feat(ci): update CI workflows for release process and branch handling

Author: TheMeinerLP

.github/workflows/build-pr.yml

@@ -19,4 +19,4 @@ jobs:
           distribution: temurin
           java-version: 21
       - name: Build on ${{ matrix.os }}
-        run: ./gradlew clean build -x test
+        run: ./gradlew clean build

.github/workflows/close_invalid_prs.yml

@@ -6,9 +6,9 @@ on:
 
 jobs:
   run:
-    if: ${{ github.repository != github.event.pull_request.head.repo.full_name && github.head_ref == 'develop' }}
+    if: ${{ github.repository != github.event.pull_request.head.repo.full_name && github.head_ref == 'main' }}
     runs-on: ubuntu-latest
     steps:
       - uses: superbrothers/close-pull-request@v3
         with:
-          comment: "Please do not open pull requests from the `develop` branch, create a new branch instead."
+          comment: "Please do not open pull requests from the `main` branch, create a new branch instead."

.github/workflows/publish.yml

@@ -1,30 +1,67 @@
-name: Publish Attollo to platforms
-on:
+name: Release
+"on":
   push:
     branches:
-      - master
-      - develop
+      - main
+      - next
+      - beta
+      - alpha
+      - "*.x"
+
+permissions:
+  contents: read # for checkout
+
 jobs:
-  Publish:
-    name: 'Publish to EldoNexus, Modrinth and Hangar'
-    # Run on all label events (won't be duplicated) or all push events or on PR syncs not from the same repo
-    if: github.repository_owner == 'OneLiteFeatherNET'
+  release:
+    name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
     steps:
-      - name: Checkout Repository
+      - name: Checkout
         uses: actions/checkout@v5
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: "lts/*"
+      - name: Validate Gradle Wrapper
+        uses: gradle/actions/wrapper-validation@v5
       - name: Setup Java
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: temurin
-          cache: gradle
-          java-version: 17
-      - name: Publish to Jar
-        run: ./gradlew build publishAllPublicationsToHangar modrinth publish -x test
+          java-version: 24
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v5
+      - name: Install dependencies
+        run: npm clean-install
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
         env:
-          ELDO_USERNAME: "${{ secrets.ELDO_USERNAME }}"
-          ELDO_PASSWORD: "${{ secrets.ELDO_PASSWORD }}"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           HANGAR_SECRET: ${{secrets.HANGAR_KEY}}
           MODRINTH_TOKEN: ${{ secrets.MODRINTH_KEY }}
+          # Token with permissions to push to the client repository
+          CLIENT_REPO_TOKEN: ${{ secrets.CLIENT_REPO_TOKEN }}
+        run: npx semantic-release
+      - name: Get Version
+        id: get_version
+        run: echo "VERSION=$(cat VERSION.txt)" >> $GITHUB_ENV
+      - name: Upload BOM to Dependency-Track
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          projectname: "Attollo"
+          projectversion: ${{ env.VERSION }}
+          projecttags: 'bukkit,paper,plugin'
+          bomfilename: "build/reports/cyclonedx/bom.xml"
+          autocreate: true
+          parent: 'becbe738-ef2b-4333-bd13-477ab794d76a'