adding codacy analysis with spotbugs plugin

.github/workflows/codacy-analysis.yml

@@ -0,0 +1,49 @@
+name: Codacy Security Scan
+
+# set on trigger to run on push to main branch, pull request on any branch, and on a schedule
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - '**'
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  Build-and-Scan:
+    name: Maven Package and Codacy SAST 
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: ['11', '17']
+      fail-fast: false
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@main
+      - name: Remove Example Properties File 
+        run: rm $GITHUB_WORKSPACE/src/main/resources/application_example.properties 
+      - name: Rename Properties File 
+        run: mv $GITHUB_WORKSPACE/src/main/resources/application.properties.j2 $GITHUB_WORKSPACE/src/main/resources/application.properties
+      - name: Setup Java JDK
+        uses: actions/[email protected]
+        with: 
+          java-version: ${{ matrix.java }}
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Build SprintBoot Application 
+        run: mvn clean package -DskipTests=true 
+      - name: Rename WAR Artifact 
+        run: mv $GITHUB_WORKSPACE/target/Bento-0.0.1.war $GITHUB_WORKSPACE/target/ROOT.war 
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@master
+        with:
+          tool: spotbugs
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          upload: true
+          max-allowed-issues: 2147483647
+          verbose: true
+          allow-network: true 
+          skip-uncommitted-files-check: true
+          force-file-permissions: true