Audit and optimize GitHub repo settings for public open-source launch

[dhilgaertner]

Summary

Before launching Citadel publicly, audit the GitHub repository settings, permissions, and features across both the citadel and citadel-helm repos to ensure everything is configured for a successful open-source project. The goal is to create a welcoming contributor experience while maintaining control over the codebase.

Access & Permissions

• Branch protection on main — Require PR reviews, status checks, and no direct pushes
• Restrict push access — Only Radius Method employees can push directly; external contributors must fork and submit PRs
• Enable issue creation for public — Anyone can open issues
• Enable PR creation for public — Anyone can submit pull requests from forks
• Review CODEOWNERS file — Ensure appropriate team members are auto-assigned as reviewers
• Set default branch — Confirm main is the default branch

GitHub Features to Enable/Leverage

Community & Contributor Experience

• Issue templates — Create templates for bug reports, feature requests, and questions to standardize submissions
• Pull request template — Guide contributors on what to include (description, testing, screenshots)
• Contributing guide (CONTRIBUTING.md) — Document how to set up the dev environment, coding standards, PR process
• Code of Conduct (CODE_OF_CONDUCT.md) — Adopt a standard code of conduct (e.g., Contributor Covenant)
• Security policy (SECURITY.md) — Document how to report vulnerabilities responsibly
• LICENSE file — Confirm the license is present and correct

Repository Features

• Discussions — Enable GitHub Discussions for Q&A, feature brainstorming, and community conversations (keeps issues clean for bugs/features)
• Wiki — Consider enabling for extended documentation, or link to external docs site
• Sponsorship — Consider enabling GitHub Sponsors if applicable
• Topics/Tags — Add relevant topics (e.g., ai-gateway, llm, proxy, golang, helm, kubernetes) for discoverability
• Description & URL — Set a compelling repo description and link to docs/website
• Social preview image — Add an Open Graph image for link previews

Automation & Quality

• GitHub Actions CI — Ensure CI runs on PRs from forks (with appropriate secret handling)
• Dependabot — Enable for dependency updates (Go modules, npm, Docker base images)
• Branch auto-delete — Enable automatic deletion of merged PR branches
• Require signed commits — Consider requiring GPG/SSH signed commits
• Status checks — Ensure required checks (lint, test, build) are configured as required for merging
• Auto-merge — Enable for PRs that pass all checks and have approvals (optional)

Release Management

• Releases — Set up GitHub Releases with changelogs for each version
• Release automation — Consider automated release notes generation
• Packages — Ensure container images are published to GitHub Container Registry or appropriate registry
• Tags — Ensure semantic versioning is being followed

Security

• Secret scanning — Enable to catch accidentally committed credentials
• Code scanning (CodeQL) — Enable for automated vulnerability detection
• Dependency graph — Enable for visibility into dependency tree
• Private vulnerability reporting — Enable so security researchers can report issues privately

Labels

• Standardize labels — Set up a consistent label taxonomy:
  • Type: bug, feature, enhancement, documentation, question
  • Priority: priority/critical, priority/high, priority/medium, priority/low
  • Status: good first issue, help wanted, wontfix, duplicate
  • Component: frontend, backend, helm, api, docs

Applies To

This audit should be applied to both repos:

• radiusmethod/citadel (the app)
• radiusmethod/citadel-helm (the Helm chart)

Acceptance Criteria

• External users can create issues and submit PRs
• Only Radius Method team members can push to protected branches
• All recommended GitHub features are evaluated and enabled where appropriate
• Community files (CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, templates) are in place
• CI/CD runs correctly on external PRs
• Repository looks professional and discoverable (description, topics, social preview)