Add GitHub Action for running tests

[applejag]

Runs the linting and test steps in GitHub Actions.

Some notable changes:

• Uses https://github.com/golangci/golangci-lint-action instead of task lint
• Uses https://github.com/reviewdog/action-suggester to submit suggestions from gofumpt. We've had great success with this action at work
• Uses commit hashes for the action versions as a security thing. Dependabot is able to understand the trailing # v1.2.3 comment and helps keep that up-to-date too

Closes #3

[applejag]

Running task test or ff test locally fails:

$ ff test
⏳ installing dependencies...
Collecting pytest
  Using cached pytest-9.0.2-py3-none-any.whl.metadata (7.6 kB)
ERROR: Could not find a version that satisfies the requirement firefly-test (from versions: none)

[notice] A new release of pip is available: 25.1.1 -> 25.3
[notice] To update, run: /home/kalle/code/firefly-go/.venv/bin/python3 -m pip install --upgrade pip
ERROR: No matching distribution found for firefly-test
💥 Error: install firefly-test: subprocess exited with status code 1.

I don't know crap about Python. This is very much outside my domain. I've no clue how to debug it

[orsinium]

Uses commit hashes for the action versions as a security thing.

Why? Github Actions CI by default doesn't have access to any secrets and we don't need any.

Running task test or ff test locally fails:

Yeah, I made builds for firefly-test only for Python 3.12 and Linux. I've gotta fix it with CI.

[orsinium]

Uses https://github.com/golangci/golangci-lint-action instead of task lint

Why? Let's keep it simple. It's invaluable to have CI and local env behave the same way.

[orsinium]

Dependabot is able to understand the trailing # v1.2.3 comment and helps keep that up-to-date too

I don't want to keep monitoring and merging dependabot updates, i already have 250 foss projects. just let it run on latest everything and i'll fix it if it ever breaks.

[applejag]

Uses commit hashes for the action versions as a security thing.

Why? Github Actions CI by default doesn't have access to any secrets and we don't need any.

Valid. I just added it as a good default. And if you add Dependabot there's no maintenance burden either.

Better to do it everywhere than to only do it in some places and then forget to change it to use commit hashes later once you start using secrets. Who's to say you won't add secrets later?

If you insist then I'll revert to using the @v2 tags instead.

Uses golangci/golangci-lint-action instead of task lint

Why? Let's keep it simple. It's invaluable to have CI and local env behave the same way.

I wrote a comment to motivate it

firefly-go/.github/workflows/ci.yml

Lines 43 to 44 in a0b34e5

	# Taskfile contains a step for running golangci-lint, but their
	# GitHub Action provides nicer integration

I forgot to also mention the motivation in the PR description.

But I'll revert it to just using the Taskfile for that too.

Dependabot is able to understand the trailing # v1.2.3 comment and helps keep that up-to-date too

I don't want to keep monitoring and merging dependabot updates, i already have 250 foss projects. just let it run on latest everything and i'll fix it if it ever breaks.

I use auto-merging GitHub actions for that on some of my repos :)
If you want I can add that to this repo too. It's just a simple extra action that auto-approves if it's a non-major version bump and then enables auto-merge.