#1835 Set up ci on the Github Actions

- testing
- coverage
- qodana analysis
- codeql analysis
- dependabot

Some of these may not work yet, because integrations are not installed

.github/dependabot.yml

@@ -0,0 +1,17 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "02:00"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "02:00"

.github/workflows/_build_plugins.yml

@@ -0,0 +1,40 @@
+# reusable workflow for building and uploading plugins
+# This workflow will build a Java project with Gradle
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+name: Plugins
+
+on:
+  workflow_call:
+
+jobs:
+  build-plugins:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      ORG_GRADLE_PROJECT_downloadIdeaSources: false
+      CI: GitHub
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: 21
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          cache-read-only: true
+
+      - name: Build plugins
+        run: |
+          ./gradlew buildPlugin --console plain
+
+      - name: Upload Plugins
+        uses: actions/upload-artifact@v4
+        with:
+          name: plugins
+          path: |
+            ./build/distributions/*.zip

.github/workflows/_codeql.yml

@@ -0,0 +1,62 @@
+# Re-usable workflow for codeQl
+name: "CodeQL"
+
+on:
+  workflow_call:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: 21
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: "java"
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          cache-read-only: true
+
+      - name: Make jars
+        run: |
+          ./gradlew jar --console plain
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+      # - run: |
+      #   echo "Run, Build Application using script"
+      #   ./location_of_script_within_repo/buildscript.sh
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/_coverage.yml

@@ -0,0 +1,64 @@
+# re-usable workflow to merge and process coverage
+name: Coverage
+
+on:
+  workflow_call:
+
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    env:
+      ORG_GRADLE_PROJECT_downloadIdeaSources: false
+      CI: GitHub
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+
+      - name: Set up JDK 21
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: 21
+
+      - uses: actions/download-artifact@v4
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        name: Tests Coverage
+        with:
+          path: ./coverage
+
+      - name: Setup Gradle
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          cache-read-only: true
+
+      - name: Make jar
+        run: |
+          ./gradlew jar
+
+      - name: Aggregate Coverage
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        run: ./gradlew jacocoRootReport --console plain
+
+      - name: Upload Aggregated Coverage Report
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage
+          path: |
+            ./build/jacoco/test.exec
+            ./build/reports/jacoco/jacocoRootReport/*
+
+      - name: Upload Coveralls Data
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        run: ./gradlew :coveralls --console plain
+
+      - name: Perform SonarCube Analysis
+        if: ${{ env.COVERALLS_REPO_TOKEN && env.SONAR_TOKEN }}
+        run: ./gradlew sonarqube --info --console plain

.github/workflows/_qodana.yml

@@ -0,0 +1,27 @@
+# Re-usable workflow for project analysis with qodana
+name: Qodana
+
+on:
+  workflow_call:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+      QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Qodana Scan
+        uses: JetBrains/[email protected]
+        env:
+          QODANA_LINTER: ${{ env.QODANA_TOKEN == '' && 'jetbrains/qodana-jvm-community' || 'jetbrains/qodana-jvm' }}
+        with:
+          use-caches: false
+          args: --baseline,.qodana/qodana.sarif.json,--linter,${{ env.QODANA_LINTER }}
+
+      - uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

.github/workflows/_tests.yml

@@ -0,0 +1,66 @@
+# re-usable workflow to run integration tests
+name: Tests
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+
+env:
+  ORG_GRADLE_PROJECT_downloadIdeaSources: false
+  CI: GitHub
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+  COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+  YOUTRACK_TOKEN: ${{ secrets.YOUTRACK_TOKEN }}
+
+jobs:
+  light-tests:
+    name: Light
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: 21
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          cache-read-only: true
+
+      - name: Setup Julia
+        uses: julia-actions/setup-julia@v2
+        with:
+          version: '1.10'
+          show-versioninfo: true
+
+      - name: Julia says Hello
+        run: julia -e 'println("Hello, World!")'
+
+      - name: Run tests
+        run: |
+          bash ./watcher.sh 3600 &
+          ./gradlew test --console plain "-Pyoutrack.token=${{ env.YOUTRACK_TOKEN && env.YOUTRACK_TOKEN || 'skip' }}"
+
+      - name: Upload Coverage Data
+        if: ${{ env.COVERALLS_REPO_TOKEN }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: light-tests-coverage-${{ inputs.os }}
+          path: |
+            **/jacoco/*.exec
+
+      - name: Upload Snapshots
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: light-snapshot-${{ inputs.os }}
+          path: |
+            ./snapshot.hprof
+            ./jinfo.txt
+            ./jstack.txt