Hardening/contract stabilization #60

	name: CI

	on:
	push:
	branches:
	- main
	- develop
	pull_request:

	jobs:

	build:
	name: Build & Test
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: '21'
	cache: gradle

	- name: Generate test RSA keys
	run: \|
	mkdir -p config/keys
	openssl genpkey -algorithm RSA -out config/keys/private.pem -pkeyopt rsa_keygen_bits:2048
	openssl rsa -pubout -in config/keys/private.pem -out config/keys/public.pem

	- name: Build & Test
	run: ./gradlew clean build --info

	- name: Upload Test Report (if failure)
	if: failure()
	uses: actions/upload-artifact@v4
	with:
	name: test-report
	path: build/reports/tests/test

	- name: Upload JaCoCo Coverage Report
	if: success()
	uses: actions/upload-artifact@v4
	with:
	name: jacoco-report
	path: build/reports/jacoco/test/html


	sonar:
	name: SonarCloud Analysis
	runs-on: ubuntu-latest
	needs: build

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	distribution: temurin
	java-version: '21'
	cache: gradle

	- name: Generate test RSA keys
	run: \|
	mkdir -p config/keys
	openssl genpkey -algorithm RSA -out config/keys/private.pem -pkeyopt rsa_keygen_bits:2048
	openssl rsa -pubout -in config/keys/private.pem -out config/keys/public.pem

	- name: Run SonarCloud Analysis
	env:
	SONAR_HOST_URL: https://sonarcloud.io
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: ./gradlew sonar --info

Provide feedback