Use workflows from https://github.com/cap-java/.github/

[lisajulia]

Migrate CI/CD Workflows to Shared cap-java/.github Actions

Chore

♻️ Refactor: Replaced locally-defined GitHub Actions and workflow steps with reusable shared workflows and actions from the central cap-java/.github repository, reducing duplication and centralizing CI/CD maintenance.

Changes

• .github/actions/build/action.yml: Removed — now delegated to cap-java/.github/actions/build@main.
• .github/actions/deploy-release/action.yml: Removed — now delegated to cap-java/.github/actions/deploy-release@main.
• .github/actions/scan-with-blackduck/action.yml: Removed — now delegated to cap-java/.github/actions/scan-with-blackduck@main.
• .github/actions/scan-with-codeql/action.yml: Removed — now delegated to cap-java/.github/actions/scan-with-codeql@main.
• .github/actions/scan-with-sonar/action.yml: Removed — now delegated to cap-java/.github/actions/scan-with-sonar@main.
• .github/workflows/issue.yml: Replaced inline issue labeling and comment logic with a call to the shared cap-java/.github/.github/workflows/issue.yml@main workflow.
• .github/workflows/prevent-issue-labeling.yml: Replaced inline label-removal logic with a call to cap-java/.github/.github/workflows/prevent-issue-labeling.yml@main.
• .github/workflows/stale.yml: Removed inline stale issue handling steps; now delegates to cap-java/.github/.github/workflows/stale.yml@main. Also removed explicit permissions: {} block.
• .github/workflows/main.yml: Updated BlackDuck scan action reference from local to shared; added explicit project-name and included-modules inputs.
• .github/workflows/pr.yml: Updated BlackDuck scan action reference from local to shared; added project-name and included-modules inputs.
• .github/workflows/pipeline.yml: Updated SonarQube and CodeQL action references from local to shared; added sonar-project-key, coverage-report-path, build-script, and coverage-exclusions inputs to the SonarQube step.
• .github/workflows/release.yml: Updated BlackDuck, build, and deploy action references from local to shared; added project-name and included-modules inputs to the BlackDuck step.

• 🔄 Regenerate and Update Summary

PR Bot Information

Version: 1.21.0

• Summary Prompt: Default Prompt
• Event Trigger: pull_request.opened
• LLM: anthropic--claude-4.6-sonnet
• Correlation ID: f0972ec1-2545-4237-a725-09c1f8aeddf0
• File Content Strategy: Full file content
• Output Template: Default Template

[hyperspace-insights]

The PR centralises CI/CD logic by delegating to shared reusable workflows and actions in cap-java/.github, which is a clean maintainability improvement. However, three issues were flagged: the permissions: {} guard was dropped from stale.yml (least-privilege regression), the sonar-project-key input value should be verified against what the central action actually expects, and the CF service bindings performed before the SonarQube step may be lost if the central action performs an internal checkout.

PR Bot Information

Version: 1.21.0

• Event Trigger: pull_request.opened
• LLM: anthropic--claude-4.6-sonnet
• Correlation ID: f0972ec1-2545-4237-a725-09c1f8aeddf0
• Agent Instructions:
  • CLAUDE.md
• File Content Strategy: Full file content

[Schmarvinius]

lets try ^^