Add basic CI github actions script

Note: this commit includes fixing an issue in pom.xml: renaming groupId

.github/workflows/basic.yaml

@@ -0,0 +1,26 @@
+name: Basic Verifications
+
+on:
+  push:
+    branches: [main, develop]
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  basic-verifications:
+    name: Verify code format and run tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Verify code and apply tests
+        run: ./mvnw verify

.github/workflows/code-analysis.yaml

@@ -0,0 +1,64 @@
+name: Code Analysis
+
+on:
+  push:
+    branches: [main, develop]
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Perform the scan
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./mvnw verify -B sonar:sonar -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
+
+  code-ql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['java-kotlin']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Build with Maven
+        run: ./mvnw compile
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

configs/git-hooks/pre-commit

@@ -4,7 +4,7 @@
 #
 
 # Run the Maven verify command
-./mvnw verify --offline
+./mvnw  spotless:apply verify --offline
 
 # Capture exit status of Maven command
 RESULT=$?

pom.xml

@@ -8,7 +8,7 @@
 		<version>3.2.8</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
-	<groupId>com.example</groupId>
+	<groupId>com.frg</groupId>
 	<artifactId>car-service-rest-api</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
@@ -29,6 +29,7 @@
 	</scm>
 	<properties>
 		<java.version>17</java.version>
+		<sonar.host.url>https://sonarcloud.io</sonar.host.url>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -121,7 +122,7 @@
 						<id>spotless-validate</id>
 						<phase>validate</phase>
 						<goals>
-							<goal>apply</goal>
+							<goal>check</goal>
 						</goals>
 					</execution>
 				</executions>
@@ -163,6 +164,11 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.sonarsource.scanner.maven</groupId>
+				<artifactId>sonar-maven-plugin</artifactId>
+				<version>4.0.0.4121</version>
+			</plugin>
 		</plugins>
 	</build>
 </project>