ci: Add CI workflow with sanitizer jobs (#71)

.gitea/workflows/ci.yml

@@ -0,0 +1,73 @@
+name: Build & Test with Sanitizers
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  python-tests:
+    name: Python Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Install dependencies
+        run: pip install pytest
+      - name: Run Python tests
+        run: pytest tests/test_polar_quant.py -v
+
+  c-build-normal:
+    name: C Build (Normal)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build
+        run: make all
+      - name: Run tests
+        run: make test
+
+  c-build-asan:
+    name: C Build (AddressSanitizer)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build with ASan
+        run: make asan
+      - name: Run tests with ASan
+        run: |
+          export ASAN_OPTIONS=detect_leaks=1:halt_on_error=1
+          make test-asan
+
+  c-build-ubsan:
+    name: C Build (UBSan)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build with UBSan
+        run: make ubsan
+      - name: Run tests with UBSan
+        run: |
+          export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1
+          make test-ubsan
+
+  smoke:
+    name: Smoke Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Parse check
+        run: |
+          find . -name '*.yml' -o -name '*.yaml' | grep -v .gitea | grep -v llama-cpp-fork | xargs -r python3 -c "import sys,yaml; [yaml.safe_load(open(f)) for f in sys.argv[1:]]"
+          find . -name '*.json' | grep -v llama-cpp-fork | while read f; do python3 -m json.tool "$f" > /dev/null || exit 1; done
+          find . -name '*.py' | grep -v llama-cpp-fork | xargs -r python3 -m py_compile
+          find . -name '*.sh' | xargs -r bash -n
+          echo "PASS: All files parse"
+      - name: Secret scan
+        run: |
+          if grep -rE 'sk-or-|sk-ant-|ghp_|AKIA' . --include='*.yml' --include='*.py' --include='*.sh' 2>/dev/null | grep -v .gitea | grep -v llama-cpp-fork; then exit 1; fi
+          echo "PASS: No secrets"