Use Apache Logging Services reusable workflows

.github/dependabot.yaml

@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+version: 2
+# Add Maven Central explicitly to work around:
+#   https://github.com/dependabot/dependabot-core/issues/8329
+registries:
+  maven-central:
+    type: maven-repository
+    url: https://repo.maven.apache.org/maven2
+
+updates:
+
+  - package-ecosystem: maven
+  directory: "/"
+  open-pull-requests-limit: 10
+  schedule:
+    interval: "daily"
+  target-branch: "trunk"
+  registries:
+    - maven-central
+
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: "daily"
+  target-branch: "trunk"

.github/workflows/build.yaml

@@ -0,0 +1,69 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: build
+
+on:
+  push:
+    branches:
+    - "trunk"
+    - "release/*"
+  pull_request:
+
+permissions: read-all
+
+jobs:
+
+  build:
+    if: github.actor != 'dependabot[bot]'
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/11.3.0
+    secrets:
+      DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.GE_ACCESS_TOKEN }}
+    with:
+      java-version: 11
+      site-enabled: true
+      reproducibility-check-enabled: true
+      develocity-enabled: ${{ ! startsWith(github.ref_name, 'release/') }}
+
+  deploy-snapshot:
+    needs: build
+    if: github.repository == 'apache/flume' && github.ref == 'refs/heads/trunk'
+    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/11.3.0
+    # Secrets for deployments
+    secrets:
+      NEXUS_USERNAME: ${{ secrets.NEXUS_USER }}
+      NEXUS_PASSWORD: ${{ secrets.NEXUS_PW }}
+    with:
+      java-version: 11
+
+  deploy-release:
+    needs: build
+    if: github.repository == 'apache/flume' && startsWith(github.ref_name, 'release/')
+    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/11.3.0
+    # Secrets for deployments
+    secrets:
+      GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
+      NEXUS_USERNAME: ${{ secrets.LOGGING_STAGE_DEPLOYER_USER }}
+      NEXUS_PASSWORD: ${{ secrets.LOGGING_STAGE_DEPLOYER_PW }}
+      SVN_USERNAME: ${{ secrets.LOGGING_SVN_DEV_USERNAME }}
+      SVN_PASSWORD: ${{ secrets.LOGGING_SVN_DEV_PASSWORD }}
+    # Write permissions to allow the Maven `revision` property update, changelog release, etc.
+    permissions:
+      contents: write
+    with:
+      java-version: 11
+      project-id: flume

.github/workflows/codeql-analysis.yaml

@@ -0,0 +1,41 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: codeql-analysis
+
+on:
+  push:
+    branches: [ 'trunk' ]
+  pull_request:
+    # The branches below must be a subset of the branches provided in `on.push.branches`
+    branches: [ 'trunk' ]
+  schedule:
+    - cron: '32 12 * * 5'
+
+permissions: read-all
+
+jobs:
+
+  analyze:
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    # Permissions required to publish Security Alerts
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    with:
+      java-version: 11

.github/workflows/merge-dependabot.yaml

@@ -0,0 +1,50 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: merge-dependabot
+
+on:
+  pull_request_target:
+    paths-ignore:
+      - "**.adoc"
+      - "**.md"
+      - "**.txt"
+
+permissions: read-all
+
+jobs:
+
+  build:
+    if: github.repository == 'apache/flume' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/11.3.0
+    secrets:
+      DV_ACCESS_TOKEN: ${{ secrets.GE_ACCESS_TOKEN }}
+    with:
+      java-version: 11
+      develocity-enabled: true
+      reproducibility-check-enabled: false
+
+  merge-dependabot:
+    needs: build
+    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/11.3.0
+    with:
+      java-version: 11
+    permissions:
+      contents: write                                             # to push changelog commits
+      pull-requests: write                                        # to close the PR
+    secrets:
+      GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}       # to sign commits

.github/workflows/scorecards-analysis.yaml

@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: scorecards-analysis
+
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: "30 1 * * 6"
+  push:
+    branches: [ main ]
+
+permissions: read-all
+
+jobs:
+
+  analysis:
+    uses: apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    permissions:
+      # Needed to upload the results to the code-scanning dashboard.
+      security-events: write
+      actions: read
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    with:
+      java-version: 11