add workflows

.github/workflows/build.yml

@@ -0,0 +1,47 @@
+name: Compile And Test
+on:
+  push:
+    branches:
+      - "**"
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - name: Set up access to private Go modules
+        env:
+          GITHUB_USER: ${{ secrets.GH_USER }}
+          GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+        run: git config --global url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf "https://github.com"
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: "./go.mod"
+          cache: true
+      - run: go version
+
+      - name: Compile
+        run: make build
+
+      - name: Test
+        run: go test ./...
+
+      - name: Happypath
+        run: |
+          export PATH=./build/:$PATH
+          ./scripts/ci/prepare-env.sh
+          ./scripts/happypath.sh
+
+      - name: Restart
+        run: |
+          kill $(pgrep -fi sscd)
+          sleep 5
+          rm -rf ~/.ssc/
+          export PATH=./build/:$PATH
+          ./scripts/ci/prepare-env.sh
+          ./scripts/escrow-chainlet-restart.sh

.github/workflows/golangci-lint.yml

@@ -0,0 +1,29 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - '**'
+permissions:
+  contents: read
+  # Optional: allow read access to pull requests. Use with `only-new-issues` option.
+  # pull-requests: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - name: Set up access to private Go modules
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+          GITHUB_USER: ${{ secrets.GH_USER }}
+        run: git config --global url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf "https://github.com"
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: './go.mod'
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          args: --timeout 600s

.github/workflows/gosec.yaml

@@ -0,0 +1,45 @@
+name: Run Gosec
+on:
+  pull_request:
+    branches:
+      - main
+      - release/**
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
+  push:
+    branches:
+      - main
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  Gosec:
+    permissions:
+      security-events: write
+
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: "-exclude=G101,G107 -exclude-dir=systemtests -no-fail -fmt sarif -out results.sarif ./..."
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif

.github/workflows/shellcheck.yml

@@ -0,0 +1,18 @@
+name: ShellCheck
+
+on: [push]
+
+permissions:
+ contents: read
+jobs:
+  shellcheck:
+    name: Run shellcheck
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        env:
+          SHELLCHECK_OPTS: -e SC2086