ci: add Gitea Actions workflow for make check (#21)

Adds CI workflow that runs `make check` on push/PR to main.

Co-authored-by: user <user@Mac.lan guest wan>
Co-authored-by: clawbot <clawbot@eeqj.de>
Reviewed-on: #21
Co-authored-by: clawbot <sneak+clawbot@sneak.cloud>
Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>

internal/cli/integration_test.go

@@ -48,7 +48,7 @@ func TestMain(m *testing.M) {
 	code := m.Run()
 
 	// Clean up the binary
-	os.Remove(filepath.Join(projectRoot, "secret"))
+	_ = os.Remove(filepath.Join(projectRoot, "secret"))
 
 	os.Exit(code)
 }
@@ -450,10 +450,10 @@ func test02ListVaults(t *testing.T, runSecret func(...string) (string, error)) {
 
 func test03CreateVault(t *testing.T, tempDir string, runSecret func(...string) (string, error)) {
 	// Set environment variables for vault creation
-	os.Setenv("SB_SECRET_MNEMONIC", testMnemonic)
-	os.Setenv("SB_UNLOCK_PASSPHRASE", "test-passphrase")
-	defer os.Unsetenv("SB_SECRET_MNEMONIC")
-	defer os.Unsetenv("SB_UNLOCK_PASSPHRASE")
+	_ = os.Setenv("SB_SECRET_MNEMONIC", testMnemonic)
+	_ = os.Setenv("SB_UNLOCK_PASSPHRASE", "test-passphrase")
+	defer func() { _ = os.Unsetenv("SB_SECRET_MNEMONIC") }()
+	defer func() { _ = os.Unsetenv("SB_UNLOCK_PASSPHRASE") }()
 
 	// Create work vault
 	output, err := runSecret("vault", "create", "work")
@@ -489,6 +489,7 @@ func test03CreateVault(t *testing.T, tempDir string, runSecret func(...string) (
 	assert.Contains(t, output, "work", "should list work vault")
 }
 
+//nolint:unused // TODO: re-enable when vault import is implemented
 func test04ImportMnemonic(t *testing.T, tempDir, testMnemonic, testPassphrase string, runSecretWithEnv func(map[string]string, ...string) (string, error)) {
 	// Import mnemonic into work vault
 	output, err := runSecretWithEnv(map[string]string{
@@ -1667,9 +1668,9 @@ func test19DisasterRecovery(t *testing.T, tempDir, secretPath, testMnemonic stri
 	assert.Equal(t, testSecretValue, strings.TrimSpace(toolOutput), "tool output should match original")
 
 	// Clean up temporary files
-	os.Remove(ltPrivKeyPath)
-	os.Remove(versionPrivKeyPath)
-	os.Remove(decryptedValuePath)
+	_ = os.Remove(ltPrivKeyPath)
+	_ = os.Remove(versionPrivKeyPath)
+	_ = os.Remove(decryptedValuePath)
 }
 
 func test20VersionTimestamps(t *testing.T, tempDir, secretPath, testMnemonic string, runSecretWithEnv func(map[string]string, ...string) (string, error)) {
@@ -1788,7 +1789,7 @@ func test23ErrorHandling(t *testing.T, tempDir, secretPath, testMnemonic string,
 
 	// Add secret without mnemonic or unlocker
 	unsetMnemonic := os.Getenv("SB_SECRET_MNEMONIC")
-	os.Unsetenv("SB_SECRET_MNEMONIC")
+	_ = os.Unsetenv("SB_SECRET_MNEMONIC")
 	cmd := exec.Command(secretPath, "add", "test/nomnemonic")
 	cmd.Env = []string{
 		fmt.Sprintf("SB_SECRET_STATE_DIR=%s", tempDir),
@@ -2128,7 +2129,7 @@ func test30BackupRestore(t *testing.T, tempDir, secretPath, testMnemonic string,
 						versionsPath := filepath.Join(secretPath, "versions")
 						if _, err := os.Stat(versionsPath); os.IsNotExist(err) {
 							// This is a malformed secret directory, remove it
-							os.RemoveAll(secretPath)
+							_ = os.RemoveAll(secretPath)
 						}
 					}
 				}
@@ -2178,7 +2179,7 @@ func test30BackupRestore(t *testing.T, tempDir, secretPath, testMnemonic string,
 	require.NoError(t, err, "restore vaults should succeed")
 
 	// Restore currentvault
-	os.Remove(currentVaultSrc)
+	_ = os.Remove(currentVaultSrc)
 	restoredData := readFile(t, currentVaultDst)
 	writeFile(t, currentVaultSrc, restoredData)
 
@@ -2284,6 +2285,8 @@ func verifyFileExists(t *testing.T, path string) {
 }
 
 // verifyFileNotExists checks if a file does not exist at the given path
+//
+//nolint:unused // kept for future use
 func verifyFileNotExists(t *testing.T, path string) {
 	t.Helper()
 	_, err := os.Stat(path)