Add GitHub Actions and Renovate

.github/renovate.json

@@ -0,0 +1,64 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    ":dependencyDashboard",
+    "github>whitesource/merge-confidence:beta"
+  ],
+  "packageRules": [
+    {
+      "matchManagers": [
+        "maven"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch",
+        "pin",
+        "digest"
+      ],
+      "automerge": true
+    },
+    {
+      "matchDepTypes": [
+        "devDependencies"
+      ],
+      "automerge": true
+    },
+    {
+      "excludePackageNames": [
+        "javax.xml.bind:jaxb-api"
+      ],
+      "exclude": true
+    },
+    {
+      "excludePackageNames": [
+        "com.sun.xml.bind:jaxb-core",
+        "com.sun.xml.bind:jaxb-impl"
+      ],
+      "exclude": true
+    },
+    {
+      "matchSourceUrlPrefixes": [
+        "https://github.com/junit-team/junit5"
+      ],
+      "groupName": "junit5 monorepo",
+      "automerge": true
+    }
+  ],
+  "vulnerabilityAlerts": {
+    "labels": [
+      "security"
+    ],
+    "automerge": true
+  },
+  "lockFileMaintenance": {
+    "enabled": true,
+    "automerge": true
+  },
+  "rangeStrategy": "auto",
+  "dependencyDashboard": true,
+  "github-actions": {
+    "enabled": true,
+    "automerge": true
+  }
+}

.github/settings.xml

@@ -0,0 +1,12 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+    <servers>
+        <server>
+            <id>ossrh</id>
+            <username>${env.MAVEN_USERNAME}</username>
+            <password>${env.MAVEN_PASSWORD}</password>
+        </server>
+    </servers>
+
+</settings>

.github/workflows/build-and-release-snapshot.yml

@@ -0,0 +1,68 @@
+name: Build and Publish Snapshot
+
+on:
+  push:
+    branches:
+      - master
+    tags-ignore:
+      - '**'
+    paths-ignore:
+      - '**.md'
+
+env:
+  MAVEN_OPTS: ${{ vars.MAVEN_OPTS }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          cache: maven
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build with Maven
+        run: mvn --batch-mode --update-snapshots package
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.OSSRH_GPG_SECRET_KEY }}" | base64 --decode | gpg --import --batch
+
+      - name: Publish Snapshot to OSS SonaType
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USER }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          OSSRH_GPG_SECRET_KEY_ID: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }}
+          OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+        run: |
+          mvn --batch-mode --no-transfer-progress deploy \
+            -DskipTests \
+            -P oss-sonatype \
+            -Dgpg.keyname=${OSSRH_GPG_SECRET_KEY_ID} \
+            -Dgpg.passphrase=${OSSRH_GPG_SECRET_KEY_PASSWORD}
+
+      - name: Notify on success
+        if: success()
+        run: |
+          echo "Snapshot has been successfully deployed to OSS SonaType."
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "Snapshot deployment failed. Please check the logs for more information."

.github/workflows/build-and-verify-pr.yml

@@ -0,0 +1,32 @@
+name: Verify PRs
+
+on:
+  pull_request:
+    branches:
+      - master
+    tags-ignore:
+      - '**'
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          cache: maven
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Prepare Maven settings.xml
+        run: |
+          cat "${{ github.workspace }}/.github/settings.xml" > ~/.m2/settings.xml
+
+      - name: Build with Maven
+        run: mvn --batch-mode --update-snapshots verify

.github/workflows/coverage-and-sonar-analysis.yml

@@ -0,0 +1,44 @@
+name: Coverage and Sonar Analysis
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  sonarcloud:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build, Test, and Analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
+        run: |
+          mvn --batch-mode --no-transfer-progress clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -P coverage \
+            -Dsonar.projectKey=descoped_service-provider-api \
+            -Dsonar.organization=descoped \
+            -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml

.github/workflows/manual-github-release-trigger.yml

@@ -0,0 +1,77 @@
+name: Manual GitHub Release Trigger
+
+on:
+  workflow_dispatch:
+
+env:
+  MAVEN_OPTS: ${{ vars.MAVEN_OPTS }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          cache: maven
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Get Maven Project Version
+        run: |
+          echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
+
+      - name: Manual Release Approval
+        uses: trstringer/[email protected]
+        timeout-minutes: 60
+        with:
+          secret: ${{ github.TOKEN }}
+          approvers: oranheim
+          issue-title: "Approve release of ${{ env.RELEASE_VERSION }}"
+
+      - name: Configure Git User
+        run: |
+          git config user.email "[email protected]"
+          git config user.name "GitHub Actions"
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.OSSRH_GPG_SECRET_KEY }}" | base64 --decode | gpg --import --batch
+
+      - name: Release with Maven
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USER }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          OSSRH_GPG_SECRET_KEY_ID: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }}
+          OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+        run: |
+          mvn --batch-mode release:clean release:prepare release:perform \
+            -Darguments="-DskipTests -Dgpg.keyname=${OSSRH_GPG_SECRET_KEY_ID} -Dgpg.passphrase=${OSSRH_GPG_SECRET_KEY_PASSWORD}" \
+            -DskipTests \
+            -P oss-sonatype
+
+      - name: Notify on success
+        if: success()
+        run: |
+          echo "Release ${{ env.RELEASE_VERSION }} has been successfully deployed to Maven Central."
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "Release ${{ env.RELEASE_VERSION }} failed. Please check the logs for more information."

pom.xml

@@ -16,6 +16,7 @@
     <properties>
         <java.version>11</java.version>
         <module.build.sourceEncoding>UTF-8</module.build.sourceEncoding>
+        <sonar.projectKey>descoped_service-provider-api</sonar.projectKey>
 
         <slf4j.version>2.0.16</slf4j.version>
     </properties>
@@ -146,6 +147,7 @@
                 <sonar.coverage.jacoco.xmlReportPaths>
                     target/site/jacoco/jacoco.xml
                 </sonar.coverage.jacoco.xmlReportPaths>
+                <!-- sonar.coverage.exclusions>**/model/*.java,**/config/*.java</sonar.coverage.exclusions -->
             </properties>
             <build>
                 <plugins>
@@ -168,6 +170,7 @@
                             </execution>
                             <execution>
                                 <id>report</id>
+                                <phase>prepare-package</phase>
                                 <goals>
                                     <goal>report</goal>
                                 </goals>

sonar-project.properties

@@ -0,0 +1,3 @@
+sonar.organization=descoped
+sonar.projectKey=descoped_service-provider-api
+sonar.sources=.