Improve repository.

- add kokuwa checkstyle
- add dependabot
- add dependency documentation
- add code owners
- add codeql
- add license badge

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
+* @kokuwaio-bot @sschnabe @rpahli @fabian-schlegel

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 1
+    rebase-strategy: auto
+    ignore:
+      - dependency-name: ch.qos.logback:logback-classic
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/codeql.yaml

@@ -0,0 +1,22 @@
+name: CodeQL
+
+"on":
+  workflow_dispatch: {}
+  pull_request: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    steps:
+      - uses: actions/checkout@v3
+      - uses: github/codeql-action/init@v1
+        with:
+          languages: java
+      - uses: github/codeql-action/autobuild@v1
+      - uses: github/codeql-action/analyze@v1

.github/workflows/dependabot.yaml

@@ -0,0 +1,17 @@
+name: Dependabot
+
+"on": pull_request_target
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ secrets.GIT_ACTION_TOKEN }}
+      - run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ secrets.GIT_ACTION_TOKEN }}

.github/workflows/lint.yaml

@@ -0,0 +1,26 @@
+name: Lint
+
+"on":
+  workflow_dispatch: {}
+  push:
+    branches: [main]
+  pull_request: {}
+
+jobs:
+
+  yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ibiqlik/action-yamllint@v3
+        with:
+          format: colored
+          strict: true
+
+  markdown:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: avto-dev/markdown-lint@v1
+        with:
+          args: /github/workspace

.github/workflows/pullrequest.yaml

@@ -0,0 +1,26 @@
+name: PullRequest
+
+"on": pull_request
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 11
+          cache: maven
+      - run: mvn -B dependency:go-offline
+      - run: mvn -B verify
+      - uses: dorny/test-reporter@v1.5.0
+        if: failure()
+        with:
+          name: surefire
+          path: '**/target/surefire-reports/*.xml,**/target/invoker-reports/*.xml'
+          reporter: java-junit
+          list-suites: failed
+          list-tests: failed
+          fail-on-error: false

.github/workflows/release.yaml

@@ -1,13 +1,12 @@
 name: Release
 
-"on":
-  workflow_dispatch: {}
+"on": workflow_dispatch
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           token: ${{ secrets.GIT_ACTION_TOKEN }}
       - uses: crazy-max/ghaction-import-gpg@v4
@@ -16,16 +15,17 @@ jobs:
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
           git_user_signingkey: true
           git_commit_gpgsign: true
-      - uses: actions/setup-java@v2
+      - uses: actions/setup-java@v3
         with:
           distribution: temurin
           java-version: 11
+          cache: maven
           server-id: sonatype-nexus
           server-username: SERVER_USERNAME
           server-password: SERVER_PASSWORD
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg-passphrase: GPG_PASSPHRASE
-      - run: mvn -B dependency:go-offline -q
+      - run: mvn -B dependency:go-offline
       - run: mvn -B release:prepare
       - run: mvn -B release:perform
         env:

.github/workflows/snapshot.yaml

@@ -2,32 +2,16 @@ name: Snapshot
 
 "on":
   workflow_dispatch: {}
-  push: {}
+  push:
+    branches: [main]
+    paths-ignore: ['**.md']
 
 jobs:
-
-  lint-yaml:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ibiqlik/action-yamllint@v3
-        with:
-          format: colored
-          strict: true
-
-  lint-markdown:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: docker://avtodev/markdown-lint:v1
-        with:
-          args: /github/workspace
-
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
         with:
           distribution: temurin
           java-version: 11
@@ -35,19 +19,17 @@ jobs:
           server-id: sonatype-nexus
           server-username: SERVER_USERNAME
           server-password: SERVER_PASSWORD
-      - run: mvn -B dependency:go-offline -q
-      - run: mvn -B verify
-        if: github.ref != 'refs/heads/main'
+      - run: mvn -B dependency:go-offline
       - run: mvn -B deploy
-        if: github.ref == 'refs/heads/main'
         env:
           SERVER_USERNAME: ${{ secrets.SONATYPE_NEXUS_USERNAME }}
           SERVER_PASSWORD: ${{ secrets.SONATYPE_NEXUS_PASSWORD }}
-      - uses: dorny/test-reporter@v1
+      - uses: dorny/test-reporter@v1.5.0
         if: failure()
         with:
           name: surefire
-          path: '*/target/surefire-reports/*.xml'
+          path: '**/target/surefire-reports/*.xml'
           reporter: java-junit
           list-suites: failed
           list-tests: failed
+          fail-on-error: false