Migrate Jenkins CI/CD pipelines to GitHub Actions

[devin-ai-integration]

Migrate Jenkins CI/CD pipelines to GitHub Actions

Summary

Adds two GitHub Actions workflow files that replicate the existing Jenkins CI and CD pipelines. The original Jenkins files (Jenkinsfile, GitOps/Jenkinsfile, vars/*.groovy) are not modified or removed.

CI workflow (ci.yml) maps the 8-stage Jenkins pipeline:

Jenkins Stage	GitHub Actions Equivalent
Workspace cleanup	N/A (fresh runner)
Code Checkout (code_checkout())	actions/checkout@v4
Trivy FS scan (trivy_scan())	aquasecurity/trivy-action@master
OWASP Dependency Check (owasp_dependency())	dependency-check/Dependency-Check_Action@main
SonarQube Analysis (sonarqube_analysis())	sonarsource/sonarqube-scan-action@v6
SonarQube Quality Gate (sonarqube_code_quality())	sonarsource/sonarqube-quality-gate-action@master
Docker Build (docker_build())	docker/build-push-action@v5
Docker Push (docker_push())	Same action with push: true

CD workflow (cd.yml) maps the GitOps Jenkins pipeline: checkout → update K8s manifest via sed → commit & push → email notification. Chained from CI via workflow_call, also triggerable via workflow_dispatch.

Graceful secret handling

SonarQube and Docker Hub steps are guarded with if: ${{ secrets.SECRET != '' }} conditions so they skip gracefully when the corresponding secrets are not yet configured, rather than failing the entire workflow. This allows the pipeline to run partially (checkout, Trivy, OWASP) even before all secrets are set up.

Required Secrets to Configure

Secret	Purpose
DOCKERHUB_USERNAME	Docker Hub username
DOCKERHUB_TOKEN	Docker Hub access token
SONAR_TOKEN	SonarQube authentication token
SONAR_HOST_URL	SonarQube server URL
MAIL_SERVER	SMTP server address
MAIL_PORT	SMTP server port
MAIL_USERNAME	Email sender address
MAIL_PASSWORD	Email sender password
NOTIFICATION_EMAIL	Email recipient address

Review & Testing Checklist for Human

• Docker push on PRs: The build job (which includes Docker image push) runs on pull_request events. This means PR builds will attempt to push images to Docker Hub when secrets are configured. Confirm whether Docker build+push should be gated to push/dispatch events only, or split into separate build-only and push steps.
• CD push permissions: The CD workflow commits and pushes to kubernetes/bankapp-deployment.yml using GITHUB_TOKEN. Verify that branch protection rules allow github-actions[bot] to push, or consider switching to a PAT / bot-branch + PR pattern.
• Email notification has no secret guard: The CD email step (dawidd6/action-send-mail@v3) runs with if: always() but has no guard checking if mail secrets are configured. It will error if MAIL_SERVER/MAIL_USERNAME/MAIL_PASSWORD are not set. Decide whether to add an if guard or accept the failure.
• SonarQube quality gate is non-blocking (continue-on-error: true): This matches the original Jenkins abortPipeline: false behavior. Confirm this is intentional—if you want the gate to block, remove continue-on-error.
• Hardcoded image path: The sed command in CD uses trainwithshubham/bankapp-eks from the original pipeline. Verify this is the correct image reference for this fork.
• Test plan: Configure all required secrets above, then trigger CI via workflow_dispatch with a test DOCKER_TAG value. Verify each step executes and the CD workflow updates the K8s manifest correctly.

Notes

• SonarQube and Docker steps will be skipped (not fail) until their respective secrets are configured
• Original Jenkins files are preserved and can be removed separately once GitHub Actions is validated

---

Link to Devin run: https://app.devin.ai/sessions/cf8756bc6d934ddaad02be9952d78c16
Requested by: @angelalincog

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring