chore: github repository configuration

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @cowprotocol/contracts

.github/pull_request_template.md

@@ -1,7 +1,12 @@
-Closes #issue (optional)
+## Description
 
-_<Context of what this change does, why it is needed and how it is accomplished>_
+<!-- Describe the changes made in your pull request here - what this change does, why it is needed and how it is accomplished -->
 
-### Test Plan
+## Test Plan
 
-_<Explain how you and a reviewer have/intend to test this change>_
+<!-- Explain how you and a reviewer have/intend to test this change -->
+
+## Related Issues
+
+<!-- List related issues here -->
+<!-- Closes #issue (optional) -->

.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: Node.js CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        node-version: [18.x]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+      - id: yarn-cache
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v4
+        with:
+          path: ${{ steps.yarn-cache.outputs.dir }}
+          key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ matrix.os }}-yarn-
+      - run: yarn --frozen-lockfile
+      - run: yarn build
+      - run: yarn lint
+      - run: yarn coverage
+      - run: yarn test:ignored-in-coverage
+      - name: Coveralls
+        uses: coverallsapp/github-action@master
+        continue-on-error: true
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+

.github/workflows/cla.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.2.1
+        uses: contributor-assistant/github-action@v2.4.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN : ${{ secrets.ORG_TOKEN }}

.github/workflows/publish.yml

@@ -7,8 +7,8 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: '18.x'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/review-check.yml

@@ -0,0 +1,63 @@
+name: Enforce Review Rules
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize]
+
+jobs:
+  enforce-review-rules:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Check if PR modifies specific path
+      shell: bash
+      id: check-path
+      run: |
+        BASE_SHA=$(jq -r .pull_request.base.sha < $GITHUB_EVENT_PATH)
+        HEAD_SHA=$(jq -r .pull_request.head.sha < $GITHUB_EVENT_PATH)
+        git fetch origin $BASE_SHA $HEAD_SHA
+        files=$(git diff --name-only $BASE_SHA $HEAD_SHA | tr '\n' ' ')
+        echo "files=$files" >> $GITHUB_OUTPUT
+        if echo "$files" | grep -q 'src/contracts/'; then
+          echo "specific_path=true" >> $GITHUB_OUTPUT
+        else
+          echo "specific_path=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Ensure required reviewers
+      shell: bash
+      id: ensure-reviewers
+      run: |
+        GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+        PR_NUMBER=${{ github.event.pull_request.number }}
+        REPO=${{ github.repository }}
+
+        # Fetch approved and non-dismissed reviews of the PR
+        REVIEWERS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+                    "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/reviews" \
+                    | jq -r '[.[] | select(.state == "APPROVED" and .dismissed_at == null) | .user.login] | unique | .[]')
+
+        if [ $? -ne 0 ]; then
+          echo "Failed to fetch reviews"
+          exit 1
+        fi
+
+        NUM_REVIEWERS=$(echo "$REVIEWERS" | wc -w)
+
+        # Check review requirements
+        if [ "${{ steps.check-path.outputs.specific_path }}" == "true" ]; then
+          if [ "$NUM_REVIEWERS" -lt 2 ]; then
+            echo "Insufficient reviewers for src/contracts/ path. Required: 2 reviewers."
+            echo "review_check_passed=false" >> $GITHUB_OUTPUT
+            exit 1
+          fi
+        fi
+
+        echo "review_check_passed=true" >> $GITHUB_OUTPUT
+
+    - name: Success message
+      if: steps.ensure-reviewers.outputs.review_check_passed == 'true'
+      run: echo "Review checks passed successfully!"