build: unify the verify and snapshot workflows

.github/scripts/check-line-endings.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Verifies that no tracked files have CRLF or mixed line endings in the index.
+# .bat/.cmd/.ps1 files are exempted (declared CRLF in .gitattributes).
+set -euo pipefail
+
+violations=$(git ls-files --eol \
+  | grep -E "^i/(crlf|mixed)" \
+  | grep -vE "\.(bat|cmd|ps1)$" || true)
+
+if [ -n "$violations" ]; then
+  echo "::error::Files with CRLF/mixed line endings stored in the index:"
+  echo "$violations"
+  exit 1
+fi

.github/scripts/check-surefire-reports.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# Fails the build if no Tycho Surefire test reports were produced.
+# This catches broken test discovery early.
+set -euo pipefail
+
+if ! find . -path '*/target/surefire-reports/TEST-*.xml' -print -quit | grep -q .; then
+  echo "::error::No surefire reports found. Test discovery is likely broken."
+  exit 1
+fi

.github/workflows/snapshot.yml

@@ -26,6 +26,9 @@ jobs:
           ref: ${{ github.event.inputs.branch || github.ref }}
           fetch-depth: 0
 
+      - name: Check LF line endings
+        run: bash .github/scripts/check-line-endings.sh
+
       - name: Set snapshot SHA
         id: snapshot
         run: echo "sha=$(git rev-parse --short=8 HEAD)" >> "$GITHUB_OUTPUT"
@@ -53,8 +56,20 @@ jobs:
       - name: Build p2 update site
         run: |
           xvfb-run mvn clean verify \
+            checkstyle:check pmd:pmd pmd:cpd pmd:check pmd:cpd-check spotbugs:check \
             -f ./ddk-parent/pom.xml \
-            --batch-mode
+            --batch-mode --fail-at-end
+
+      - name: Fail on missing surefire reports
+        if: always()
+        run: bash .github/scripts/check-surefire-reports.sh
+
+      - name: Archive test logs
+        if: failure()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7
+        with:
+          name: test-logs-${{ github.sha }}
+          path: com.avaloq.tools.ddk.xtext.test/target/work/data/.metadata/.log
 
       - name: Upload p2 update site as artifact
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7

.github/workflows/verify.yml

@@ -1,7 +1,5 @@
 name: verify
 on:
-  push:
-    branches: [master]
   pull_request:
 jobs:
   pmd:
@@ -32,20 +30,8 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
-      - name: Check LF line endings in index
-        # .gitattributes declares `* text=auto eol=lf` with .bat/.cmd/.ps1
-        # exempted. Git's clean filter normalizes on commit, but verify it
-        # explicitly in case a file is miscategorized as binary or a filter
-        # is bypassed.
-        run: |
-          violations=$(git ls-files --eol \
-            | grep -E "^i/(crlf|mixed)" \
-            | grep -vE "\.(bat|cmd|ps1)$" || true)
-          if [ -n "$violations" ]; then
-            echo "Files with CRLF/mixed line endings stored in the index:"
-            echo "$violations"
-            exit 1
-          fi
+      - name: Check LF line endings
+        run: bash .github/scripts/check-line-endings.sh
   maven-verify:
     runs-on: ubuntu-24.04
     steps:
@@ -69,13 +55,8 @@ jobs:
         # This ensures all violations are collected and reported before the build fails
         run: xvfb-run mvn clean verify checkstyle:check pmd:pmd pmd:cpd pmd:check pmd:cpd-check spotbugs:check -f ./ddk-parent/pom.xml --batch-mode --fail-at-end
       - name: Fail on missing surefire reports
-        # Tycho-Surefire writes no TEST-*.xml when discovery is empty — fail the job in that case.
         if: always()
-        run: |
-          if ! find . -path '*/target/surefire-reports/TEST-*.xml' -print -quit | grep -q .; then
-            echo "::error::No surefire reports found. Test discovery is likely broken."
-            exit 1
-          fi
+        run: bash .github/scripts/check-surefire-reports.sh
       - name: Archive Tycho Surefire Plugin
         if: ${{ failure() }}
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7