CLAUDECODE-WEB for getting working Go #26

	# CI testing pipeline
	#
	# This workflow MUST be audited with zizmor.
	# This workflow MUST be using pinned action refs.
	# This workflow's pinned action refs SHOULD be updated using 'pinact'
	#
	# Security notes:
	# - Top-level permissions are empty; each job declares only what it needs.
	# - All third-party actions are SHA-pinned. Run `pinact run` to reverify.
	#
	# Non-GitHub actions (add to repo Settings > Actions > Allowed actions):
	# - go-task/setup-task

	name: CI
	# For release, I want the tag in there.
	# For CI, ideally I'd have the branch and then the commit message first line,
	# but that's amongst the things GitHub doesn't let you do cleanly via the
	# template language.
	# For now, accept the default run-name for CI jobs.
	# run-name: "CI: ${{ github.head_ref \|\| github.ref_name }}"

	on:
	push:
	branches: [main]
	pull_request:
	workflow_dispatch: # let someone trigger the CI on their branch without a PR

	permissions: {}

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true

	jobs:

	test:
	name: Test
	runs-on: ubuntu-slim

	permissions:
	contents: read # we clone the repo

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false

	- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
	with:
	go-version-file: go.mod
	cache: false

	- uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 # v2.0.0
	with:
	version: 3.x

	- name: Run checks
	run: task check

	- name: Ensure binary compiles
	run: task build

Provide feedback