CI: Add gh workflow for scheduled clm scan

Change-Id: I7e4a3f5930b47a75a26fbb81817a72f688b43076
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>

diff --git a/.github/workflows/clm-scan.yaml b/.github/workflows/clm-scan.yaml
new file mode 100644 (file)
index 0000000..7cbcfff
--- /dev/null
+++ b/.github/workflows/clm-scan.yaml
@@ -0,0 +1,78 @@
+---
+name: Gerrit Composed CLM Scan
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "58 6 * * 6"
+
+concurrency:
+  # yamllint disable-line rule:line-length
+  group: composed-clm-scan-${{ github.workflow }}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify job start
+        # yamllint disable-line rule:line-length
+        uses: lfit/gerrit-review-action@7c30179c3c9389545fccb0d458df59879372ae6a  # v0.6
+        with:
+          host: ${{ vars.GERRIT_SERVER }}
+          username: ${{ vars.GERRIT_SSH_USER }}
+          key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+          known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+          gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER || '141443' }} # setting random default for scheduled runs
+          gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER || '1' }} # setting random default for scheduled runs
+          vote-type: clear
+          comment-only: true
+      - name: Allow replication
+        run: sleep 10s
+
+  run-maven-clm:
+    needs: notify
+    # yamllint disable-line rule:line-length
+    uses: lfit/releng-reusable-workflows/.github/workflows/composed-maven-nexus-iq.yaml@main
+    with:
+      GERRIT_BRANCH: ${{ inputs.GERRIT_BRANCH || 'master' }}
+      GERRIT_CHANGE_ID: ${{ inputs.GERRIT_CHANGE_ID || 'Ifde03fec9fce640152c85ead1aa15835497a583c' }} # setting random default for scheduled runs
+      GERRIT_CHANGE_NUMBER: ${{ inputs.GERRIT_CHANGE_NUMBER || '141443' }} # setting random default for scheduled runs
+      GERRIT_CHANGE_URL: ${{ inputs.GERRIT_CHANGE_URL || 'https://gerrit.onap.org/r/c/ccsdk/sli/+/141443' }} # setting random default for scheduled runs
+      GERRIT_EVENT_TYPE: ${{ inputs.GERRIT_EVENT_TYPE || 'change-merged' }}
+      GERRIT_PATCHSET_NUMBER: ${{ inputs.GERRIT_PATCHSET_NUMBER || '1' }} # setting random default for scheduled runs
+      GERRIT_PATCHSET_REVISION: ${{ inputs.GERRIT_PATCHSET_REVISION || 'f975cc1c632d885486d7517371efd01d4e0ab856' }} # setting random default for scheduled runs
+      GERRIT_PROJECT: ${{ inputs.GERRIT_PROJECT || 'ccsdk/sli' }}
+      GERRIT_REFSPEC: ${{ inputs.GERRIT_REFSPEC || 'refs/heads/master' }}
+      # yamllint disable rule:line-length
+      ENV_VARS: '{"MAVEN_OPTS": "--add-opens=java.base/java.util=ALL-UNNAMED"}'
+      ENV_SECRETS: "{}"
+      JDK_VERSION: "21"
+      MVN_PHASES: "clean install dependency:tree com.sonatype.clm:clm-maven-plugin:2.41.0-02:index"
+      MVN_OPTS: >-
+        -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
+        -Dmaven.repo.local=/tmp/r -Dorg.ops4j.pax.url.mvn.localRepository=/tmp/r
+        -DaltDeploymentRepository=staging::default::file:"${GITHUB_WORKSPACE}"/m2repo
+      MVN_POM_FILE: "pom.xml"
+    secrets:
+      NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }}
+
+  report-status:
+    if: ${{ always() }}
+    needs: [notify, run-maven-clm]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get workflow conclusion
+        uses: technote-space/workflow-conclusion-action@v3
+      - name: Report workflow conclusion
+        # yamllint disable-line rule:line-length
+        uses: lfit/gerrit-review-action@7c30179c3c9389545fccb0d458df59879372ae6a  # v0.6
+        with:
+          host: ${{ vars.GERRIT_SERVER }}
+          username: ${{ vars.GERRIT_SSH_USER }}
+          key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+          known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+          gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER || '141443' }} # setting random default for scheduled runs
+          gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER || '1' }} # setting random default for scheduled runs
+          vote-type: ${{ env.WORKFLOW_CONCLUSION }}
+          comment-only: true