ci: improve SDLC pipeline readiness and AgentReady score

[maiqueb]

What this PR does / why we need it:
Add dependency security scanning (Dependabot, CodeQL, govulncheck), pre-commit hooks, conventional commit enforcement, issue templates, architecture decision records, and markdownlint config. Upgrade CI action versions, enable Go module caching, and split checks into parallel jobs for faster feedback.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Release note:

NONE

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qinqon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's SDLC pipeline and overall repository maturity. By introducing automated security scanning, standardized development workflows, and optimized CI configurations, the changes ensure better code quality, faster build times, and improved maintainability for current and future contributors.

Highlights

• Security and Compliance: Integrated Dependabot for dependency management, CodeQL for security analysis, and govulncheck to identify vulnerabilities in Go dependencies.
• Development Workflow: Introduced pre-commit hooks for linting and conventional commit enforcement, along with standardized issue templates and Architecture Decision Records (ADRs).
• CI/CD Optimization: Upgraded CI action versions, enabled Go module caching, and parallelized CI jobs to improve pipeline performance and feedback loops.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/checks.yaml
  • .github/workflows/nightly.yaml
  • .github/workflows/publish-img.yaml
  • .github/workflows/security.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces foundational project configurations, including issue templates, dependabot settings, linting rules, pre-commit hooks, and initial Architecture Decision Records (ADRs). Feedback identifies an invalid version for the golangci-lint pre-commit hook and recommends enabling vendoring in Dependabot to maintain consistency with the project's decision to check in the vendor directory.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.