Update README.md to provide a comprehensive overview of The Order monorepo, including repository structure, quickstart guide, development workflow, and contribution guidelines.

infra/cicd/README.md

@@ -0,0 +1,42 @@
+# CI/CD Templates and Configuration
+
+Reusable CI/CD templates and configuration for The Order.
+
+## Structure
+
+- `templates/` - Reusable CI/CD templates
+- `scripts/` - CI/CD helper scripts
+- `config/` - CI/CD configuration files
+
+## Templates
+
+- `ci-template.yml` - Base CI template
+- `deploy-template.yml` - Deployment template
+- `release-template.yml` - Release template
+
+## Features
+
+- Automated testing
+- Security scanning (Trivy, Grype)
+- SBOM generation (Syft)
+- Image signing (Cosign)
+- Deployment automation
+- Release automation
+
+## Usage
+
+Copy templates to `.github/workflows/` and customize for your needs.
+
+## Security
+
+- All images are signed with Cosign
+- SBOMs are generated for all artifacts
+- Vulnerability scanning on every build
+- Secrets are managed via GitHub Secrets or External Secrets
+
+## Deployment
+
+- Development: Automatic deployment on push to `develop`
+- Staging: Automatic deployment on push to `main`
+- Production: Manual approval required for deployment
+

infra/cicd/templates/ci-template.yml

@@ -0,0 +1,87 @@
+# CI/CD Template
+# This is a reusable template for CI/CD pipelines
+
+name: CI Template
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Type check
+        run: pnpm type-check
+
+      - name: Test
+        run: pnpm test
+
+      - name: Build
+        run: pnpm build
+
+  security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Syft
+        uses: anchore/sbom-action/download-syft@v0
+        with:
+          syft-version: latest
+
+      - name: Generate SBOM
+        run: |
+          syft packages dir:. -o spdx-json > sbom.spdx.json
+          syft packages dir:. -o cyclonedx-json > sbom.cyclonedx.json
+
+      - name: Upload SBOM artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: sbom
+          path: |
+            sbom.spdx.json
+            sbom.cyclonedx.json
+