diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml
new file mode 100644
index 0000000..54e2ef4
--- /dev/null
+++ b/.github/workflows/build_maven_package.yml
@@ -0,0 +1,75 @@
+# CI with maven build and scan
+#
+# version 1.0.1
+#
+# see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_package.html
+
+name: CI maven build and scan
+
+on:
+ # Trigger analysis when pushing in master or pull requests, and when creating
+ # a pull request.
+ push:
+ branches:
+ - main
+ - develop
+ - branch-preview
+ pull_request:
+ types:
+ - opened
+ - synchronize
+ - reopened
+
+jobs:
+ build:
+ name: Build
+ runs-on: ubuntu-latest
+ steps:
+
+ - uses: actions/checkout@main
+ with:
+ # Shallow clones should be disabled for a better relevancy of analysis
+ fetch-depth: 0
+
+ - uses: graalvm/setup-graalvm@main
+ with:
+ java-version: '22-ea'
+ distribution: 'graalvm'
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ native-image-job-reports: 'true'
+
+ - name: Cache Maven packages
+ uses: actions/cache@main
+ with:
+ path: ~/.m2
+ key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: ${{ runner.os }}-m2
+ - name: Cache SonarCloud packages
+ uses: actions/cache@main
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+ - uses: actions/setup-node@main
+ with:
+ node-version: 20
+ - name: Maven version
+ run: mvn -v
+ env:
+ # Needed to get some information about the pull request, if any
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ - name: Build and analyze
+ run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit,buildreact -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}}
+ env:
+ # Needed to get some information about the pull request, if any
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+ # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+ - name: Update dependency graph
+ # if DISABLE_MAVEN_DEPENDENCY_SUBMISSION is set to true, skip this step
+ if: ${{ vars.DISABLE_MAVEN_DEPENDENCY_SUBMISSION != 'true' }}
+ uses: advanced-security/maven-dependency-submission-action@main
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..c50ce23
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+
+- build and scan workflow
+- all default doc handlers
+- all default source types (xml, json, yaml)
diff --git a/pom.xml b/pom.xml
index a0171c1..6b129fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -207,5 +207,53 @@
true
+
+
+ sonarfugerit
+
+
+ https://sonarcloud.io
+ fugerit-org
+ ${project.artifactId}
+
+
+
+
+ coverage
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+ false
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+
+
+ prepare-agent
+
+ prepare-agent
+
+
+
+ report
+
+ report
+
+
+
+ XML
+
+
+
+
+
+
+
+