Add workflows

.github/merge-bot.yml

@@ -0,0 +1 @@
+enabled: true

.github/workflows/build-deploy-ecs.yml

@@ -0,0 +1,37 @@
+name: Build & Deploy ECS
+
+on:
+  push:
+    branches:
+      # Automatically build and deploy master and staging. Additional branches may be added.
+      - main
+      - staging
+  workflow_dispatch:
+    # Allows manual build and deploy of any branch/ref
+    inputs:
+      auto-deploy:
+        type: boolean
+        description: Deploy image after building?
+        required: true
+        default: 'false'
+
+jobs:
+  # Build and push container image to ECR. Builds occur in the project repository.
+  build:
+    name: Build
+    uses: CruGlobal/.github/.github/workflows/build-ecs.yml@v1
+
+  # Triggers an ECS deployment in https://github.com/CruGlobal/cru-deploy/actions.
+  # All deployments happen in the cru-deploy repo.
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name != 'workflow_dispatch' || github.event.inputs.auto-deploy == 'true'
+    steps:
+      - uses: CruGlobal/.github/actions/trigger-deploy@v1
+        with:
+          github-token: ${{ secrets.CRU_DEPLOY_GITHUB_TOKEN }}
+          project-name: ${{ needs.build.outputs.project-name }}
+          environment: ${{ needs.build.outputs.environment }}
+          build-number: ${{ needs.build.outputs.build-number }}

.github/workflows/ruby.yml

@@ -0,0 +1,73 @@
+name: Ruby
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main,staging]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    env:
+      DB_PORT_5432_TCP_ADDR_TEST: localhost
+      DB_ENV_POSTGRESQL_USER_TEST: postgres
+      DB_ENV_POSTGRESQL_PASS_TEST: postgres
+      DB_ENV_POSTGRESQL_DB_TEST: postgres
+      RAILS_ENV: test
+
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+        ports:
+          - 5432:5432
+
+    steps:
+      - name: Check out files
+        uses: actions/checkout@v3
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Set up DB
+        run: |
+          bundle exec rails db:create
+          bundle exec rails db:schema:load
+
+      - name: RSpec tests
+        run: bundle exec rspec --color
+
+      - name: Codecov upload
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out files
+        uses: actions/checkout@v3
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Bundle audit
+        run: bundle exec bundle audit check --update ${{ vars.CVE_IGNORES && format('--ignore {0}', vars.CVE_IGNORES) }}
+
+      - name: Brakeman
+        run: bundle exec brakeman -A -q --ensure-latest --no-pager
+
+      - name: StandardRB
+        run: bundle exec standardrb --format simple
+
+      - name: JavaScript audit
+        run: bin/importmap audit