From cda43b2fcee2610dcc6ae4970f711ae8c93d96ef Mon Sep 17 00:00:00 2001
From: SaridakisStamatisChristos
 <34583142+SaridakisStamatisChristos@users.noreply.github.com>
Date: Wed, 29 Oct 2025 08:49:46 +0200
Subject: [PATCH 1/2] Add GitHub Actions CI pipeline

---
 .github/workflows/ci.yml | 27 +++++++++++++++++++++++++++
 README.md                |  9 +++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..e0e3a8c
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential cmake ninja-build
+
+      - name: Configure
+        run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=ON
+
+      - name: Build
+        run: cmake --build build --config Release
+
+      - name: Run tests
+        run: ctest --test-dir build --output-on-failure
diff --git a/README.md b/README.md
index d1fc6cd..d7a1d7c 100644
--- a/README.md
+++ b/README.md
@@ -104,10 +104,15 @@ ci/hw-smoke.sh
 ```
 
 CI expectations:
-- `ci/security.yml` validates attestation materials and cosign signatures.
-- `ci/sandbox.yml` runs sandbox workflow scenarios with telemetry fuzzing.
+- `.github/workflows/ci.yml` runs the public GitHub Actions pipeline (configure, build, unit and integration tests).
+- `ci/pipeline.yml` runs the default lint/build/test stages used by the OSS mirror.
 - `ci/hw-smoke.sh` executes on bare metal to verify MSR/perf integration and metrics TLS.
 
+> **Note**
+> Historical documentation referenced `ci/security.yml` and `ci/sandbox.yml` for supply-chain and fuzzing coverage. Those
+> workflows are not currently part of this repository. Security attestation validation and sandbox fuzzing remain roadmap
+> items and should be treated as future work until corresponding workflows land.
+
 ## Packaging
 
 - `packaging/Dockerfile` builds a minimal container with the dispatcher defaulting to health checks on startup.

From 9f3c20d562a4b4ab767357cea1c5a4cb4ddddd4a Mon Sep 17 00:00:00 2001
From: SaridakisStamatisChristos
 <34583142+SaridakisStamatisChristos@users.noreply.github.com>
Date: Wed, 29 Oct 2025 08:56:53 +0200
Subject: [PATCH 2/2] Silence unused warnings in tests

---
 tests/integration/metrics_tuner.cpp   |  4 ++++
 tests/policy/test_policy_controller.c |  3 +++
 tests/telemetry/test_telemetry.cpp    | 11 +++++++++++
 3 files changed, 18 insertions(+)

diff --git a/tests/integration/metrics_tuner.cpp b/tests/integration/metrics_tuner.cpp
index c8739b4..d2f5951 100644
--- a/tests/integration/metrics_tuner.cpp
+++ b/tests/integration/metrics_tuner.cpp
@@ -31,10 +31,12 @@ std::string FetchMetrics(uint16_t port) {
     ::inet_pton(AF_INET, "127.0.0.1", &addr.sin_addr);
     int rc = ::connect(fd, reinterpret_cast<sockaddr *>(&addr), sizeof(addr));
     assert(rc == 0);
+    (void)rc;
 
     const char request[] = "GET /metrics HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n";
     ssize_t sent = ::send(fd, request, sizeof(request) - 1, 0);
     assert(sent == static_cast<ssize_t>(sizeof(request) - 1));
+    (void)sent;
 
     std::string response;
     char buffer[1024];
@@ -55,6 +57,7 @@ int main() {
     // Metrics exporter lifecycle
     int start_rc = tsd_metrics_exporter_start("127.0.0.1", 0);
     assert(start_rc == 0);
+    (void)start_rc;
     uint16_t port = tsd_metrics_exporter_listen_port();
     assert(port != 0);
 
@@ -100,6 +103,7 @@ int main() {
     fs::path bundle_path = tmpdir / "policy_bundle.json";
     bool wrote = WritePolicyBundle(bundle_path.string(), result);
     assert(wrote);
+    (void)wrote;
 
     std::ifstream in(bundle_path);
     std::string contents((std::istreambuf_iterator<char>(in)), std::istreambuf_iterator<char>());
diff --git a/tests/policy/test_policy_controller.c b/tests/policy/test_policy_controller.c
index 1d0f439..5b471f8 100644
--- a/tests/policy/test_policy_controller.c
+++ b/tests/policy/test_policy_controller.c
@@ -41,6 +41,7 @@ static void test_predictive_convergence(void) {
     assert(fallback == 0);
     assert(rc == 1);
     assert(target < SIMD_AVX512);
+    (void)rc;
 
     tsd_dispatcher_policy_destroy(state);
 }
@@ -67,6 +68,7 @@ static void test_predictive_stability(void) {
     assert(fallback == 0);
     assert(rc == 0);
     assert(target == SIMD_AVX2);
+    (void)rc;
 
     tsd_dispatcher_policy_destroy(state);
 }
@@ -86,6 +88,7 @@ static void test_predictive_fallback(void) {
     assert(rc == 0);
     assert(fallback == 1);
     assert(target == SIMD_AVX2);
+    (void)rc;
 
     tsd_dispatcher_policy_destroy(state);
 }
diff --git a/tests/telemetry/test_telemetry.cpp b/tests/telemetry/test_telemetry.cpp
index 43edf5d..4996bae 100644
--- a/tests/telemetry/test_telemetry.cpp
+++ b/tests/telemetry/test_telemetry.cpp
@@ -116,6 +116,17 @@ int main() {
     history_ptr.reset();
     fs::remove(path);
 
+    (void)evaluated;
+    (void)kTolerance;
+    (void)expected_weighted;
+    (void)record;
+    (void)second_value;
+    (void)record_after;
+    (void)expected_mean;
+    (void)expected_variance;
+    (void)persisted;
+    (void)fallback_value;
+
     return 0;
 }