ci: add GitHub Actions CI/CD pipelines

- Add ci.yml with lint, typecheck, test, build steps + PostgreSQL service
- Add deploy.yml scaffold with Docker build placeholders

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    name: Lint → Typecheck → Test → Build
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [22]
+
+    services:
+      postgres:
+        image: postgis/postgis:16-3.4
+        env:
+          POSTGRES_DB: goodgo_test
+          POSTGRES_USER: goodgo
+          POSTGRES_PASSWORD: goodgo_test_secret
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd "pg_isready -U goodgo -d goodgo_test"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+          --health-start-period 30s
+
+    env:
+      DATABASE_URL: postgresql://goodgo:goodgo_test_secret@localhost:5432/goodgo_test
+      NODE_ENV: test
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Typecheck
+        run: pnpm typecheck
+
+      - name: Test
+        run: pnpm test
+
+      - name: Build
+        run: pnpm build

.github/workflows/deploy.yml

@@ -0,0 +1,70 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Target environment
+        required: true
+        default: staging
+        type: choice
+        options:
+          - staging
+          - production
+
+concurrency:
+  group: deploy-${{ github.event.inputs.environment }}
+  cancel-in-progress: false
+
+jobs:
+  build:
+    name: Build Docker Images
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # TODO: Configure container registry login
+      # - name: Login to Container Registry
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ${{ secrets.REGISTRY_URL }}
+      #     username: ${{ secrets.REGISTRY_USERNAME }}
+      #     password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      # TODO: Build and push Docker images
+      # - name: Build API image
+      #   uses: docker/build-push-action@v6
+      #   with:
+      #     context: .
+      #     file: apps/api/Dockerfile
+      #     push: true
+      #     tags: ${{ secrets.REGISTRY_URL }}/goodgo-api:${{ github.sha }}
+      #     cache-from: type=gha
+      #     cache-to: type=gha,mode=max
+
+      - name: Placeholder
+        run: echo "Docker build steps TBD — configure registry and Dockerfiles first"
+
+  deploy:
+    name: Deploy to ${{ github.event.inputs.environment }}
+    needs: build
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment }}
+
+    steps:
+      # TODO: Deploy to Kubernetes
+      # - name: Configure kubectl
+      #   uses: azure/setup-kubectl@v4
+
+      # - name: Deploy
+      #   run: |
+      #     kubectl set image deployment/goodgo-api \
+      #       api=${{ secrets.REGISTRY_URL }}/goodgo-api:${{ github.sha }}
+
+      - name: Placeholder
+        run: echo "Deploy steps TBD — configure Kubernetes and environment secrets first"