[NCL-9648 Implement] Scala workflows

.github/actions/sbt-build/action.yml

@@ -0,0 +1,50 @@
+name: "SBT build"
+description: "Set up SBT, and build the project"
+
+inputs:
+  java_version:
+    description: "The Java version to use to compile. Default: 8"
+    required: false
+    default: "8"
+  resolvers:
+    description: |
+      SBT resolvers to configure.
+      Expected format:
+      resolvers ++= Seq(
+        "nameA" at "urlA",
+        "nameB" at "urlB",
+        "nameC" at "urlC"
+      )
+    required: true
+  build_args:
+    description: "Args for SBT tool. Default: clean; compile; +test"
+    required: false
+    default: "clean; compile; +test"
+
+runs:
+  using: "composite"
+
+  steps:
+    - name: Setup JDK
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      with:
+        distribution: temurin
+        java-version: "${{ inputs.java_version }}"
+        cache: sbt
+
+    - name: Setup SBT
+      uses: sbt/setup-sbt@2e222825582620cc38d2a54e674f3c01b7c14f5d # v1.1.24
+
+    - name: Configure Resolvers
+      shell: bash
+      env:
+        RESOLVERS: ${{ inputs.resolvers }}
+      run: |
+        mkdir -p "$HOME/.sbt/1.0"
+        printf '%s\n' "$RESOLVERS" > "$HOME/.sbt/1.0/resolvers.sbt"
+
+    - name: Run SBT
+      shell: bash
+      env:
+        BUILD_ARGS: ${{ inputs.build_args }}
+      run: sbt -v -Dfile.encoding=UTF8 "$BUILD_ARGS" < /dev/null

.github/workflows/sbt-ci.yml

@@ -0,0 +1,85 @@
+name: SBT CI
+
+on:
+  workflow_call:
+    inputs:
+      fetch_all_commits:
+        description: "Whether to fetch all commits. Default: false"
+        required: false
+        type: boolean
+        default: false
+      java_version:
+        description: "The Java version to use to compile. Default: 8"
+        required: false
+        type: string
+        default: "8"
+      resolvers:
+        description: "SBT resolvers to configure"
+        required: false
+        type: string
+        default: |
+          resolvers ++= Seq(
+              "Sonatype Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots",
+              "Artima" at "https://repo.artima.com/releases",
+              "MRRC" at "https://maven.repository.redhat.com/ga/"
+          )
+      build_args:
+        description: "Args for SBT tool. Default: clean; compile; +test"
+        required: false
+        type: string
+        default: "clean; compile; +test"
+      upload_artifacts:
+        description: "Whether to upload artifacts and their metadata. Default: false"
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.java_version }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: ${{ inputs.fetch_all_commits == true && '0' || '1' }}
+          persist-credentials: false
+
+      - uses: project-ncl/shared-github-actions/.github/actions/sbt-build@<sha> # main
+        with:
+          java_version: ${{ inputs.java_version }}
+          resolvers: ${{ inputs.resolvers }}
+          build_args: ${{ inputs.build_args }}
+
+      - name: Save PR metadata
+        if: inputs.upload_artifacts
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          mkdir -p pr-metadata
+          echo "$PR_NUMBER" > pr-metadata/pr-number
+          echo "$PR_SHA" > pr-metadata/pr-sha
+
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        if: inputs.upload_artifacts
+        with:
+          name: pr-build
+          path: |
+            .
+            !.git
+            !pr-metadata
+          retention-days: 1
+
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        if: inputs.upload_artifacts
+        with:
+          name: pr-metadata
+          path: pr-metadata
+          retention-days: 1

.github/workflows/sbt-snapshot.yml

@@ -0,0 +1,79 @@
+name: Build snapshot version and upload to registry
+
+on:
+  workflow_call:
+    inputs:
+      project_name:
+        # format: <organisation>/<project_name>
+        description: "The project name to run the job. Prevent forks to run snapshot job"
+        required: true
+        type: string
+      fetch_all_commits:
+        description: "Whether to fetch all commits. Default: false"
+        required: false
+        type: boolean
+        default: false
+      java_version:
+        description: "The Java version to use to compile. Default: 8"
+        required: false
+        type: string
+        default: "8"
+      resolvers:
+        description: "SBT resolvers to configure"
+        required: false
+        type: string
+        default: |
+          resolvers ++= Seq(
+              "Sonatype Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots",
+              "Artima" at "https://repo.artima.com/releases",
+              "MRRC" at "https://maven.repository.redhat.com/ga/"
+          )
+      build_args:
+        description: "Args for SBT tool. Default: clean; compile; +test"
+        required: false
+        type: string
+        default: "clean; compile; +test"
+
+    secrets:
+      SNAPSHOT_USER:
+        required: true
+      SNAPSHOT_PASSWORD:
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    if: github.repository == inputs.project_name
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: ${{ inputs.fetch_all_commits == true && '0' || '1' }}
+          persist-credentials: false
+
+      - uses: project-ncl/shared-github-actions/.github/actions/sbt-build@<sha> # main
+        with:
+          java_version: ${{ inputs.java_version }}
+          resolvers: ${{ inputs.resolvers }}
+          build_args: ${{ inputs.build_args }}
+
+      - name: Publish snapshot
+        shell: bash
+        env:
+          SNAPSHOT_USER: ${{ secrets.SNAPSHOT_USER }}
+          SNAPSHOT_PASSWORD: ${{ secrets.SNAPSHOT_PASSWORD }}
+        run: |
+          mkdir -p "$HOME/.sbt"
+          printf '%s\n' \
+          "realm=Sonatype Nexus Repository Manager" \
+          "host=repository.jboss.org" \
+          "user=$SNAPSHOT_USER" \
+          "password=$SNAPSHOT_PASSWORD" > "$HOME/.sbt/.credentials"
+          sbt -v publish < /dev/null

README.md

@@ -50,13 +50,23 @@ Standard CI workflow for Gradle projects.
 - **Inputs**: The following inputs are available to be overridden
   * java_version (default: `17`)
   * gradle_version (default `wrapper`)
-  * build_command
+  * build_args
   * pre_build_script
   * fetch_all_commits (default: `false`)
   * upload_coverage (default: `false`)
   * coverage_files (report files to upload)
   * upload_artifacts (default: `false`)
 
+## SBT CI (`sbt-ci.yml`)
+Standard CI workflow for Scala/SBT projects.
+
+- **Tasks**: Checkout code, set up Java, set up SBT, run build command, and optionally push build artifact (which is used by Mend workflow).
+- **Inputs**: The following inputs are available to be overridden
+  * java_version (default: `8`)
+  * build_args
+  * resolvers (contents of SBT resolves file)
+  * fetch_all_commits (default: `false`)
+  * upload_artifacts (default: `false`)
 
 ## NPM CI (`npm-ci.yml`)
 Standard CI workflow for NPM projects.
@@ -191,7 +201,7 @@ Workflow for performing a release to Maven Central (Sonatype). This can be manua
 Note that the `jboss-parent` overrides the release-plugin `tagNameFormat` to use `@{project.version}`. To revert to the default format add the following to the calling projects properties: `<tagNameFormat>@{project.artifactId}-@{project.version}</tagNameFormat>`
 
 ## Maven Snapshot (`maven-snapshot.yml`)
-Workflow for deploying snapshot versions to Maven Central.
+Workflow for deploying snapshot versions to Maven Central. Gated to the upstream repo so forks don't attempt to publish
 
 - **Tasks**: Deploy our SNAPSHOT version of our project to Maven Central
   Optionally builds and pushes a Quarkus Jib image to Quay.io.
@@ -205,7 +215,13 @@ Workflow for deploying snapshot versions to Maven Central.
 
 ## Gradle Snapshot (`gradle-snapshot.yml`)
 
-Workflow for deploying snapshot versions to Gradle Central, similar to its Maven counterpart.
+Workflow for deploying snapshot versions to Gradle Central, similar to its Maven counterpart. Gated to the upstream repo so forks don't attempt to publish.
+
+## SBT Snapshot (`sbt-snapshot.yml`)
+
+Workflow for deploying snapshot versions to Sonatype Nexus, similar to its Maven counterpart. Gated to the upstream repo so forks don't attempt to publish.
+
+The workflow writes `~/.sbt/.credentials` for SBT to authenticate against the snapshot repository.
 
 ## Maven Set Version (`maven-set-version.yml`)
 Workflow to update the version in a Maven `pom.xml`. This can be manually run by going to the GitHub Actions tab and selecting the workflow.
@@ -278,6 +294,10 @@ Sets up Java, sets up Gradle, and runs build command.
 
 Sets up Node.js, sets up NPM, and runs build command.
 
+## SBT Build (`sbt-build/action.yml`)
+
+Sets up Java, sets up SBT, and runs build command.
+
 ## Mend (`mend/action.yml`)
 
 Downloads and installs Mend CLI, runs Mend SCA scan (if enabled), and runs Mend SAST scan (if enabled). Publishes artifacts of results of SCA/SAST scans.