From 1da986a0f4ff2d92ab888494e1b7df2a11b756d5 Mon Sep 17 00:00:00 2001
From: Claude <developers@lethean.io>
Date: Mon, 23 Feb 2026 03:28:02 +0000
Subject: [PATCH] ci: add Forgejo Actions test and security scan workflows

Uses reusable workflows from core/go-devops for Go testing
(with race detector and coverage) and security scanning
(govulncheck, gitleaks, trivy).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .forgejo/workflows/security-scan.yml | 12 ++++++++++++
 .forgejo/workflows/test.yml          | 23 +++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 .forgejo/workflows/security-scan.yml
 create mode 100644 .forgejo/workflows/test.yml

diff --git a/.forgejo/workflows/security-scan.yml b/.forgejo/workflows/security-scan.yml
new file mode 100644
index 0000000..1b5530d
--- /dev/null
+++ b/.forgejo/workflows/security-scan.yml
@@ -0,0 +1,12 @@
+name: Security Scan
+
+on:
+  push:
+    branches: [main, dev, 'feat/*']
+  pull_request:
+    branches: [main]
+
+jobs:
+  security:
+    uses: core/go-devops/.forgejo/workflows/security-scan.yml@main
+    secrets: inherit
diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
new file mode 100644
index 0000000..57926d3
--- /dev/null
+++ b/.forgejo/workflows/test.yml
@@ -0,0 +1,23 @@
+name: Test
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.26'
+      - name: Install C dependencies
+        run: sudo apt-get update && sudo apt-get install -y gcc g++ libsodium-dev
+      - name: Test
+        run: CGO_ENABLED=1 go test -v -race ./...
+      - name: Vet
+        run: go vet ./...