added badge workflows

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

.github/workflows/benchmark_tracking_controller.yml

@@ -0,0 +1,38 @@
+---
+
+# GitHub schedules all cron jobs in UTC.
+# This expression will run the job every day at 9 AM Eastern Time during Daylight Saving Time (mid-March to early November).
+# This expression will run the job every day at 8 AM Eastern Time during Standard Time (early November to mid-March).
+
+name: Central Benchmark Orchestrator
+
+on:
+  push:
+    branches:
+      - latest
+  schedule:
+    - cron: '0 6 * * *'  # Runs daily at 9 AM ET
+  workflow_dispatch:
+
+jobs:
+  call-benchmark-tracker:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == 'latest')
+    name: Start Benchmark Tracker
+    uses: ansible-lockdown/github_linux_IaC/.github/workflows/benchmark_track.yml@self_hosted
+    with:
+      repo_name: ${{ github.repository }}
+    secrets:
+      TEAMS_WEBHOOK_URL: ${{ secrets.TEAMS_WEBHOOK_URL }}
+      BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}
+      DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
+
+  call-monitor-promotions:
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    name: Monitor Promotions and Auto-Promote
+    uses: ansible-lockdown/github_linux_IaC/.github/workflows/benchmark_promote.yml@self_hosted
+    with:
+      repo_name: ${{ github.repository }}
+    secrets:
+      TEAMS_WEBHOOK_URL: ${{ secrets.TEAMS_WEBHOOK_URL }}
+      BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}
+      DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}

.github/workflows/export_badges_private.yml

@@ -0,0 +1,27 @@
+---
+
+name: Export Private Repo Badges
+
+# Use different minute offsets with the same hourly pattern:
+# Repo Group Suggested Cron Expression Explanation
+# Group A 0 */6 * * * Starts at top of hour
+# Group B 10 */6 * * * Starts at 10 after
+# And So On
+
+on:
+  push:
+    branches:
+      - latest
+  schedule:
+    - cron: '0 */6 * * *'
+  workflow_dispatch:
+
+jobs:
+  export-badges:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'schedule' && startsWith(github.repository, 'ansible-lockdown/Private-')) || (github.event_name == 'push' && github.ref_name == 'latest')
+    uses: ansible-lockdown/github_linux_IaC/.github/workflows/export_badges_private.yml@self_hosted
+    with:
+      # Full org/repo path passed for GitHub API calls (e.g., ansible-lockdown/Private-Windows-2016-CIS)
+      repo_name: ${{ github.repository }}
+    secrets:
+      BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}

.github/workflows/export_badges_public.yml

@@ -0,0 +1,19 @@
+---
+
+name: Export Public Repo Badges
+
+on:
+  push:
+    branches:
+      - main
+      - devel
+  workflow_dispatch:
+
+jobs:
+  export-badges:
+    if: github.repository_visibility == 'public' && (github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (github.ref_name == 'devel' || github.ref_name == 'main')))
+    uses: ansible-lockdown/github_linux_IaC/.github/workflows/export_badges_public.yml@self_hosted
+    with:
+      repo_name: ${{ github.repository }}
+    secrets:
+      BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}