Initial project setup (#1)

Co-authored-by: kaklakariada <kaklakariada@users.noreply.github.com>

Author: kaklakariada

.github/workflows/broken_links_checker.yml

@@ -0,0 +1,23 @@
+name: Broken Links Checker
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure broken links checker
+        run: |
+          mkdir -p ./target
+          echo '{ "aliveStatusCodes": [429, 200] }' > ./target/broken_links_checker.json
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'yes'
+          config-file: ./target/broken_links_checker.json

.github/workflows/build.yml

@@ -0,0 +1,81 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  matrix-build:
+
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: true
+      matrix:
+        java: [17]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        include:
+          - os: ubuntu-latest
+            java: 21
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-os-${{ matrix.os }}-java-${{ matrix.java }}
+      cancel-in-progress: true
+
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        shell: "bash"
+    name: "Build on ${{ matrix.os }} with Java ${{ matrix.java }}"
+    env:
+      DEFAULT_JAVA: 17
+      DEFAULT_OS: ubuntu-latest
+
+    steps:
+
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: |
+          17
+          21
+        cache: 'maven'
+
+    - name: Cache SonarQube packages
+      if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java }}
+      uses: actions/cache@v4
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+
+    - name: Build with Java ${{ matrix.java }}
+      run: |
+        mvn --batch-mode -T 1C clean org.jacoco:jacoco-maven-plugin:prepare-agent install \
+            -Djava.version=${{ matrix.java }}
+
+    - name: Sonar analysis
+      if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }}
+      run: |
+        mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dsonar.token=$SONAR_TOKEN
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+    - name: Verify reproducible build
+      run: |
+        mvn --batch-mode -T 1C clean verify artifact:compare -DskipTests \
+            -Djava.version=${{ matrix.java }}
+
+  build:
+    needs: matrix-build
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Build successful"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 4 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: 17
+        cache: 'maven'
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: java
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3

.github/workflows/github_release.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+base_dir="$( cd "$(dirname "$0")/../.." >/dev/null 2>&1 ; pwd -P )"
+readonly base_dir
+readonly pom_file="$base_dir/parent/pom.xml"
+
+# Read project version from pom file
+project_version=$(grep "<revision>" "$pom_file" | sed --regexp-extended 's/\s*<revision>(.*)<\/revision>\s*/\1/g')
+readonly project_version
+echo "Read project version '$project_version' from $pom_file"
+
+# Calculate checksum
+readonly artifact_path="$base_dir/product/target/openfasttrace-${project_version}.jar"
+echo "Calculate sha256sum for file '$artifact_path'"
+file_dir="$(dirname "$artifact_path")"
+readonly file_dir
+file_name=$(basename "$artifact_path")
+readonly file_name
+cd "$file_dir"
+readonly checksum_file_name="${file_name}.sha256"
+sha256sum "$file_name" > "$checksum_file_name"
+readonly checksum_file_path="$file_dir/$checksum_file_name"
+cd "$base_dir"
+
+
+# Create GitHub release
+readonly changes_file="$base_dir/doc/changes/changes_${project_version}.md"
+notes=$(cat "$changes_file")
+readonly notes
+
+readonly title="Release $project_version"
+readonly tag="$project_version"
+echo "Creating release:"
+echo "Git tag      : $tag"
+echo "Title        : $title"
+echo "Changes file : $changes_file"
+echo "Artifact file: $artifact_path"
+echo "Checksum file: $checksum_file_path"
+
+release_url=$(gh release create --latest --title "$title" --notes "$notes" --target main "$tag" "$artifact_path" "$checksum_file_path")
+readonly release_url
+echo "Release URL: $release_url"

.github/workflows/release.yml

@@ -0,0 +1,63 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      skip-deploy-maven-central:
+        description: "Skip deployment to Maven Central"
+        required: true
+        type: boolean
+        default: false
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: "bash"
+    concurrency:
+      group: ${{ github.workflow }}
+      cancel-in-progress: false
+    permissions:
+      contents: write # Required for creating GitHub release
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Fail if not running on main branch
+        if: ${{ github.ref != 'refs/heads/main' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main')
+
+      - name: Set up Maven Central Repository
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: 17
+          cache: "maven"
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Build
+        run: mvn --batch-mode -T 1C clean install
+
+      - name: List secret GPG keys
+        run: gpg --list-secret-keys
+
+      - name: Publish to Maven Central Repository
+        if: ${{ !inputs.skip-deploy-maven-central }}
+        run: mvn --batch-mode deploy -Possrh -DstagingDescription="Deployed via GitHub workflow release.yml"
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+
+      - name: Create GitHub Release
+        run: ./.github/workflows/github_release.sh
+        env:
+          GH_TOKEN: ${{ github.token }}

.gitignore

@@ -0,0 +1,6 @@
+/.settings/org.eclipse.core.resources.prefs
+/.settings/org.eclipse.jdt.apt.core.prefs
+/.settings/org.eclipse.m2e.core.prefs
+/target/
+/.classpath
+/.project