STORM-3897 Replace Travis with GitHub Actions

[rzo1]

What is the purpose of the change

• Adds GitHub actions on the basis of the old travis script (and similar to them)
• Downgrades TestNG as it isn't compatible with Java 8
• Fixes license files

Note: integration-tests are failing as the related .sh is highly Travis specific and needs some rework. IMHO, we should fix it in a separate Jira. Wdyt?

It superseeds #3519

How was the change tested

• GitHub Actions

[rzo1]

@bipinprasad Feel free to have a look at this PR. It should build wit 8 / 11 for most of the modules. I didn't touch the Integration-Test module atm as it requires some rewriting of the shell script to work with GH. I suggest, that we tackle this part in a separate PR, so we have build feedback, which is crucial (see downgrade of TestNG + license files). WDYT?

[bipinprasad]

Looks good. Thanks. It reverts a security fix (which was incompatible with jdk8). We will have to drop jdk8 and add jdk17 very soon. But till then, this will have to do.

[bipinprasad]

https://issues.apache.org/jira/browse/STORM-3898 for Integration test github action

[rzo1]

Thanks for the review!

Looks good. Thanks. It reverts a security fix (which was incompatible with jdk8). We will have to drop jdk8 and add jdk17 very soon. But till then, this will have to do.

I agree, that we should drop Java 8 at some point (given that Java 21 will land soon). If you are talking about https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4065, I don't think, that the test dependency will give a huge attack vector (as we do not ship it) as (in the context of the project) only processes trusted content, no?

[bipinprasad]

Agreed. No problem security-wise, and not an issue at this point.