amended pom and added ci cd workflows

.github/workflows/cd.yaml

@@ -0,0 +1,54 @@
+name: CD
+
+on:
+    push:
+     branches:
+       -  main
+
+jobs:
+  release-please:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+
+  call-build-maven:
+    needs: release-please
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yaml
+
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: 
+      - release-please
+      - call-build-maven
+    steps:
+        - name: checkout code
+          uses: actions/checkout@v4
+
+        - name: Set up JDK 11
+          uses: actions/setup-java@v4
+          with:
+            java-version: '11'
+            distribution: 'corretto'
+            cache: 'maven'
+
+        - name: Publish to GitHub Packages Apache Maven
+          if: ${{needs.release-please.outputs.release_created}}
+          run: mvn --batch-mode deploy
+          env:
+            GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+

.github/workflows/ci.yaml

@@ -0,0 +1,17 @@
+name: CI
+
+on:
+    pull_request:
+
+jobs:
+  security:
+    name: Security
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  build-maven:      
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yaml
+    needs: security
+
+

.github/workflows/maven_build.yaml

@@ -0,0 +1,19 @@
+name: Maven Build
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+    build:
+      name: build
+      runs-on: ubuntu-latest
+      steps:
+       - uses: actions/checkout@v4
+
+       - run: mvn -B -P github package
+
+

.github/workflows/security.yaml

@@ -0,0 +1,39 @@
+name: Security Scan
+
+on:
+  workflow_call:
+    inputs:
+      severity-threshold:
+        description: "Severity threshold"
+        required: false
+        default: "high"
+        type: string
+    secrets:
+      SNYK_TOKEN:
+        description: "Snyk token"
+        required: true
+  schedule:
+    # Weekly on Monday at 00:00 UTC
+    - cron: 0 0 * * 1
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:      
+    scan:
+        name: scan
+        runs-on: ubuntu-latest
+        steps:
+
+        - uses: actions/checkout@v4
+        - uses: snyk/actions/setup@master
+        - uses: actions/setup-java@v4
+          with:
+            distribution: "corretto"
+            java-version: "11"
+            cache: maven
+
+        - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }}
+          env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

pom.xml

@@ -12,7 +12,7 @@
     <zap-clientapi.version>1.13.0</zap-clientapi.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.version>3.8.1</maven.compiler.version>
-    <nexus.releases>https://nexus.olcs.dev-dvsacloud.uk/repository/maven-releases</nexus.releases>
+   <github.url>https://maven.pkg.github.com/dvsa/vol-app-security-lib</github.url>
   </properties>
 
   <build>
@@ -46,11 +46,12 @@
     </dependency>
   </dependencies>
 
-  <!--  Nexus Configuration  -->
+
   <distributionManagement>
     <repository>
-      <id>maven-releases</id>
-      <url>${nexus.releases}</url>
+        <id>github</id>
+        <name>GitHub dvsa Apache Maven Packages</name>
+        <url>${github.url}</url>
     </repository>
-  </distributionManagement>
+</distributionManagement>
 </project>