From 08239d0351c4749856ad436978c14197803886b0 Mon Sep 17 00:00:00 2001
From: MrAlders0n <MrAlders0n@smal.ca>
Date: Mon, 13 Apr 2026 22:29:40 -0400
Subject: [PATCH] ci: add PR-triggered analyze/test workflow and CODEOWNERS

Adds a new CI workflow that runs flutter analyze and flutter test on
every PR targeting main or dev, and a CODEOWNERS file routing all
review requests to @MrAlders0n. Combined with branch protection updates
(require_code_owner_reviews), this enforces owner approval on every
incoming PR before merge.

The workflow uses least-privilege contents:read permissions and does
not inject API_KEY, since analyze/test do not need it and keeping it
out of PR runs prevents fork-PR exposure.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/CODEOWNERS       |  1 +
 .github/workflows/ci.yml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..3d4e8f5
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @MrAlders0n
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..951a208
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,25 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main, dev]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze & Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: subosito/flutter-action@v2
+        with:
+          channel: 'stable'
+
+      - run: flutter pub get
+      - run: dart run build_runner build --delete-conflicting-outputs
+      - run: flutter analyze
+      - run: flutter test