ci: add GitHub Actions workflow (bootstrap for #158)

[pavelzeman]

Adds the GitHub Actions CI workflow to master with the jobs that already pass: lint, Kotlin tests, and build.

TypeScript and unit test jobs are intentionally excluded here — they require fixes (tsconfig.json exclude for example/, --passWithNoTests for Jest) that come in #158.

Merge order:

1. ✅ Merge this PR → master gets a green CI workflow
2. ci: add TypeScript and unit test jobs, fix pre-existing CI failures #158 adds TypeScript + unit test jobs with fixes → validates green before merge

Release Note

NONE

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 045ac9fc-fe51-4718-9f61-5b5d3a3fb260

📥 Commits

Reviewing files that changed from the base of the PR and between 65f6ef7 and ca23f45.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/ci.yml

---

📝 Walkthrough

Walkthrough

Adds a GitHub Actions workflow at .github/workflows/ci.yml that runs on pushes and pull requests to master, configures permissions and concurrency, and defines three jobs: lint, kotlin-tests, and build where build depends on the other two.

Changes

Cohort / File(s)

Summary

CI Workflow .github/workflows/ci.yml

Adds new GitHub Actions CI workflow triggered on push and pull_request to master; sets permissions: contents: read and concurrency with cancel-in-progress: true; defines lint (checkout, Node.js 22 via actions/setup-node@v4, npm cache, npm ci, npm run lint), kotlin-tests (checkout, Java Temurin 17 via actions/setup-java@v4, Gradle cache, runs ./gradlew test in test-runner), and build (needs: [lint, kotlin-tests], checkout, Node.js 22, npm cache, npm ci, npm run prepare). Uses pinned actions for checkout, node, and java.

Sequence Diagram(s)

sequenceDiagram
  participant GitHub as "GitHub Actions"
  participant Repo as "Repository"
  participant Lint as "lint job\n(Node.js 22 / npm)"
  participant Kotlin as "kotlin-tests job\n(Java 17 / Gradle)"
  participant Build as "build job\n(Node.js 22 / npm)"

  GitHub->>Repo: Trigger on push / pull_request to master
  GitHub->>Lint: start lint job
  GitHub->>Kotlin: start kotlin-tests job
  Lint->>Repo: actions/checkout@v4\nactions/setup-node@v4\nnpm ci\nnpm run lint
  Kotlin->>Repo: actions/checkout@v4\nactions/setup-java@v4\n./gradlew test (test-runner)
  Lint-->>GitHub: lint job completes
  Kotlin-->>GitHub: kotlin-tests completes
  GitHub->>Build: start build job (after lint & kotlin-tests)
  Build->>Repo: actions/checkout@v4\nactions/setup-node@v4\nnpm ci\nnpm run prepare
  Build-->>GitHub: build completes

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding a GitHub Actions workflow to the CI configuration, with a reference to the bootstrap nature for issue #158.
Description check	✅ Passed	The description is directly related to the changeset, explaining the purpose of the workflow addition, intentional exclusions, and providing clear context about the merge strategy with PR #158.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/bootstrap-workflow

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

18-19: Pin GitHub Actions to full commit SHAs instead of floating version tags.

Using mutable version tags increases supply-chain drift risk. Replace floating tags with full-length commit SHAs for actions/checkout, actions/setup-node, and actions/setup-java across all workflow jobs:

• Lines 18-19, 30-31, 42-43: actions/checkout@v4 and actions/setup-node@v4
• Lines 54-55: actions/checkout@v4 and actions/setup-java@v4
• Lines 69-70: actions/checkout@v4 and actions/setup-node@v4

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 18 - 19, Replace floating version tags
for GitHub Actions with pinned full commit SHAs: find occurrences of
"actions/checkout@v4", "actions/setup-node@v4", and "actions/setup-java@v4" in
the workflow and replace each tag with the corresponding full commit SHA for
that action (e.g., actions/checkout@<full-sha>, actions/setup-node@<full-sha>,
actions/setup-java@<full-sha>) so every job uses the exact pinned revision
instead of the mutable tag.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 1-13: Add an explicit workflow-level permissions block to the
top-level of this workflow (the one beginning with "name: CI") to enforce least
privilege; insert a top-level permissions key containing at minimum "contents:
read" (or other minimal permissions required) so the workflow no longer relies
on implicit repo/org defaults.

---

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 18-19: Replace floating version tags for GitHub Actions with
pinned full commit SHAs: find occurrences of "actions/checkout@v4",
"actions/setup-node@v4", and "actions/setup-java@v4" in the workflow and replace
each tag with the corresponding full commit SHA for that action (e.g.,
actions/checkout@<full-sha>, actions/setup-node@<full-sha>,
actions/setup-java@<full-sha>) so every job uses the exact pinned revision
instead of the mutable tag.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4fc83e80-ee69-4192-af25-8467baf407e5

📥 Commits

Reviewing files that changed from the base of the PR and between 1732edd and add2b9e.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

[esarafianou]

Just a minor comment.