setup-cilisted

# Set up GitHub Actions CI Project-agnostic, global skill. It scans any GitHub repository, reads and audits any existing `.github/workflows/` files, and proposes a clean GitHub Actions CI setup where **each concern is a separate job** — so every check gets its own pass/fail indicator in the GitHub PR and Actions UI, making it easy to pinpoint exactly what broke. It pairs with `propose-automation`: that skill handles the broader Codex automation layer; this one focuses exclusively on the GitHub Actions CI pipeline. ## Operating principles (apply throughout) 1. **Separate jobs, not steps.** A job-per-concern means each check is independently retryable, cancellable, and visible in GitHub's status checks. Never bundle unrelated checks into one job just because it is convenient. 2. **Audit before rewrite.** If `.github/workflows/` already exists, read it first. Propose targeted improvements (missing jobs, missing caching, missing concurrency control, overly broad permissions) rather than replacing it wholesale. 3. **Best-practice defaults every new workflow should include:** - `on: push` + `on: pull_request` + `workflow_dispatch` (manual runs from GitHub UI) - `concurrency: group: ${{ github.workflow }}-${{ github.ref }}, cancel-in-progress: true` - `permissions: contents: read` at workflow level (least-privilege GITHUB_TOKEN) - `timeout-minutes` on every job (prevent stuck runners burning quota) - Dependency caching via the setup action's built-in `