ci: update workflow

Author: mvallim

.github/workflows/cd-deploy.yml

@@ -0,0 +1,79 @@
+name: Publish package to the Maven Central Repository
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: Environment
+        type: string
+        required: true
+
+jobs:
+  publish:
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 8
+          distribution: 'corretto'
+          server-id: sonatype-central
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_TOKEN
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-deploy-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-deploy-${{ hashFiles('**/pom.xml') }}
+
+      - name: Configure Git user
+        run: |
+          git config user.email "actions@github.com"
+          git config user.name "GitHub Actions"
+
+      - name: Publish Snapshot to the Maven Central Repository
+        if: ${{ inputs.environment == 'snapshot' }}
+        run: |
+          mvn deploy -P snapshot
+        env:
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
+
+      - id: release-vars
+        if: ${{ inputs.environment == 'release' }}
+        name: Set output variables
+        run: |
+          RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | grep -e '^[^\[]' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+          RELEASE_TAG=v${RELEASE_VERSION}
+
+          echo "release-version=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+          echo "release-tag=$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Publish Release to the Maven Central Repository
+        if: ${{ inputs.environment == 'release' }}
+        run: |
+          mvn -B release:prepare -P release
+          git push origin tag $RELEASE_TAG
+          mvn -B release:perform -P release
+        env:
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
+          RELEASE_VERSION: ${{ steps.release-vars.outputs.release-version }}
+          RELEASE_TAG: ${{ steps.release-vars.outputs.release-tag }}
+
+      - name: Create Release
+        if: ${{ inputs.environment == 'release' }}
+        run: |
+          gh release create ${RELEASE_TAG} --generate-notes  
+        env:
+          RELEASE_TAG: ${{ steps.release-vars.outputs.release-tag }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/cd-integration.yml

@@ -0,0 +1,58 @@
+name: Build, Gates and Pull Request
+
+on:
+  pull_request:
+    branches: 
+      - develop
+    types:
+      - closed
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  variables:
+    if: ${{ github.event.pull_request.merged == true }}
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.environment.outputs.version }}
+      target-branch: ${{ steps.environment.outputs.target-branch }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: "corretto"
+          cache: "maven"
+
+      - id: environment
+        name: Set output environment passed to the reusable workflow
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | grep -e '^[^\[]' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "target-branch=release/$VERSION" >> $GITHUB_OUTPUT
+
+  ci:
+    needs: variables
+    uses: ./.github/workflows/ci-maven.yml
+    secrets: inherit
+
+  gates:
+    needs: ci
+    if: success()
+    uses: ./.github/workflows/ci-gates.yml
+    secrets: inherit
+
+  pull-request:
+    needs: [gates, variables]
+    uses: ./.github/workflows/ci-pull-request.yml
+    secrets: inherit
+    with:
+      type: Snapshot
+      labels: automatic,snapshot
+      source-branch: master
+      target-branch: ${{ needs.variables.outputs.target-branch }}

.github/workflows/cd-release.yml

@@ -0,0 +1,25 @@
+name: Build and Publish Release
+
+on:
+  pull_request:
+    branches: 
+      - master
+    types:
+      - closed
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  ci:
+    if: ${{ github.event.pull_request.merged == true }}
+    uses: ./.github/workflows/ci-maven.yml
+    secrets: inherit
+
+  release:
+    needs: ci
+    uses: ./.github/workflows/cd-deploy.yml
+    secrets: inherit
+    with:
+      environment: release

.github/workflows/cd-snapshot.yml

@@ -0,0 +1,35 @@
+name: Build, Publish Snapshot and Pull Request
+
+on:
+  pull_request:
+    branches: 
+      - release/**
+    types:
+      - closed
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  ci:
+    if: ${{ github.event.pull_request.merged == true }}
+    uses: ./.github/workflows/ci-maven.yml
+    secrets: inherit
+
+  snapshot:
+    needs: ci
+    uses: ./.github/workflows/cd-deploy.yml
+    secrets: inherit
+    with:
+      environment: snapshot
+
+  pull-request:
+    needs: snapshot
+    uses: ./.github/workflows/ci-pull-request.yml
+    secrets: inherit
+    with:
+      type: Release
+      labels: automatic,release
+      source-branch: master
+      target-branch: master

.github/workflows/ci-gates.yml

@@ -0,0 +1,36 @@
+name: SonarCloud
+
+on:
+  workflow_call:
+
+jobs:
+  sonarcloud:
+    environment: sonarcloud
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: "corretto"
+          cache: "maven"
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.sonar/cache
+            ~/.m2
+          key: ${{ runner.os }}-sonar-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-sonar-${{ hashFiles('**/pom.xml') }}
+
+      - name: Build and analyze
+        run: mvn -B verify sonar:sonar -P sonar
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-maven.yml

@@ -0,0 +1,57 @@
+name: Java CI with Maven
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: [8, 11, 17, 21]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          distribution: "corretto"
+          cache: "maven"
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }}
+          restore-keys: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }}
+
+      - name: Compile with Maven
+        run: mvn -T 2C clean generate-sources compile --file pom.xml
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: [8, 11, 17, 21]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          distribution: "corretto"
+          cache: "maven"
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-test-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }}
+          restore-keys: ${{ runner.os }}-test-${{ hashFiles('**/pom.xml') }}-${{ matrix.java-version }}
+
+      - name: Test with Maven
+        run: mvn -T 2C test-compile test --file pom.xml

.github/workflows/ci-pull-request.yml

@@ -0,0 +1,72 @@
+name: Create Pull Request
+
+on:
+  workflow_call:
+    inputs:
+      source-branch:
+        description: Source branch
+        type: string
+        required: true
+      target-branch:
+        description: Target branch
+        type: string
+        required: true
+      labels:
+        description: Labels to PR
+        type: string
+        required: true
+      type:
+        description: PR Type
+        type: string
+        required: true
+
+jobs:
+  open-pr:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Create branch
+      run: |
+        REPO="${{ github.repository }}"
+        BRANCH="${{ inputs.target-branch }}"
+        BASE="${{ inputs.source-branch }}"
+
+        echo "Checking if branch '$BRANCH' exists in repository '$REPO'..."
+
+        if gh api "repos/$REPO/branches/$BRANCH" --silent >/dev/null 2>&1; then
+            echo "Branch '$BRANCH' already exists."
+        else
+          echo "Branch '$BRANCH' does not exist. It will be created from '$BASE'."
+
+          BASE_SHA=$(gh api "repos/$REPO/git/ref/heads/$BASE" --jq .object.sha)
+
+          if [ -z "$BASE_SHA" ]; then
+            echo "Error: Could not retrieve the SHA of base branch '$BASE'"
+            exit 1
+          fi
+
+          gh api --method POST "repos/$REPO/git/refs" \
+            -f ref="refs/heads/$BRANCH" \
+            -f sha="$BASE_SHA"
+
+          echo "Branch '$BRANCH' successfully created!"
+        fi
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Create Pull Request (${{ inputs.type }})
+      uses: peter-evans/create-pull-request@v7
+      with:
+        title: Auto-created pull request into `${{ inputs.target-branch }}` from `${{ github.ref_name }}`
+        token: ${{ secrets.GITHUB_TOKEN }}
+        committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
+        author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
+        commit-message: Auto Pull Request (${{ inputs.type }})
+        body: Auto-created Pull Request
+        branch: ${{ github.ref }}
+        base: ${{ inputs.target-branch }}
+        labels: ${{ inputs.labels }}
+        assignees: ${{ github.actor }}
+        reviewers: mvallim