.devcontainer/devcontainer.json

@@ -0,0 +1,24 @@
+{
+	"image": "mcr.microsoft.com/devcontainers/go:1.23",
+	"features": {
+		"ghcr.io/devcontainers/features/sshd:1": {}
+	},
+	"remoteUser": "vscode",
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"golang.go"
+			],
+			"settings": {
+				"go.toolsManagement.checkForUpdates": "local",
+				"go.useLanguageServer": true,
+				"go.gopath": "/go"
+			}
+		}
+	},
+	"runArgs": [
+		"--cap-add=SYS_PTRACE",
+		"--security-opt",
+		"seccomp=unconfined"
+	]
+}

.github/CODEOWNERS

@@ -0,0 +1,10 @@
+* @cli/code-reviewers
+
+pkg/cmd/codespace/ @cli/codespaces
+internal/codespaces/ @cli/codespaces
+
+# Limit Package Security team ownership to the attestation command package and related integration tests
+pkg/cmd/attestation/ @cli/package-security
+test/integration/attestation-cmd @cli/package-security
+
+pkg/cmd/attestation/verification/embed/tuf-repo.github.com/ @cli/tuf-root-reviewers

.github/CONTRIBUTING.md

@@ -4,33 +4,39 @@ Hi! Thanks for your interest in contributing to the GitHub CLI!
 
 We accept pull requests for bug fixes and features where we've discussed the approach in an issue and given the go-ahead for a community member to work on it. We'd also love to hear about ideas for new features as issues.
 
-Please do:
+### Please do:
 
-* Check existing issues to verify that the [bug][bug issues] or [feature request][feature request issues] has not already been submitted.
-* Open an issue if things aren't working as expected.
-* Open an issue to propose a significant change.
-* Open a pull request to fix a bug.
-* Open a pull request to fix documentation about a command.
-* Open a pull request for any issue labelled [`help wanted`][hw] or [`good first issue`][gfi].
+* Check issues to verify that a [bug][bug issues] or [feature request][feature request issues] issue does not already exist for the same problem or feature
+* Open an issue if things aren't working as expected
+* Open an issue to propose a significant change
+* Open an issue to propose a design for an issue labelled [`needs-design` and `help wanted`][needs design and help wanted], following the [proposing a design guidelines](#proposing-a-design) instructions below
+* Mention `@cli/code-reviewers` when an issue you want to work on does not have clear Acceptance Criteria
+* Open a pull request for any issue labelled [`help wanted`][hw] and [`good first issue`][gfi]
 
-Please avoid:
+### Please _do not_:
 
-* Opening pull requests for issues marked `needs-design`, `needs-investigation`, or `blocked`.
-* Adding installation instructions specifically for your OS/package manager.
-* Opening pull requests for any issue marked `core`. These issues require additional context from
-  the core CLI team at GitHub and any external pull requests will not be accepted.
+* Open a pull request for issues without the `help wanted` label or explicit Acceptance Criteria
+* Expand pull request scope to include changes that are not described in the issue's Acceptance Criteria
+* Add installation instructions specifically for your OS/package manager
+* Open pull requests for any issue marked `core`. These issues require additional context from
+  the core CLI team at GitHub and any external pull requests will not be accepted
 
 ## Building the project
 
 Prerequisites:
-- Go 1.13+ for building the binary
-- Go 1.15+ for running the test suite
+- Go 1.23+
 
-Build with: `make` or `go build -o bin/gh ./cmd/gh`
+Build with:
+* Unix-like systems: `make`
+* Windows: `go run script/build.go`
 
-Run the new binary as: `./bin/gh`
+Run the new binary as:
+* Unix-like systems: `bin/gh`
+* Windows: `bin\gh`
 
-Run tests with: `make test` or `go test ./...`
+Run tests with: `go test ./...`
+
+See [project layout documentation](../docs/project-layout.md) for information on where to find specific source files.
 
 ## Submitting a pull request
 
@@ -44,6 +50,24 @@ Please note that this project adheres to a [Contributor Code of Conduct][code-of
 
 We generate manual pages from source on every release. You do not need to submit pull requests for documentation specifically; manual pages for commands will automatically get updated after your pull requests gets accepted.
 
+## Design guidelines
+
+### Proposing a design
+
+You may propose a design to solve an open bug or feature request issue that has both [the `needs-design` and `help-wanted` labels][needs design and help wanted].
+
+To propose a design:
+
+- Open a new issue using the [design proposal issue template](./ISSUE_TEMPLATE/submit-a-design-proposal.md).
+- Include a link to the issue that the design is for.
+- Describe the design you are proposing to resolve the issue, leveraging the [CLI Design System][].
+- Mock up the design you are proposing using our [Google Docs Template][] or code blocks.
+  - Mock ups should clearly illustrate the command(s) being run and the expected output(s).
+
+### (core team only) Reviewing a design
+
+A member of the core team will [triage](../docs/triage.md) the design proposal. Once a member of the core team has reviewed the design, they may add the [`help wanted`][hw] label to the issue, so a PR can be opened to provide the implementation.
+
 ## Resources
 
 - [How to Contribute to Open Source][]
@@ -52,6 +76,7 @@ We generate manual pages from source on every release. You do not need to submit
 
 
 [bug issues]: https://github.com/cli/cli/issues?q=is%3Aopen+is%3Aissue+label%3Abug
+[needs design and help wanted]: https://github.com/cli/cli/issues?q=state%3Aclosed%20is%3Aissue%20label%3Aneeds-design%20label%3A%22help%20wanted%22
 [feature request issues]: https://github.com/cli/cli/issues?q=is%3Aopen+is%3Aissue+label%3Aenhancement
 [hw]: https://github.com/cli/cli/labels/help%20wanted
 [gfi]: https://github.com/cli/cli/labels/good%20first%20issue
@@ -61,3 +86,5 @@ We generate manual pages from source on every release. You do not need to submit
 [How to Contribute to Open Source]: https://opensource.guide/how-to-contribute/
 [Using Pull Requests]: https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/about-pull-requests
 [GitHub Help]: https://docs.github.com/
+[CLI Design System]: https://primer.style/cli/
+[Google Docs Template]: https://docs.google.com/document/d/1JIRErIUuJ6fTgabiFYfCH3x91pyHuytbfa0QLnTfXKM/edit#heading=h.or54sa47ylpg

.github/ISSUE_TEMPLATE/bug_report.md

@@ -9,7 +9,11 @@ assignees: ''
 
 ### Describe the bug
 
-A clear and concise description of what the bug is. Include version by typing `gh --version`.
+A clear and concise description of what the bug is. 
+
+### Affected version
+
+Please run `gh version` and paste the output below.
 
 ### Steps to reproduce the behavior
 
@@ -24,3 +28,5 @@ A clear and concise description of what you expected to happen and what actually
 ### Logs
 
 Paste the activity from your command line. Redact if needed.
+
+<!-- Note: Set `GH_DEBUG=true` for verbose logs or `GH_DEBUG=api` for verbose logs with HTTP traffic details. -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Ask a question on how to use GitHub CLI
+    about: For general-purpose questions and answers, see the Discussions section.
+    url: https://github.com/cli/cli/discussions
+  - name: Ask a question about the GitHub API
+    about: Please check out the GitHub community forum for discussions about the GitHub API.
+    url: https://github.community/c/github-ecosystem/37

.github/ISSUE_TEMPLATE/submit-a-design-proposal.md

@@ -0,0 +1,58 @@
+---
+name: "🎨 Submit a design proposal"
+about: Submit a design to resolve an open issue that has both `needs-design` and `help-wanted` labels
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+<!-- See [CONTRIBUTING.md](../CONTRIBUTING.md#proposing-a-design) for more information.-->
+
+### Link to issue for design submission
+
+<!-- 
+Provide a link to the issue this design is for.
+
+All design submissions must be linked to an open issue that
+has both the `needs-design` and `help-wanted` labels.
+-->
+
+### Proposed Design
+
+<!--
+Describe the design you are proposing to resolve the issue.
+
+All CLI designs must adhere to the [Primer CLI design reference](https://primer.style/cli/).
+-->
+
+### Mockup
+
+<!--
+Provide a mockup of the design you are proposing. All mockups should clearly illustrate the command(s) being run and the expected output(s). 
+
+When color and formatting are important, consider using our [CLI design Google Docs Template](https://docs.google.com/document/d/1JIRErIUuJ6fTgabiFYfCH3x91pyHuytbfa0QLnTfXKM/edit#heading=h.or54sa47ylpg).
+
+Code blocks can also be used to submit a design mockup - remember to include the command(s) being run. Example:
+
+```shell
+$ gh issue list --json title -L 5
+[
+  {
+    "title": "`gh pr checks <pr> --required` should not fail when there are no required checks"
+  },
+  {
+    "title": "gh pr view commits should include commit description"
+  },
+  {
+    "title": "Adapt the color of the device code to the color used by the terminal"
+  },
+  {
+    "title": "`gh pr create` does not default to fork when user has write access to upstream"
+  },
+  {
+    "title": "First party discussions support"
+  }
+]
+```
+-->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,4 @@
+<!--
+  Thank you for contributing to GitHub CLI!
+  To reference an open issue, please write this in your description: `Fixes #NUMBER`
+-->

.github/SECURITY.md

@@ -1,3 +1,17 @@
-If you discover a security issue in this repository, please submit it through the [GitHub Security Bug Bounty](https://hackerone.com/github).
+GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [cli](https://github.com/cli).
+
+If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:
+
+* Report it to this repository directly using [private vulnerability reporting][].
+  * Include a description of your investigation of the GitHub CLI's codebase and why you believe an exploit is possible.
+  * POCs and links to code are greatly encouraged.
+  * Such reports are not eligible for a bounty reward.
+
+* Submit the report through [HackerOne][] to be eligible for a bounty reward.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
 
 Thanks for helping make GitHub safe for everyone.
+
+  [private vulnerability reporting]: https://github.com/cli/cli/security/advisories
+  [HackerOne]: https://hackerone.com/github

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: "daily"
+  ignore:
+    - dependency-name: "*"
+      update-types:
+        - version-update:semver-minor
+        - version-update:semver-major
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+      interval: "daily"

.github/workflows/codeql.yml

@@ -2,21 +2,37 @@ name: Code Scanning
 
 on:
   push:
+    branches: [trunk]
+  pull_request:
+    branches: [trunk]
+    paths-ignore:
+      - '**/*.md'
   schedule:
     - cron: "0 0 * * 0"
 
+permissions:
+  actions: read  # for github/codeql-action/init to get workflow details
+  contents: read  # for actions/checkout to fetch code
+  security-events: write  # for github/codeql-action/analyze to upload SARIF results
+
 jobs:
   CodeQL-Build:
     runs-on: ubuntu-latest
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v3
         with:
           languages: go
+          queries: security-and-quality
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v3