fix: enable github workflows

Signed-off-by: Phil Adams <phil_adams@us.ibm.com>

Author: padamstx

.github/workflows/build.yaml

@@ -0,0 +1,92 @@
+# This workflow will build and unit test the project.
+# If the workflow is running on the "main" branch, then
+# semantic-release is also run to create a new release (if
+# warranted by the new commits being built).
+
+name: Build/Test
+
+on:
+  push:
+    branches: [ '**' ]
+  pull_request:
+    branches: [ '**' ]
+  workflow_dispatch:
+    # Allow workflow to be triggered manually.
+
+jobs:
+  detect-secrets:
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    name: Detect-Secrets
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install detect-secrets
+        run: |
+          pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
+
+      - name: Run detect-secrets
+        run: |
+          detect-secrets scan --update .secrets.baseline
+          detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline
+
+  build:
+    needs: detect-secrets
+    name: Build/Test (Java ${{matrix.java-version}})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: ['11', '17']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Java ${{matrix.java-version}}
+        uses: actions/setup-java@v4 
+        with:
+          java-version: ${{matrix.java-version}}
+          distribution: 'adopt'
+          cache: 'maven'
+
+      - name: Build & Test
+        run: mvn -B clean verify -fae -DskipITs
+
+  create-release:
+    needs: build
+    name: Semantic-Release
+    if: "github.ref_name == 'main' && github.event_name != 'pull_request'"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install Publishing Tools
+        run: |
+          pip install bump-my-version
+          npm install
+
+      - name: Run semantic-release
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: npm run semantic-release

.github/workflows/publish.yaml

@@ -0,0 +1,58 @@
+# This workflow is responsible for:
+# - publishing artifacts to Maven Central
+# - building and publishing javadocs to the git repository.
+# It is triggered when a new release is created.
+
+name: Publish
+
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+    # Allow this workflow to be triggered manually
+
+jobs:
+  publish:
+    name: Publish Release
+    runs-on: ubuntu-latest
+ 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'adopt'
+          cache: 'maven'
+          # Configure ~/.m2/settings.xml
+          server-id: ossrh
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_PASSWORD
+          # Import GPG key into build agent's local keystore
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Set artifact version to ${{ github.ref_name }}
+        run: mvn -B versions:set -DnewVersion=${{ github.ref_name}} -DgenerateBackupPoms=false
+
+      - name: Publish Javadocs
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          GH_REPO_SLUG: ${{ github.repository }}
+          GH_TAG: ${{ github.ref_name}}
+        run: |
+          mvn -B clean javadoc:aggregate
+          build/publishJavadoc-gha.sh
+
+      - name: Publish to Maven Central
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          mvn -B deploy -DskipTests -P central

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-10-23T11:25:21Z",
+  "generated_at": "2025-01-09T17:12:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -65,6 +65,16 @@
     }
   ],
   "results": {
+    ".github/workflows/publish.yaml": [
+      {
+        "hashed_secret": "87ddb19c18c56534a4011f47f38530f6df9a8a80",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 34,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "modules/context-based-restrictions/src/test/java/com/ibm/cloud/platform_services/context_based_restrictions/v1/ContextBasedRestrictionsIT.java": [
       {
         "hashed_secret": "125fbc14773f228e72f16d55be21bad750d30b19",

pom.xml

@@ -20,7 +20,7 @@
         -->
 
         <!-- This is the version associated with the Java core. -->
-        <sdk-core-version>9.22.0</sdk-core-version>
+        <sdk-core-version>9.22.2</sdk-core-version>
 
         <testng-version>7.10.2</testng-version>
         <okhttp3-version>4.12.0</okhttp3-version>