Merge branch 'release/0.1.0'

.env-example

@@ -0,0 +1,29 @@
+QUARKUS_DATASOURCE_USERNAME=fyreplace
+QUARKUS_DATASOURCE_PASSWORD=fyreplace
+QUARKUS_DATASOURCE_JDBC_URL=jdbc:postgresql://localhost/fyreplace
+
+QUARKUS_S3_ENDPOINT_OVERRIDE=https://storage.example.org
+QUARKUS_S3_AWS_REGION=eu-west-1
+QUARKUS_S3_AWS_CREDENTIALS_TYPE=static
+QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID=key-id
+QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY=secret-key
+
+QUARKUS_MAILER_HOST=smtp.example.org
+[email protected]
+[email protected]
+QUARKUS_MAILER_PASSWORD=password
+
+QUARKUS_SENTRY_DSN=https://sentry.example.org
+QUARKUS_SENTRY_ENVIRONMENT=local
+QUARKUS_SENTRY_TRACES_SAMPLE_RATE=1.0
+
+MP_JWT_VERIFY_PUBLICKEY=public-key-content
+SMALLRYE_JWT_SIGN_KEY=private-key-content
+
+APP_URL=https://api.fyreplace.example.org
+APP_FRONT_URL=https://fyreplace.example.org
+APP_WEBSITE_URL=https://www.fyreplace.example.org
+
+APP_STORAGE_TYPE=s3
+APP_STORAGE_S3_BUCKET=fyreplace
+APP_STORAGE_S3_CUSTOM_ENDPOINT=https://cdn.storage.example.org

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto
+gradlew eol=lf
+gradlew.bat eol=crlf

.github/workflows/publishing.yml

@@ -0,0 +1,116 @@
+name: Publishing
+
+on:
+  push:
+    branches:
+      - develop
+      - release/*
+      - hotfix/*
+    tags:
+      - v*.*.*
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  formatting:
+    name: Check formatting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: gradle
+
+      - name: Run Spotless
+        run: ./gradlew --no-daemon spotlessCheck
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    environment: test
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: gradle
+
+      - name: Build emails
+        run: make emails
+
+      - name: Run tests
+        run: ./gradlew --no-daemon test
+        env:
+          MP_JWT_VERIFY_PUBLICKEY: ${{ vars.MP_JWT_VERIFY_PUBLICKEY }}
+          SMALLRYE_JWT_SIGN_KEY: ${{ secrets.SMALLRYE_JWT_SIGN_KEY }}
+          APP_URL: https://api.fyreplace.example.org
+          APP_FRONT_URL: https://fyreplace.example.org
+          APP_WEBSITE_URL: https://www.fyreplace.example.org
+
+  build:
+    name: Build
+    needs: test
+    runs-on: ubuntu-latest
+    environment: container
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=sha
+            type=ref,event=branch
+            type=edge,branch=develop
+            type=semver,pattern={{version}}
+
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          build-args: |
+            APP_STORAGE_TYPE=s3
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true

.github/workflows/scanning.yml

@@ -0,0 +1,26 @@
+name: Scanning
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  scan:
+    name: Run CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up CodeQL
+        uses: github/codeql-action/init@v3
+
+      - name: Run autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Run analysis
+        uses: github/codeql-action/analyze@v3

.gitignore

@@ -0,0 +1,42 @@
+# Gradle
+.gradle/
+build/
+
+# Eclipse
+.project
+.classpath
+.settings/
+bin/
+
+# IntelliJ
+.idea
+*.ipr
+*.iml
+*.iws
+
+# NetBeans
+nb-configuration.xml
+
+# Visual Studio Code
+.vscode
+.factorypath
+
+# OSX
+.DS_Store
+
+# Vim
+*.swp
+*.swo
+
+# patch
+*.orig
+*.rej
+
+# Local environment
+.env
+
+# Plugin directory
+/.quarkus/cli/plugins/
+
+# AsciiDoc
+target