Skip to content

Migrate Jenkins CI/CD pipelines to GitHub Actions #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
devin-ai-integration wants to merge 2 commits into
base: DevOps
Choose a base branch
from
Open

Migrate Jenkins CI/CD pipelines to GitHub Actions #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be5947d
Add GitHub Actions CI/CD workflows migrated from Jenkins
devin-ai-integration[bot] Feb 11, 2026
08ea1ab
Make SonarQube and Docker steps skip gracefully when secrets are not …
devin-ai-integration[bot] Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions .github/workflows/cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
name: CD Pipeline

on:
workflow_call:
inputs:
DOCKER_TAG:
description: 'Docker tag of the image built by the CI job'
required: true
type: string
workflow_dispatch:
inputs:
DOCKER_TAG:
description: 'Docker tag of the image built by the CI job'
required: true
type: string

permissions:
contents: write

jobs:
deploy:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
token: ${{ secrets.GITHUB_TOKEN }}

- name: Verify Docker image tag
run: echo "DOCKER TAG RECEIVED - ${{ inputs.DOCKER_TAG }}"

- name: Update Kubernetes manifest
run: |
sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${{ inputs.DOCKER_TAG }}|g' kubernetes/bankapp-deployment.yml

- name: Commit and push changes
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
echo "Checking repository status:"
git status
echo "Adding changes to git:"
git add kubernetes/bankapp-deployment.yml
echo "Committing changes:"
git commit -m "Updated K8s Deployment Docker Image Version to ${{ inputs.DOCKER_TAG }}" || echo "No changes to commit"
echo "Pushing changes to github:"
git push

- name: Send deployment notification email
if: always()
uses: dawidd6/action-send-mail@v3
with:
server_address: ${{ secrets.MAIL_SERVER }}
server_port: ${{ secrets.MAIL_PORT }}
username: ${{ secrets.MAIL_USERNAME }}
password: ${{ secrets.MAIL_PASSWORD }}
subject: "BankApp Application has been updated and deployed - ${{ job.status }}"
to: ${{ secrets.NOTIFICATION_EMAIL }}
from: ${{ secrets.MAIL_USERNAME }}
content_type: text/html
body: |
<html>
<body>
<div style="background-color: #FFA07A; padding: 10px; margin-bottom: 10px;">
<p style="color: black; font-weight: bold;">Project: ${{ github.repository }}</p>
</div>
<div style="background-color: #90EE90; padding: 10px; margin-bottom: 10px;">
<p style="color: black; font-weight: bold;">Build Number: ${{ github.run_number }}</p>
</div>
<div style="background-color: #87CEEB; padding: 10px; margin-bottom: 10px;">
<p style="color: black; font-weight: bold;">URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}</p>
</div>
</body>
</html>
106 changes: 106 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
name: CI Pipeline

on:
push:
branches: [main, DevOps]
pull_request:
branches: [main, DevOps]
workflow_dispatch:
inputs:
DOCKER_TAG:
description: 'Docker image tag for the build'
required: true
type: string

permissions:
contents: write

jobs:
build:
runs-on: ubuntu-latest
outputs:
docker_tag: ${{ steps.set-tag.outputs.docker_tag }}

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set Docker tag
id: set-tag
run: |
if [ -n "${{ github.event.inputs.DOCKER_TAG }}" ]; then
echo "docker_tag=${{ github.event.inputs.DOCKER_TAG }}" >> "$GITHUB_OUTPUT"
else
echo "docker_tag=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
fi

- name: Trivy filesystem scan
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'

- name: OWASP Dependency Check
uses: dependency-check/Dependency-Check_Action@main
with:
project: 'bankapp'
path: '.'
format: 'XML'
out: '.'

- name: Upload OWASP Dependency Check report
uses: actions/upload-artifact@v4
if: always()
with:
name: dependency-check-report
path: dependency-check-report.xml

- name: SonarQube Analysis
if: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_HOST_URL != '' }}
uses: sonarsource/sonarqube-scan-action@v6
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dsonar.projectName=bankapp
-Dsonar.projectKey=bankapp

- name: SonarQube Quality Gate
if: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_HOST_URL != '' }}
uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 1
continue-on-error: true
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

- name: Log in to Docker Hub
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push Docker image
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/bankapp:${{ steps.set-tag.outputs.docker_tag }}

- name: Upload build artifacts
uses: actions/upload-artifact@v4
if: success()
with:
name: build-artifacts
path: '**/*.xml'

deploy:
needs: build
if: success() && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
uses: ./.github/workflows/cd.yml
with:
DOCKER_TAG: ${{ needs.build.outputs.docker_tag }}
secrets: inherit