ci: add ci pipeline and issue templates

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,43 @@
+name: "🐞 Bug report"
+description: Create a report to help us improve
+labels: ["pending triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to fill out this bug report!
+        
+        Please carefully read the contribution docs before creating a bug report
+        👉 https://github.com/benny123tw/vite-integration/blob/main/CONTRIBUTING.md
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is. What is the current behaviour vs. what do you expect to happen? If you intend to submit a PR for this issue, tell us in the description. Thanks!
+      placeholder: Bug description
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Library version(s) affected
+      description: What library version did you experience this bug with? Which versions are affected (when known)?
+    validations:
+      required: true
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce
+      description: Please describe how we can reproduce the behavior.
+  - type: textarea
+    id: additonal
+    attributes:
+      label: Additional context, environment
+      description: If applicable, add any other context about the problem here. This could also include technical context and environment information such as e.g. OS, Java version, language.
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: |
+        Optional if provided reproduction. Please try not to insert an image but copy paste the log text.
+      render: shell-script

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 💬 Discussions
+    url: https://github.com/benny123tw/vite-integration/discussions
+    about: Use discussions if you have another issue, an idea for improvement or for asking questions.

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -0,0 +1,36 @@
+name: "🚀 Feature request"
+description: Suggest an idea for this project
+labels: ["pending triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to fill out this feature request!
+
+        Please carefully read the contribution docs before suggesting a new feature
+        👉 https://github.com/benny123tw/vite-integration/blob/main/CONTRIBUTING.md
+  - type: textarea
+    id: feature-description
+    attributes:
+      label: Describe the feature
+      description: A clear and concise description of what you think would be a helpful addition, including the possible use cases and alternatives you have considered. If you have a working prototype that implements it, please include a link.
+      placeholder: Feature description
+    validations:
+      required: true
+  - type: checkboxes
+    id: additional-info
+    attributes:
+      label: Additional information
+      description: Additional information that helps us decide how to proceed.
+      options:
+        - label: Would you be willing to help implement this feature?
+  - type: checkboxes
+    id: required-info
+    attributes:
+      label: Final checks
+      description: Before submitting, please make sure you do the following
+      options:
+        - label: Read the [contribution guide](https://github.com/benny123tw/vite-integration/blob/main/CONTRIBUTING.md).
+          required: true
+        - label: Check existing [discussions](https://github.com/benny123tw/vite-integration/discussions) and [issues](https://github.com/benny123tw/vite-integration/issues).
+          required: true

.github/workflows/1.pipeline.yml

@@ -0,0 +1,84 @@
+name: "> Main Pipeline"
+
+on:
+  push:
+    branches: [ "main" ]
+    tags:
+      - '*'
+  pull_request:
+    branches: ['*']
+  workflow_dispatch:
+    inputs:
+      type:
+        description: 'Release Library'
+        required: true
+        default: '...no release'
+        type: choice
+        options:
+          - '...no release'
+          - major
+          - minor
+          - patch
+
+jobs:
+
+  build:
+    name: Build + unit tests
+    uses: ./.github/workflows/callable.build.yml
+    if: | # avoid unnecessary pipeline runs during artifact release process ('gradle release plugin')
+      !contains(github.event.head_commit.message, '[Gradle Release Plugin] - pre tag commit')
+      || github.ref_type == 'tag'
+
+  code_analysis:
+    name: Code Analysis (multi)
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/callable.code-analysis.yml
+    needs: build
+    if: |
+      github.event_name != 'workflow_dispatch'
+      || inputs.type == '...no release'
+
+#  integration_test:
+#    name: Integration tests
+#    uses: ./.github/workflows/callable.integration-test.yml
+#    needs: build
+
+  gradle_release:
+    name: Create release
+    uses: ./.github/workflows/callable.gradle-release.yml
+    secrets: inherit
+    with:
+      type: ${{ inputs.type }}
+#    needs: integration_test
+    if: |
+      github.event_name == 'workflow_dispatch'
+      && inputs.type != '...no release'
+
+  publish_sonatype:
+    name: Publish artifact (Maven Central)
+    uses: ./.github/workflows/callable.publish-sonatype.yml
+    secrets: inherit
+    needs: integration_test
+    if: |
+      (
+        github.event_name != 'workflow_dispatch'
+        || inputs.type == '...no release'
+      ) && ( 
+        github.ref == 'refs/heads/main' 
+        || github.ref_type == 'tag' 
+      )
+
+  publish_javadoc:
+    name: Publish javadoc (GitHub Pages)
+    permissions:
+      contents: write
+    uses: ./.github/workflows/callable.publish-javadoc.yml
+    needs: integration_test
+    if: |
+      (
+        github.ref == 'refs/heads/main'
+        && ( inputs.type == '' || inputs.type == '...no release' )
+      ) || github.ref_type == 'tag' 

.github/workflows/2.scheduled.code-analysis.yml

@@ -0,0 +1,15 @@
+name: ">> Scheduled Code Analysis"
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '23 1 * * 6' # weekly, on Saturday at 01:23 UTC
+
+jobs:
+  code_analysis:
+    name: Code Analysis (multi)
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/callable.code-analysis.yml

.github/workflows/callable.build.yml

@@ -0,0 +1,30 @@
+name: Gradle Build
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    name: gradle build test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout project sources
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: '21'
+      - uses: gradle/wrapper-validation-action@v3
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3.3.2
+        with:
+          cache-write-only: true
+      - name: Run build (incl. test)
+        run: ./gradlew build -x intTest --no-daemon
+
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v4
+        if: success() || failure() # always run even if the previous step fails
+        with:
+          report_paths: '**/build/test-results/test/TEST-*.xml'

.github/workflows/callable.code-analysis.codeql.yml

@@ -0,0 +1,56 @@
+name: CodeQL Analysis
+
+on:
+  workflow_call:
+
+jobs:
+  analyze:
+    name: CodeQL Analysis
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners
+    # Consider using larger runners for possible analysis time improvements.
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: java
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+          queries: security-extended,security-and-quality
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: '21'
+      - uses: gradle/wrapper-validation-action@v3
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3.3.2
+        with:
+          cache-read-only: true
+      - name: Run build with Gradle Wrapper
+        run: |
+          ./gradlew build -x intTest --no-daemon
+          # ignore ./.gradle folder for analysis
+          rm -Rf .gradle
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/callable.code-analysis.trivy.yml

@@ -0,0 +1,44 @@
+name: Trivy Security Scan
+
+on:
+  workflow_call:
+
+jobs:
+  analyze:
+    name: Trivy scan (JVM)
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: '21'
+      - uses: gradle/wrapper-validation-action@v3
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3.3.2
+        with:
+          cache-read-only: true
+
+      - name: Generate gradle.lockfile for trivy scan
+        run: gradle dependencies --write-locks
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          severity: 'CRITICAL,HIGH'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/callable.code-analysis.yml

@@ -0,0 +1,20 @@
+name: Code Analysis
+
+on:
+  workflow_call:
+
+jobs:
+  github_codeql_analysis:
+    name: GitHub CodeQL Analysis
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/callable.code-analysis.codeql.yml
+  trivy_scan:
+    name: Trivy Security Scan
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/callable.code-analysis.trivy.yml