feat: first versions of workflows for sbt libraries

.github/workflows/sbt-library-check.yml

@@ -0,0 +1,34 @@
+on:
+  workflow_call:
+    inputs:
+      commmand:
+        description: Custom command to run for the build
+        default: ''
+        required: false
+        type: string
+      pre-build-command:
+        description: Custom command to run before the build
+        type: string
+        default: ''
+      java-version:
+        description: Java version to use for build
+        required: true
+        type: string
+      expect-tests:
+        description: If JUnit test results are expected
+        default: true
+        type: boolean
+    secrets:
+      WETF_ARTIFACTORY_USER:
+      WETF_ARTIFACTORY_PASSWORD:
+
+jobs:
+  check:
+    uses: ./.github/workflows/sbt-library.yml
+    with:
+      command: ${{ inputs.command != '' && inputs.command || './sbt clean update test' }}
+      pre-build-command: ${{ inputs.pre-build-command }}
+      java-version: ${{ inputs.java-version }}
+      expect-tests: ${{ inputs.expect-tests }}
+      notify-failure: false
+    secrets: inherit

.github/workflows/sbt-library-publish.yml

@@ -0,0 +1,38 @@
+on:
+  workflow_call:
+    inputs:
+      commmand:
+        description: Custom command to run for the build
+        default: ''
+        required: false
+        type: string
+      pre-build-command:
+        description: Custom command to run before the build
+        type: string
+        default: ''
+      java-version:
+        description: Java version to use for build
+        required: true
+        type: string
+      expect-tests:
+        description: If JUnit test results are expected
+        default: true
+        type: boolean
+    secrets:
+      WETF_ARTIFACTORY_USER:
+        required: true
+      WETF_ARTIFACTORY_PASSWORD:
+        required: true
+      SLACK_NOTIFICATIONS_BOT_TOKEN:
+        required: true
+
+jobs:
+  publish:
+    uses: ./.github/workflows/play-service.yml
+    with:
+      command: ${{ inputs.command != '' && inputs.command || './sbt clean update test publish +publish' }}
+      pre-build-command: ${{ inputs.pre-build-command }}
+      java-version: ${{ inputs.java-version }}
+      expect-tests: ${{ inputs.expect-tests }}
+      notify-failure: true
+    secrets: inherit

.github/workflows/sbt-library.yml

@@ -0,0 +1,104 @@
+on:
+  workflow_call:
+    inputs:
+      command:
+        description: Custom command to run for the build
+        required: true
+        type: string
+      pre-build-command:
+        description: Custom command to run before the build
+        type: string
+        default: ''
+      java-version:
+        description: Java version to use for build
+        required: true
+        type: string
+      notify-failure:
+        description: Notify on build failure to Slack
+        default: true
+        type: boolean
+      junit-test-folder:
+        description: Location where JUnit tests are stored, if any
+        default: 'project/target/test-reports'
+        type: string
+      expect-tests:
+        description: If JUnit test results are expected
+        default: true
+        type: boolean
+    secrets:
+      WETF_ARTIFACTORY_USER:
+      WETF_ARTIFACTORY_PASSWORD:
+      SLACK_NOTIFICATIONS_BOT_TOKEN:
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: ${{ inputs.java-version }}
+          cache: sbt
+
+      - name: Set up artifactory credentials
+        if: env.WETF_ARTIFACTORY_USER
+        env:
+          WETF_ARTIFACTORY_USER: ${{ secrets.WETF_ARTIFACTORY_USER }}
+          WETF_ARTIFACTORY_PASSWORD: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
+        run: |
+          cat <<EOF > ~/.wetfArtifactory
+          realm=Artifactory Realm
+          host=artifactory.wetransform.to
+          user=$WETF_ARTIFACTORY_USER
+          password=$WETF_ARTIFACTORY_PASSWORD
+          EOF
+
+      - name: Run custom pre-build command
+        if: ${{ inputs.pre-build-command != '' }}
+        run: ${{ inputs.pre-build-command }}
+
+      - name: Run command
+        run: ${{ inputs.command }}
+
+      #
+      # Security scans
+      #
+
+      # XXX sbt/scala currently not supported by trivy
+
+      #
+      # Report on unit tests and critical vulnerabilities
+      #
+
+        # https://github.com/marketplace/actions/junit-report-action
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v3
+        if: always() # always run even if the previous step fails
+        with:
+          report_paths: "${{ inputs.junit-test-folder }}/*.xml"
+          require_tests: ${{ inputs.expect-tests }}
+
+          # Workaround for check that is additionally created being associated
+          # to the wrong workflow/run. Instead not additional check is created.
+          # See https://github.com/mikepenz/action-junit-report/issues/40
+          annotate_only: true
+          detailed_summary: true
+          fail_on_failure: true # in case of critical security vulnerabilities, also required for Slack notification if only tests fail
+
+      #
+      # Report build failure to Slack
+      #
+
+        # https://github.com/marketplace/actions/slack-notify-build
+      - name: Notify slack fail
+        if: ${{ inputs.notify-failure && failure() }}
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1
+        with:
+          channel: build-failures
+          status: FAILED
+          color: danger