feat(rls): enhance multi-tenancy with FORCE and superuser bypass #3

	name: CI

	on:
	push:
	branches: [master, main]
	pull_request:
	branches: [master, main]

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version: "1.22"

	- name: golangci-lint
	uses: golangci/golangci-lint-action@v4
	with:
	version: latest

	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version: "1.22"

	- name: Run tests
	run: go test -race -coverprofile=coverage.out -covermode=atomic ./...

	- name: Upload coverage
	uses: codecov/codecov-action@v4
	with:
	files: coverage.out
	fail_ci_if_error: false

	build:
	runs-on: ubuntu-latest
	needs: [lint, test]
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version: "1.22"

	- name: Build API
	run: CGO_ENABLED=0 go build -o bin/api ./cmd/api

	- name: Build Worker
	run: CGO_ENABLED=0 go build -o bin/worker ./cmd/worker

	docker:
	runs-on: ubuntu-latest
	needs: build
	if: github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/main'
	steps:
	- uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	push: false
	tags: orchestrix-api:${{ github.sha }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version: "1.22"

	- name: Run govulncheck
	run: \|
	go install golang.org/x/vuln/cmd/govulncheck@latest
	govulncheck ./...

	- name: Run gosec
	uses: securego/gosec@master
	with:
	args: ./...

Provide feedback