Add GitHub action workflow

[kgibm]

No description provided.

[kgibm]

@krumts This should do a build on a push or pull request. Example success: https://github.com/kgibm/mat/actions/runs/9195053726/job/25289958928

[krumts]

Thanks @kgibm,

We are indeed lacking the functionality to have builds on PRs and automated validation.
In the gitlab issue for moving MAT to Github, there was a proposal from the webmasters [1] how this could be done on our existing jenkins. Did you have a look at it?

While I think it is very convenient to have automated builds for PRs, I still have some concerns to allow builds (executing code) for changes none of the committers have reviewed. I assume sooner or later this would be misused. I was wondering if having a convenient way for the committers to trigger builds for the PRs after reviewing the changes would be a better approach. What are your thoughts on that?

If we decide to have the automated PR builds, then I guess the next thing to decide is if we use Github Actions (i.e. this PR) or if we should stick to our Jenkins jobs.
For the changes merged to master, I think we need to stick to building on the Eclipse Jenkins, as there we have the integrated some further steps (signing, publishing snapshots, ...).
I wonder if it is reasonable to have the PR builds and the "normal" builds done on two different environments - looking at your changes, using Github actions doesn't seem complicated, but we would still need to maintain both builds.

I don't have a strong opinion here and would be interested to hear your and the other MAT committers thoughts.

@jasonk000, @ajohnson1 ^^

[1] https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4584#note_2305497

[kgibm]

Ahh, I missed that discussion, makes sense. I have no strong preference. I know that it's possible to do things like signing, etc. in GitHub Actions by packaging the necessary keys, etc. in a secure way into envars, but I understand that would require development and testing.

[jasonk000]

My thoughts here: I think consolidating to GH Actions is more comfortable, since we have the opportunity to keep all of our code in one place. However, part of it is that I'm much less familiar with the Eclipse CI stack, so things take a little longer for me to understand.

Regards code execution in CI, I think that's well-managed by Github themselves. This article helps to explain some things that I assume they still do.

https://github.blog/open-source/maintainers/github-actions-update-helping-maintainers-combat-bad-actors/#new-features-to-help-protect-maintainers

[kgibm]

Could we have both where GitHub actions are used as a way to quickly see if a PR passes the test but then the Jenkins flow continues to be used for the main build tooling, signing artifacts, etc.?