feat: initial Version

.gitignore

@@ -0,0 +1,78 @@
+### Intellij+all template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser

action.yml

@@ -0,0 +1,141 @@
+---
+name: 'Setup Java environment'
+description: 'Initialise Java Environment and retrieve secrets from Vault'
+runs:
+  using: 'composite'
+  steps:
+    - name: Import Secrets
+      id: import-secrets
+      uses: https://github.com/hashicorp/vault-action@v2
+      with:
+        url: https://vault.w9r.dev
+        method: approle
+        roleId: ${{ secrets.VAULT_ROLE_ID }}
+        secretId: ${{ secrets.VAULT_SECRET_ID }}
+        secrets: |
+          kv/data/ci/nexus username | NEXUS_USERNAME ;
+          kv/data/ci/nexus password | NEXUS_PASSWORD ;
+          kv/data/ci/vulnz username | VULNZ_USERNAME ;
+          kv/data/ci/vulnz password | VULNZ_PASSWORD ;
+          kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
+          kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
+          kv/data/ci/releasebot gpgPassphrease | RELEASEBOT_PASSPHRASE ;
+          kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
+          kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
+          kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
+          kv/data/ci/signing gpgPassphrease | GPG_PASSPHRASE ;
+          kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
+          kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
+
+    - name: Set up Environment
+      run: |
+        apt update
+        apt install -y zip
+        mkdir -p /root/.jreleaser
+        mkdir -p /root/.m2
+        touch /root/.jreleaser/config.properties
+
+    - name: Install syft
+      uses: https://github.com/anchore/sbom-action/download-syft@v0
+      id: install_syft
+      with:
+        syft-version: v1.18.1
+
+    - name: maven-settings-xml-action
+      uses: https://github.com/whelk-io/maven-settings-xml-action@v22
+      with:
+        repositories: >
+          [
+            {
+              "id": "maven-releases",
+              "name": "Releases",
+              "url": "https://nexus.w9r.dev/repository/maven-releases",
+              "releases": {
+                "enabled": "true",
+                "updatePolicy": "always",
+                "checksumPolicy": "warn"
+              },
+              "snapshots": {
+                "enabled": "false",
+                "updatePolicy": "always",
+                "checksumPolicy": "fail"
+              }
+            },
+            {
+              "id": "maven-snapshots",
+              "name": "Snapshots",
+              "url": "https://nexus.w9r.dev/repository/maven-snapshots",
+              "releases": {
+                "enabled": "false",
+                "updatePolicy": "always",
+                "checksumPolicy": "warn"
+              },
+              "snapshots": {
+                "enabled": "true",
+                "updatePolicy": "always",
+                "checksumPolicy": "warn"
+              }
+            }
+          ]
+        servers: >
+          [
+            {
+              "id": "maven-group",
+              "username": "${{ env.NEXUS_USERNAME }}",
+              "password": "${{ env.NEXUS_PASSWORD }}"
+            },
+            {
+              "id": "maven-snapshots",
+              "username": "${{ env.NEXUS_USERNAME }}",
+              "password": "${{ env.NEXUS_PASSWORD }}"
+            },
+            {
+              "id": "maven-releases",
+              "username": "${{ env.NEXUS_USERNAME }}",
+              "password": "${{ env.NEXUS_PASSWORD }}"
+            },
+            {
+              "id": "vulnz",
+              "username": "${{ env.VULNZ_USERNAME }}",
+              "password": "${{ env.VULNZ_PASSWORD }}"
+            }
+          ]
+        mirrors: >
+          [
+            {
+              "id": "maven-group",
+              "name": "central",
+              "mirrorOf": "*",
+              "url": "https://nexus.w9r.dev/repository/maven-group/"
+            }
+          ]
+        plugin_groups: >
+          [
+            "org.sonarsource.scanner.maven"
+          ]
+        output_file: /root/.m2/settings.xml
+
+    - name: Setup Java
+      uses: https://github.com/actions/setup-java@v4
+      with:
+        distribution: 'temurin' # See 'Supported distributions' for available options
+        java-version: '21'
+        cache: 'maven'
+        check-latest: true
+
+
+    - name: Import Commit Signing GPG key
+      id: import-gpg
+      uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+      with:
+        gpg_private_key: ${{ env.RELEASEBOT_PRIVATE_KEY }}
+        passphrase: ${{ env.RELEASEBOT_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+
+    - name: GPG user IDs
+      run: |
+        echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
+        echo "keyid:       ${{ steps.import-gpg.outputs.keyid }}"
+        echo "name:        ${{ steps.import-gpg.outputs.name }}"
+        echo "email:       ${{ steps.import-gpg.outputs.email }}"