Add github Workflows

.github/labeler.yml

@@ -0,0 +1,2 @@
+"documentation":
+  - /**/*.adoc

.github/release-drafter.yml

@@ -0,0 +1,34 @@
+name-template: $NEXT_PATCH_VERSION
+tag-template: $NEXT_PATCH_VERSION
+
+template: |
+  # Changes
+  $CHANGES
+
+# --------
+# NOTE: When adding new labels please also update required-labels.yml workflow.
+# --------
+categories:
+  - title: 💣️ Breaking changes
+    label: breaking-change
+
+  - title: 🚀 Features & Enhancements
+    labels:
+      - feature
+      - enhancement
+
+  - title: 🐞 Fixes
+    label: bug
+
+  - title: 📁 Java Dependencies updates
+    label: dependencies
+
+  - title: 📁 Docker images updates
+    label: docker-update-images
+
+  - title: 📖 Documentation
+    label: documentation
+
+  - title: 🏡 Housekeeping
+    label: housekeeping
+

.github/workflows/changelog-release-drafter.yml

@@ -0,0 +1,14 @@
+name: Changelog Release Drafter
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,27 @@
+name: "Trivy"
+
+on:
+  schedule:
+    - cron: '24 10 * * 5'
+
+jobs:
+  build:
+    name: Trivy vulnerability scanner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/labeler.yml

@@ -0,0 +1,14 @@
+name: "Pull Request Auto Labeler"
+on:
+  - pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@v4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/maven.yml

@@ -0,0 +1,39 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  build-jdk17:
+    runs-on: ubuntu-latest
+    name: Build project
+    concurrency:
+      # The commit SHA or the branch name of the pull request. See: https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
+      group: ${{ github.event_name == 'pull_request' && github.head_ref || github.sha}}
+      cancel-in-progress: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '17'
+      - name: Build with Maven
+        run: ./mvnw -version && whoami && umask -S && umask a+rw && umask -S && ./mvnw clean verify -P docker-clean -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.count=3 --no-snapshot-updates --batch-mode --no-transfer-progress

.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: Publish to the Maven Central Repository
+
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{github.event.release.target_commitish}}
+          token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }}
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '17'
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          cache: 'maven'
+
+      - name: Update version
+        if: ${{ success() }}
+        run: ./mvnw --batch-mode --no-transfer-progress versions:set -DnewVersion=${{github.event.release.tag_name}} versions:commit
+
+      - name: Publish to the Maven Central Repository
+        if: ${{ success() }}
+        run: ./mvnw --batch-mode --no-transfer-progress -Dgib.disable=true -P ossrh -DskipTests deploy
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Commit & Push changes
+        if: ${{ success() }}
+        uses: actions-js/push@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          message: 'Release ${{github.event.release.tag_name}}'
+          branch: ${{ github.event.release.target_commitish }}

.github/workflows/renovate.yml

@@ -0,0 +1,39 @@
+name: Renovate for update docker images
+
+on:
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Dry-Run"
+        default: false
+        required: false
+        type: boolean
+      logLevel:
+        description: "Log-Level"
+        required: false
+        default: 'debug'
+        type: choice
+        options:
+          - info
+          - warn
+          - debug
+          - error
+          - fatal
+    schedule:
+      - cron: '0 8 * * *'
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v39.0.5
+        with:
+          configurationFile: .github/renovate/renovate.json
+          token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }}
+        env:
+          DRY_RUN: ${{ inputs.dryRun || 'false' }}
+          LOG_LEVEL: ${{ inputs.logLevel || 'debug' }}

.github/workflows/required-labels.yml

@@ -0,0 +1,16 @@
+#  https://github.com/mheap/github-action-required-labels
+name: Pull Request Required Labels
+on:
+  pull_request:
+    types: [ opened, labeled, unlabeled, synchronize ]
+jobs:
+  label:
+    if: github.event.pull_request.state == 'open'
+    runs-on: ubuntu-latest
+    name: Verify Pull Request has labels
+    steps:
+      - uses: mheap/github-action-required-labels@v5
+        with:
+          mode: minimum
+          count: 1
+          labels: "breaking-change, feature, enhancement, bug, dependencies, docker-update-images, documentation, housekeeping"

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar