links.yml

@@ -0,0 +1,25 @@
+name: Check Markdown links
+
+#on:
+#  push:
+#    branches:
+#      - master
+#  pull_request:
+#    branches: [master]
+on: push
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: technote-space/get-diff-action@v6
+        with:
+          PATTERNS: |
+            **/**.md
+
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'yes'
+          config-file: '.md_check_config.json'
+

.github/workflows/detect-secrets.yml

@@ -0,0 +1,34 @@
+name: detect secrets
+
+on: push
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "detect-secrets"
+  detect-secrets:
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+
+      # Checks-out your repository under ${{github.workspace}}, so your job can access it
+      - uses: actions/checkout@v4
+
+      - name: scan all the files (not just the ones committed), generate a report, and check that there are no actual or potential secret
+        run: |
+          docker run --pull=always -a stdout \
+          -v ${{github.workspace}}:/code \
+          --entrypoint /bin/sh \
+          icr.io/git-defenders/detect-secrets:0.13.1.ibm.61.dss-redhat-ubi \
+          -c "detect-secrets --version; 
+              detect-secrets scan --all-files --exclude-files "^.git/.*" --update .secrets.baseline; 
+              detect-secrets audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline" 
+
+      - name: Report Status
+        if: always()
+        uses: ravsamhq/notify-slack-action@master
+        with:
+          status: ${{ job.status }}
+          notify_when: 'failure'
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/stale.yml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}