fix: add license

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [year] [fullname]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

action.yml

@@ -1,25 +1,29 @@
 ---
-name: Setup Java environment
+# SPDX-License-Identifier: MIT
-description: Initialize Java Environment and retrieve secrets from Vault
+name: "Setup Java environment"
+description: "Initialize Java Environment and retrieve secrets from Vault"
+author: Oliver Weyhmüller
 inputs:
-  vault-role-id:
+  roleid:
-    description: Role ID of Approle
+    description: "Role ID of Approle"
     required: true
-  vault-secret-id:
+    default: ""
-    description: Secret ID of Approle
+  secretid:
+    description: "Secret ID of Approle"
     required: true
+    default: ""
 runs:
-  using: composite
+  using: "composite"
   steps:
-    - name: Import Secrets
+    - name: "Import Secrets"
-      id: import-secrets
+      id: "import-secrets"
-      uses: https://github.com/hashicorp/vault-action@v3
+      uses: "https://github.com/hashicorp/vault-action@v3"
       with:
-        url: https://vault.w9r.dev
+        url: "https://vault.w9r.dev"
-        method: approle
+        method: "approle"
-        role: forgejo-ci
+        role: "forgejo-ci"
-        roleId: ${{ inputs.vault-role-id }}
+        roleId: "${{ inputs.roleid }}"
-        secretId: ${{ inputs.vault-secret-id }}
+        secretId: "${{ inputs.secretid }}"
         secrets: |
           kv/data/ci/nexus username | NEXUS_USERNAME ;
           kv/data/ci/nexus password | NEXUS_PASSWORD ;
@@ -27,16 +31,16 @@ runs:
           kv/data/ci/vulnz password | VULNZ_PASSWORD ;
           kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
           kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
-          kv/data/ci/releasebot gpgPassphrease | RELEASEBOT_PASSPHRASE ;
+          kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ;
           kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
           kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
           kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
-          kv/data/ci/signing gpgPassphrease | GPG_PASSPHRASE ;
+          kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ;
           kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
           kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
 
-    - name: Set up Environment
+    - name: "Set up Environment"
-      shell: bash
+      shell: "bash"
       run: |
         apt update
         apt install -y zip
@@ -44,14 +48,14 @@ runs:
         mkdir -p /root/.m2
         touch /root/.jreleaser/config.properties
 
-    - name: Install syft
+    - name: "Install syft"
-      uses: https://github.com/anchore/sbom-action/download-syft@v0
+      uses: "https://github.com/anchore/sbom-action/download-syft@v0"
-      id: install_syft
+      id: "install_syft"
       with:
-        syft-version: v1.18.1
+        syft-version: "v1.18.1"
 
-    - name: maven-settings-xml-action
+    - name: "maven-settings-xml-action"
-      uses: https://github.com/whelk-io/maven-settings-xml-action@v22
+      uses: "https://github.com/whelk-io/maven-settings-xml-action@v22"
       with:
         repositories: >
           [
@@ -124,26 +128,26 @@ runs:
           ]
         output_file: /root/.m2/settings.xml
 
-    - name: Setup Java
+    - name: "Setup Java"
-      uses: https://github.com/actions/setup-java@v4
+      uses: "https://github.com/actions/setup-java@v4"
       with:
-        distribution: temurin # See 'Supported distributions' for available options
+        distribution: "temurin"
         java-version: 21
-        cache: maven
+        cache: "maven"
         check-latest: true
 
 
-    - name: Import Commit Signing GPG key
+    - name: "Import Commit Signing GPG key"
-      id: import-gpg
+      id: "import-gpg"
-      uses: https://github.com/crazy-max/ghaction-import-gpg@v6
+      uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
       with:
-        gpg_private_key: ${{ env.RELEASEBOT_PRIVATE_KEY }}
+        gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}"
-        passphrase: ${{ env.RELEASEBOT_PASSPHRASE }}
+        passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}"
         git_user_signingkey: true
         git_commit_gpgsign: true
 
-    - name: GPG user IDs
+    - name: "GPG user IDs"
-      shell: bash
+      shell: "bash"
       run: |
         echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
         echo "keyid:       ${{ steps.import-gpg.outputs.keyid }}"