chore: add ci jobs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

.github/workflows/check-actions.yaml

@@ -0,0 +1,31 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Check actions
+
+permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-actions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # v3.0.3
+        with:
+          # slsa-github-generator requires using a semver tag for reusable workflows. 
+          # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
+          allowlist: |
+            slsa-framework/slsa-github-generator

.github/workflows/semantics-pr.yaml

@@ -0,0 +1,93 @@
+name: Semantic PR Validation
+
+# feat: (new feature for the user, not a new feature for build script)
+# fix: (bug fix for the user, not a fix to a build script)
+# build: (changes that affect the build system or external dependencies)
+# chore: (updating grunt tasks etc; no production code change)
+# ci: (updates to CI configuration files and scripts; no production code change)
+# docs: (changes to the documentation)
+# perf: (a code change that improves performance)
+# refactor: (refactoring production code, eg. renaming a variable)
+# style: (formatting, missing semi colons, etc; no production code change)
+# test: (adding missing tests, refactoring tests; no production code change)
+# revert: (reverting a previous commit)
+# release: (release a new version of the project)
+
+# Example:
+# test(runner): Add test for the runner
+# ^    ^        ^
+# |    |        |__ Subject
+# |    |_______ Scope
+# |____________ Type
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  semantics-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate Pull Request
+        uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Configure which types are allowed.
+          # Default: https://github.com/commitizen/conventional-commit-types
+          types: |
+            feat
+            fix
+            build
+            chore
+            ci
+            docs
+            perf
+            refactor
+            revert
+            style
+            test
+            revert
+            release
+          # Configure which scopes are allowed.
+          scopes: |
+            api
+            client
+            commands
+            config
+            data
+            deps
+            discovery
+            internal
+            report
+            resource
+            runner
+            operations
+            processors
+            test
+            utils
+            validation
+            version
+            docs
+            release
+            testdata
+          ignoreLabels: |
+            bot
+            ignore-semantic-pull-request
+          # Configure that a scope must always be provided.
+          requireScope: false
+          # When using "Squash and merge" on a PR with only one commit, GitHub
+          # will suggest using that commit message instead of the PR title for the
+          # merge commit, and it's easy to commit this by mistake. Enable this option
+          # to also validate the commit message for one commit PRs.
+          validateSingleCommit: true
+          # Related to `validateSingleCommit` you can opt-in to validate that the PR
+          # title matches a single commit to avoid confusion.
+          validateSingleCommitMatchesPrTitle: true