added github workflows

.github/pull.yml

@@ -0,0 +1,7 @@
+version: "1"
+rules:
+  - base: develop
+    upstream: Onlineberatung:develop
+    mergeMethod: merge
+label: ":arrow_heading_down: pull"
+conflictLabel: "merge-conflict"

.github/workflows/dockerImage.yml

@@ -0,0 +1,106 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - "develop"
+    tags:
+      - "dockerImage.v.*"
+      - "v*"
+
+jobs:
+  test:
+    name: Build and run unit tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup JVM
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11.0.10
+          java-package: jdk
+          architecture: x64
+
+      - name: Caching maven dependencies
+        uses: actions/cache@v1
+        env:
+          cache-name: cache-maven-dependencies
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
+      - name: Maven Package
+        run: mvn -B -Pprod  clean package -DskipTests=true
+      - name: Maven Verify
+        run: mvn -B -Pprod clean verify -DskipTests=true
+      - uses: actions/upload-artifact@v2
+        with:
+          name: targetfiles
+          path: target/*.jar
+  push_to_registry:
+    strategy:
+      matrix:
+        registry: ["docker.pkg.github.com", "ghcr.io"]
+    needs: [test]
+    name: Push Docker image to GitHub Packages
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Download buildfiles artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: targetfiles
+      - name: Get current time
+        id: time
+        uses: nanzm/[email protected]
+        with:
+          timeZone: 2
+          format: "YYYYMMDD[_]HHmmss"
+      - name: Prepare environment variables
+        run: |
+          echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
+          echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV
+          echo "REPO_NAME_WITHOUT_PREFIX"=$(echo "${{ github.repository }}" | sed "s/.*\///" | awk -F / '{print tolower($0)}') >> $GITHUB_ENV
+          echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV
+          echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV
+          echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV
+        shell: bash
+      - name: Set branch_timestamp for image from branch
+        if: ${{ env.TYPE == 'branch' }}
+        run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}_${{ env.TIME_STAMP }}") >> $GITHUB_ENV
+        shell: bash
+      - name: Set tag for image from tag
+        if: ${{ env.TYPE == 'tag' }}
+        run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}") >> $GITHUB_ENV
+        shell: bash
+      - name: Push to GitHub Packages
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.GH_PACKAGE_RELEASE_USER }}
+          password: ${{ secrets.GH_PACKAGE_RELEASE_TOKEN }}
+          registry: ${{ env.DOCKER_REGISTRY }}
+          repository: ${{ env.DOCKER_IMAGE }}
+          tags: ${{ env.DOCKER_IMAGE_TAG}}
+      - name: Hint about the Docker Image Tag if successfull
+        if: ${{ success() }}
+        run: |
+          echo "### Publish Docker image :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- Image name: ${{ env.DOCKER_IMAGE }}" >> $GITHUB_STEP_SUMMARY
+          echo "- Version: ${{ env.DOCKER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
+      - name: Hint about the Docker Image Tag if not successfull
+        if: ${{ failure() || cancelled() }}
+        run: |
+          echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY
+      - name: Run Trivy vulnerability image scanner
+        if: ${{ (matrix.registry == 'ghcr.io') }}
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}:${{ env.DOCKER_IMAGE_TAG }}'
+          format: 'table'
+          exit-code: '1'
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'

.github/workflows/securityScan.yml

@@ -0,0 +1,22 @@
+name: Run trivy security scan
+on:
+  push:
+    branches:
+      - 'develop'
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          exit-code: 1
+          severity: CRITICAL