Add GitHub Actions CI pipeline

Author: SaridakisStamatisChristos

.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential cmake ninja-build
+
+      - name: Configure
+        run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=ON
+
+      - name: Build
+        run: cmake --build build --config Release
+
+      - name: Run tests
+        run: ctest --test-dir build --output-on-failure

README.md

@@ -104,10 +104,15 @@ ci/hw-smoke.sh
 ```
 
 CI expectations:
-- `ci/security.yml` validates attestation materials and cosign signatures.
-- `ci/sandbox.yml` runs sandbox workflow scenarios with telemetry fuzzing.
+- `.github/workflows/ci.yml` runs the public GitHub Actions pipeline (configure, build, unit and integration tests).
+- `ci/pipeline.yml` runs the default lint/build/test stages used by the OSS mirror.
 - `ci/hw-smoke.sh` executes on bare metal to verify MSR/perf integration and metrics TLS.
 
+> **Note**
+> Historical documentation referenced `ci/security.yml` and `ci/sandbox.yml` for supply-chain and fuzzing coverage. Those
+> workflows are not currently part of this repository. Security attestation validation and sandbox fuzzing remain roadmap
+> items and should be treated as future work until corresponding workflows land.
+
 ## Packaging
 
 - `packaging/Dockerfile` builds a minimal container with the dispatcher defaulting to health checks on startup.