ci: add Forgejo Actions workflow

.forgejo/workflows/ci.yml

@@ -0,0 +1,55 @@
+# NIP Package Manager CI
+name: NIP CI
+
+on:
+  push:
+    branches: [unstable, main, stable, testing]
+  pull_request:
+    branches: [unstable, main]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Verify toolchain
+        run: nim --version | head -1
+
+      - name: Install dependencies
+        run: |
+          nimble refresh 2>/dev/null || true
+          nimble install -y xxhash 2>/dev/null || echo "WARN: xxhash install failed"
+
+      - name: Build (release)
+        run: nim c -d:release --opt:speed --hints:off -o:nip nip.nim
+
+      - name: Verify binary
+        run: |
+          ls -lh nip
+          file nip
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check for sensitive content
+        run: |
+          FAIL=0
+          for dir in .agent .vscode .kiro competitors; do
+            if [ -d "$dir" ]; then
+              echo "FAIL: Sensitive directory '$dir' found"
+              FAIL=1
+            fi
+          done
+          MATCHES=$(git grep -l '/home/markus' -- ':!.forgejo/' 2>/dev/null || true)
+          if [ -n "$MATCHES" ]; then
+            echo "FAIL: Internal paths found in:"
+            echo "$MATCHES"
+            FAIL=1
+          fi
+          if [ $FAIL -eq 1 ]; then exit 1; fi
+          echo "Security scan PASSED"