ci: Add github build workflows

.github/workflows/ci.yml

@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow
+# execution time. For more information see:
+#  https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+
+name: CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      # Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies.
+      # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
+
+      - name: Build
+        run: ./gradlew clean build

.github/workflows/dependency-review.yml

@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+# This workflow scans pull requests for dependency changes, and will raise an error if any vulnerabilities or
+# invalid licenses are being introduced.
+# See https://github.com/actions/dependency-review-action
+
+name: dependency-review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 #4.3.2
+        with:
+          retry-on-snapshot-warnings: true
+          retry-on-snapshot-warnings-timeout: 600

.github/workflows/download-dependency-graph.yml

@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+# This workflow downloads the saved dependency graph and submits it to GitHub, enabling Dependabot Alerts for all
+# project dependencies.
+name: download-submit-dependency-graph
+
+on:
+  workflow_run:
+    workflows: ['upload-dependency-graph']
+    types: [completed]
+
+permissions:
+  contents: write
+
+jobs:
+  submit-dependency-graph:
+    runs-on: ubuntu-latest
+    steps:
+      # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+      - name: Download and submit dependency graph
+        uses: gradle/actions/dependency-submission@d211a39090cba0cdce485f2a0b1f28f39ccda0c9 # v3.3.2
+        with:
+          dependency-graph: download-and-submit # Download saved dependency-graph and submit

.github/workflows/upload-dependency-graph.yml

@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+name: upload-dependency-graph
+
+on:
+  pull_request:
+
+permissions:
+  contents: read # 'write' permission is not available
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+      # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+      - name: Generate and save dependency graph
+        uses: gradle/actions/dependency-submission@d211a39090cba0cdce485f2a0b1f28f39ccda0c9 # v3.3.2
+        with:
+          dependency-graph: generate-and-upload

.github/workflows/wrapper-validation.yml

@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+name: "Validate Gradle Wrapper"
+
+on: [push, pull_request]
+
+jobs:
+  validation:
+    name: "Validation"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gradle/actions/wrapper-validation@d211a39090cba0cdce485f2a0b1f28f39ccda0c9