From 161bf256f6639b405dbc25d2bb371f99a0f35a78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Delr=C3=A9?= <delre.guillaume@gmail.com>
Date: Thu, 14 May 2026 11:01:53 +0200
Subject: [PATCH] ci: add GitHub Actions pipeline

Add two jobs triggered on push and PR to develop/master:
- test: builds the Docker test image with layer caching (GHA cache)
  and runs the full pytest suite inside the container
- security: runs pip-audit against requirements.txt to catch CVEs
  in runtime dependencies

Co-authored-by: agilicode <agilicode@gmail.com>
---
 .github/workflows/ci.yml | 48 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..58db596
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,48 @@
+name: CI
+
+on:
+  push:
+    branches: [develop, master]
+  pull_request:
+    branches: [develop, master]
+
+jobs:
+  test:
+    name: Build & test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build test image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          target: test
+          load: true
+          tags: bme280-test:ci
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Run tests
+        run: docker run --rm bme280-test:ci
+
+  security:
+    name: Dependency audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install pip-audit
+        run: pip install pip-audit --quiet
+
+      - name: Audit dependencies
+        run: pip-audit -r requirements.txt