MAT-6726 setting up repo protection

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Code owners:
+* @MeasureAuthoringTool/madie-developers

.github/pull_request_template.md

@@ -0,0 +1,27 @@
+## MADiE PR
+
+Jira Ticket: [MAT-0000](https://jira.cms.gov/browse/MAT-0000)
+(Optional) Related Tickets:
+
+### Summary
+
+### All Submissions
+* [ ] This PR has the JIRA linked.
+* [ ] Required tests are included.
+* [ ] No extemporaneous files are included (i.e Complied files or testing results).
+* [ ] This PR is merging into the **correct branch**.
+* [ ] All Documentation needed for this PR is Complete (or noted in a TODO or other Ticket).
+* [ ] Any breaking changes or failing automations are noted by placing a comment on this PR.
+
+### DevSecOps
+If there is a question if this PR has a security or infrastructure impact, please contact the Security or DevOps engineer assigned to this project to discuss it further.
+
+* [ ] This PR has NO significant security impact (i.e Changing auth methods, Adding a new user type, Adding a required but vulnerable package).
+* [ ] All CDN/Web dependencies are hosted internally (i.e MADiE-Root Repo).
+
+### Reviewers
+By Approving this PR you are attesting to the following:
+
+*  Code is maintainable and reusable, reuses existing code and infrastructure where appropriate, and accomplishes the task’s purpose.
+*  The tests appropriately test the new code, including edge cases.
+*  If you have any concerns they are brought up either to the developer assigned, security engineer, or leads.

.github/workflows/gitleaks.yml

@@ -0,0 +1,29 @@
+# @format
+
+name: Github Secrets Scanner
+
+on: [push]
+
+jobs:
+  gitleaks_scan:
+    runs-on: ubuntu-latest
+    env:
+      REPO: https://github.com/MeasureAuthoringTool/excel-export
+      REMOTE_EXCLUDES_URL: https://raw.githubusercontent.com/semanticbits/bmat-gitleaks-automation/master/madie-measure/gitleaks.toml
+      GITLEAKS_VERSION: v7.5.0
+    steps:
+      - name: Execute Gitleaks
+        run: |
+          wget ${REMOTE_EXCLUDES_URL} -O gitleaks.toml
+          wget https://github.com/zricethezav/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks-linux-amd64 -O gitleaks
+          chmod +x gitleaks
+          echo ${GITHUB_SHA}
+          echo "gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml"
+          ./gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml
+      - name: Slack notification
+        if: failure()
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+        uses: Ilshidur/action-slack@master
+        with:
+          args: "Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks"

.github/workflows/unit_test_coverage.yml

@@ -0,0 +1,100 @@
+# This workflow will do the following:
+# - perform a clean install of node dependencies
+# - lint the source code for errors
+# - build the source code
+# - run tests and capture code coverage
+# - run end-to-end tests
+# - upload the code coverage report to Codacy
+# - upload the code coverage report to Codecov
+
+name: Continuous Integration
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  build:
+    name: Checkout, install, lint, build and test with coverage
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20.x
+
+      - name: Cache node modules
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-node-modules
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Install node dependencies
+        run: npm ci
+
+      - name: Audit dependencies for security vulnerabilities
+        run: npm audit --production
+
+      - name: Lint the source code
+        run: npm run-script lint
+
+      - name: Check prettier formatting
+        run: npm run-script check-format
+
+      - name: Build the source code
+        run: npm run build
+
+      - name: Execute test coverage
+        run: npm run-script coverage
+
+      - name: Store the coverage report as an artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: coverage
+          path: coverage/lcov.info
+
+  upload-codacy-coverage:
+    name: Upload code coverage to Codacy
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download coverage artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: coverage
+
+      - name: Upload code coverage to Codacy
+        uses: codacy/codacy-coverage-reporter-action@master
+        with:
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          coverage-reports: lcov.info
+
+  upload-codecov-coverage:
+    name: Upload code coverage to Codecov
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download coverage artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: coverage
+
+      - name: Upload code coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          file: lcov.info
+          fail_ci_if_error: true