deps(actions): bump dorny/paths-filter from 3 to 4

.gitattributes

@@ -0,0 +1,2 @@
+.github/workflows/*.lock.yml linguist-generated=true merge=ours
+.github/workflows/*.campaign.g.md linguist-generated=true merge=ours

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# TODO: Replace with your team's GitHub usernames or team names
+# See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default owners for everything in the repo
+# * @llm-d/your-team

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,72 @@
+name: Bug Report
+description: File a bug report.
+title: "[Bug]: "
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Describe the bug and expected behavior
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: What version are you running? (e.g., v0.1.0, commit SHA, or "main")
+      placeholder: v0.1.0
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: How can we reproduce this issue?
+      placeholder: |
+        1. Deploy with config...
+        2. Send request to...
+        3. Observe error...
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: |
+        Please provide relevant environment details.
+      placeholder: |
+        - Kubernetes version:
+        - Cloud provider:
+        - GPU type:
+        - OS:
+      render: markdown
+    validations:
+      required: false
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code.
+      render: shell
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions & Discussion
+    url: https://github.com/llm-d/llm-d/discussions
+    about: Ask questions and discuss ideas in the llm-d community
+  - name: Slack
+    url: https://cloud-native.slack.com/archives/llm-d
+    about: Chat with the community on Slack

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,65 @@
+name: Feature Request
+description: Suggest a new feature or improvement.
+title: "[Feature]: "
+labels: ["enhancement", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Feature Request
+
+        Thank you for suggesting an improvement! Please fill in the details below.
+
+        Before opening a new feature request, please check
+        [existing issues](https://github.com/llm-d/llm-d-prism/issues)
+        to see if a similar request already exists.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem Statement
+      description: |
+        What problem does this feature solve? Describe the use case or pain point.
+      placeholder: "I'm always frustrated when..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: |
+        Describe the solution you'd like. Be as specific as possible about
+        expected behavior and user experience.
+      placeholder: "Ideally, it would..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Describe any alternative solutions or workarounds you've considered.
+    validations:
+      required: false
+
+  - type: dropdown
+    id: contribution
+    attributes:
+      label: Willingness to Contribute
+      description: Would you be willing to help implement this feature?
+      options:
+        - "Yes, I can submit a PR"
+        - "Yes, with guidance"
+        - "No, but I can help test"
+        - "No"
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context, screenshots, links, or references.
+    validations:
+      required: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,26 @@
+## What does this PR do?
+
+<!-- Describe the changes and their purpose -->
+
+## Why is this change needed?
+
+<!-- Explain the motivation: bug fix, feature request, performance improvement, etc. -->
+
+## How was this tested?
+
+<!-- Describe how you verified the changes work correctly -->
+- [ ] Unit tests added/updated
+- [ ] Integration/e2e tests added/updated
+- [ ] Manual testing performed
+
+## Checklist
+
+- [ ] Commits are signed off (`git commit -s`) per [DCO](PR_SIGNOFF.md)
+- [ ] Code follows project [contributing guidelines](CONTRIBUTING.md)
+- [ ] Tests pass locally (`make test`)
+- [ ] Linters pass (`make lint`)
+- [ ] Documentation updated (if applicable)
+
+## Related Issues
+
+<!-- Link to related issues: Fixes #123, Related to #456 -->

.github/actions/docker-build-and-push/action.yml

@@ -0,0 +1,54 @@
+name: Docker Build and Push
+description: Build and push multi-arch container image to ghcr.io
+
+inputs:
+  image-name:
+    required: true
+    description: Image name (e.g., my-project)
+  tag:
+    required: true
+    description: Image tag (e.g., v0.1.0)
+  github-token:
+    required: true
+    description: GitHub token for ghcr.io login
+  registry:
+    required: false
+    description: Container registry
+    default: ghcr.io/llm-d
+  platforms:
+    required: false
+    description: Target platforms
+    default: linux/amd64,linux/arm64
+  prerelease:
+    required: false
+    description: If true, skip tagging as 'latest'
+    default: "false"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to GitHub Container Registry
+      run: echo "${{ inputs.github-token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      shell: bash
+
+    - name: Build and push image
+      run: |
+        if [[ "${{ inputs.prerelease }}" == "true" ]]; then
+          LATEST_TAG=""
+        else
+          LATEST_TAG="-t ${{ inputs.registry }}/${{ inputs.image-name }}:latest"
+        fi
+        docker buildx build \
+          --platform ${{ inputs.platforms }} \
+          --push \
+          --annotation "index:org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" \
+          --annotation "index:org.opencontainers.image.licenses=Apache-2.0" \
+          -t ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} \
+          ${LATEST_TAG} .
+      shell: bash

.github/actions/trivy-scan/action.yml

@@ -0,0 +1,26 @@
+name: Trivy Security Scan
+description: Scan container image for HIGH and CRITICAL vulnerabilities
+
+inputs:
+  image:
+    required: true
+    description: Container image to scan (e.g., ghcr.io/llm-d/my-project:v0.1.0)
+  severity:
+    required: false
+    description: Severity levels to report
+    default: HIGH,CRITICAL
+  exit-code:
+    required: false
+    description: Exit code when vulnerabilities are found (0 = warn only, 1 = fail)
+    default: "0"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ inputs.image }}
+        format: table
+        severity: ${{ inputs.severity }}
+        exit-code: ${{ inputs.exit-code }}

.github/dependabot.yml

@@ -0,0 +1,71 @@
+# Canonical Dependabot configuration for llm-d repos
+# Copy this file to .github/dependabot.yml in your repo
+#
+# Covers: Go modules, GitHub Actions, Docker base images
+# Remove sections that don't apply to your repo
+
+version: 2
+updates:
+
+  # Go module updates
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    commit-message:
+      prefix: "deps(go)"
+    labels:
+      - "dependencies"
+      - "release-note-none"
+    ignore:
+      # Ignore major and minor updates to Go toolchain
+      - dependency-name: "go"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore major and minor version updates to k8s packages
+      - dependency-name: "k8s.io/*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "sigs.k8s.io/*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore major updates for all packages
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+    groups:
+      kubernetes:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+      go-dependencies:
+        patterns:
+          - "*"
+
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "release-note-none"
+    commit-message:
+      prefix: "deps(actions)"
+
+  # Docker base image updates
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "deps(docker)"
+
+  # Python dependencies (uncomment if repo uses pip/requirements.txt)
+  # - package-ecosystem: "pip"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "weekly"
+  #   labels:
+  #     - "dependencies"
+  #   commit-message:
+  #     prefix: "deps(pip)"