Feat/setup

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.github/workflows/bandit.yml

@@ -0,0 +1,65 @@
+name: Bandit
+
+on:
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+
+jobs:
+  analyze:
+    runs-on: 'ubuntu-latest'
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    steps:
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.9
+
+    - name: Install Bandit
+      shell: bash
+      run: pip install bandit[sarif]
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.RELEASE_TOKEN }}
+
+    - name: Run Bandit - Generate SARIF report and check for HIGH severity issues
+      id: high_severity_check
+      shell: bash
+      run: |
+        # Run Bandit to generate SARIF report
+        bandit . -r -c ipas_default.config -f sarif -o results.sarif || true
+
+        # Check the SARIF report for high severity issues
+        if grep -q '"SEVERITY.HIGH": [1-9]' results.sarif; then
+          echo "HIGH severity issues found! Workflow will fail after reporting."
+          echo "high_severity_issues=true" >> $GITHUB_OUTPUT
+        else
+          echo "No HIGH severity issues found!"
+        fi
+
+    - name: Upload SARIF results
+      uses: actions/upload-artifact@v4
+      with:
+        name: bandit-results
+        path: results.sarif
+
+    - name: Upload SARIF to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: results.sarif
+        category: bandit
+
+    - name: Fail workflow if HIGH severity issues were found
+      if: steps.high_severity_check.outputs.high_severity_issues == 'true'
+      shell: bash
+      run: |
+        echo "ERROR: HIGH severity security issues were found by Bandit."
+        echo "Review the security report and fix all HIGH severity issues before merging."
+        exit 1

.github/workflows/check-build.yml

@@ -0,0 +1,43 @@
+name: Check build
+
+on:
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+
+jobs:
+  build-test:
+    runs-on: 'ubuntu-latest'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set Up Python
+        uses: actions/setup-python@v4
+        with:
+          cache: 'pip'
+          cache-dependency-path: 'requirements.txt'
+          python-version: '3.8.18'
+
+      - name: Install Dependencies
+        shell: bash
+        run: |
+          pip install -r requirements.txt
+          pip install --upgrade build
+
+      - name: Build
+        shell: python
+        run: |
+          import os
+          import subprocess
+
+          def build_wheel():
+              if not os.path.exists('dist'):
+                  os.makedirs('dist')
+              subprocess.check_call([ 'python', '-m', 'build', '--wheel' ])
+
+          build_wheel()
+

.github/workflows/semantic-release.yml

@@ -0,0 +1,51 @@
+name: semantic release
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  GH_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Reset branch
+        run: |
+          git reset --hard ${{ github.sha }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.8.18'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install setuptools wheel python-semantic-release build
+
+      - name: Release
+        run: |
+          # symbolic link to fix an error when running a build_command
+          sudo ln -s /home/runner/_work/_tool/Python/3.8.18/x64/lib/libpython3.8.so.1.0 /usr/lib/libpython3.8.so.1.0
+          semantic-release version
+          semantic-release publish

.gitignore

@@ -0,0 +1,114 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docsrc/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ip
+
+# macOS
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+# macOS 11.0 and later
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Virtualenv
+.env/
+.venv/
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/

CHANGELOG.md

@@ -0,0 +1 @@
+# CHANGELOG

CONTRIBUTING.md

@@ -2,7 +2,8 @@
 
 ### License
 
-<PROJECT NAME> is licensed under the terms in [LICENSE]<link to license file in repo>. By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms.
+Intel® Gradio Theme is licensed under the terms in [LICENSE](https://github.com/intel/intel-gradio-theme/blob/main/LICENSE.md). By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms.
+
 
 ### Sign your work