Create codeql.yml (#10) #24

	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	permissions: read-all

	jobs:
	test:
	strategy:
	matrix:
	os: [ubuntu-latest, macos-14]
	runs-on: ${{ matrix.os }}

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Python
	uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
	with:
	python-version: "3.12"

	- name: Install uv
	uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v6.3.1

	- name: Create virtual environment
	run: uv venv

	- name: Install test dependencies
	run: uv pip install '.[test]'

	- name: Run tests
	run: uv run pytest

	- name: Run pre-commit checks
	run: \|
	uv pip install pre-commit
	uv run pre-commit run --all-files --show-diff-on-failure

	- name: Run Bandit
	run: \|
	uv pip install bandit
	uv run bandit -r . -x "./.venv/*","./tests" --severity-level medium

Provide feedback