Move FOSSA workflows to newrelic org

[elaguerta-nr]

Add FOSSA workflows

Adds the following workflows to be used by FOSSA PR based scanning:

• fossa-default.yml
• fossa-scala.yml
• fossa-ruby-bundler.yml
• fossa-gradle.yml
• fossa-elixir.yml
• fossa-caos.yml (this is specific to the CAOS team)

[lucasgonze]

There's quite a lot of boilerplate that's the same from one workflow to another.

GH has a feature to reuse workflows. However, I think it wouldn't work in this case because the way the code is structured doesn't lend itself to it. Do you agree?

[lucasgonze]

Can you verify that the missing || TRUE statement is intentional?

$ diff -w fossa-default.yml fossa-scala.yml
1c1
< name: FOSSA CLI Analysis
---
> name: FOSSA CLI Analysis - Scala
22a23,27
>       - name: Download newrelic.jar
>         if: ${{ github.repository == 'newrelic-csec/newrelic-java-examples' }}
>         run: |
>           mkdir newrelic-java-agent/scala/segment-api-synchronous/libs
>           curl https://download.newrelic.com/newrelic/java-agent/newrelic-agent/current/newrelic.jar --output newrelic-java-agent/scala/segment-api-synchronous/libs/newrelic.jar
30c35
<           fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE || true
---
>           fossa list-targets --format text 1>$LIST_TARGETS_OUT_FILE 2>$LIST_TARGETS_ERR_FILE

[elaguerta-nr]

Regarding the duplicated code: I completely agree that it is preferable to move it to a reusable workflow. FOSSA is working on refactoring for us. They have a POC that they will share later this week.

[elaguerta-nr]

Re: || true yes, this is intentional. It is to prevent the process from quitting early if the CLI hits an error. The *ERR_FILE contains the stderr logs from the FOSSA CLI. Our script inspects those files to see if the CLI encountered an error.

Thank you for catching that || true is missing on the scala workflow - it should be on all of them. I'll check the rest and fix them up, then ping you for a re-review.