The stable Flutter SDK on the CI runner does not include
the `dart pub audit` subcommand. Trivy scan still covers
dependency security.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
subosito/flutter-action@v2 requires jq to parse action inputs.
The ci job in both workflows was missing the install step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ci.yaml triggered on branch pushes and PRs with flutter analyze,
flutter test, dart pub audit, Trivy scan, and debug APK build. Gate the
release workflow behind a CI job so release builds only proceed after
all checks pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
