build: Added java 21 build with maven and NVD libraries

ci/java-builder/README.md

@@ -0,0 +1,53 @@
+# Java Builder — CI Image
+
+Pre-baked build environment for KollectAI-ETL backend and plugin CI jobs.
+
+## What's included
+
+- Java 21 (Eclipse Temurin)
+- Maven 3.9.9
+- Pre-cached Maven dependencies (Spring Boot, Flink, MyBatis, etc.)
+- Pre-installed `plugin-api` in local Maven repo
+- OWASP NVD database snapshot
+- ORAS CLI (Harbor artifact uploads)
+- git, jq, curl
+
+## Build
+
+```bash
+docker build -t registry.kollect.biz/kollect-ci/java-builder:latest ci/java-builder/
+docker push registry.kollect.biz/kollect-ci/java-builder:latest
+```
+
+### Build args
+
+| Arg | Default | Description |
+|-----|---------|-------------|
+| `MAVEN_VERSION` | `3.9.9` | Maven version |
+| `OWASP_DC_VERSION` | `12.1.1` | OWASP Dependency-Check version |
+| `ETL_BRANCH` | `001-ai-etl-platform` | Branch to fetch pom.xml files from |
+| `ORAS_VERSION` | `1.2.2` | ORAS CLI version |
+
+## Usage in CI
+
+```yaml
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    container:
+      image: registry.kollect.biz/kollect-ci/java-builder:latest
+    steps:
+      - uses: actions/checkout@v6
+      - run: ./mvnw -f backend/etl/pom.xml test -Dgroups=unit -q
+```
+
+## Maintenance
+
+Rebuild weekly to keep the OWASP NVD database fresh:
+
+```bash
+docker build --no-cache -t registry.kollect.biz/kollect-ci/java-builder:latest ci/java-builder/
+docker push registry.kollect.biz/kollect-ci/java-builder:latest
+```
+
+When `pom.xml` files change (new dependencies), rebuild to update the cached deps layer.