[MOSIP-44263] Updated workflow references to use as build was failing

[Ivanmeneges]

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow sources to align build and UI pipelines with newer pipeline variants and tooling.
  • Adjusted a build artifact retrieval step which may change the downloaded artifact name used in image builds.
  • No changes to application behavior or user-facing functionality; infrastructure and build-process updates only.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated GitHub Actions workflow references in .github/workflows/push-trigger.yml to use master-java21 (and related) tags and swapped one BrowserStack workflow source from mosip/kattu/...@develop to anup-nehe/kattu/...@develop. Also adjusted a wget invocation in esignet-service/Dockerfile so the downloaded file keeps its remote filename (client-21.zip vs client.zip).

Changes

Cohort / File(s)	Summary
Workflow reference updates \.github/workflows/push-trigger.yml	Replaced uses: workflow sources to java21 variant tags (e.g., master → master-java21) and switched one BrowserStack workflow source from mosip/kattu/...@develop to anup-nehe/kattu/...@develop. No job steps or sequencing changed.
Dockerfile download behavior esignet-service/Dockerfile	Modified wget invocation so it no longer forces output filename; downloaded artifact retains remote name (client-21.zip), which may affect downstream steps expecting client.zip.

Sequence Diagram(s)

(omitted — changes are configuration and a small file download filename adjustment; no new multi-component control flow introduced)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• [MOSIP-43541] revoked changes for develop branch #1601: Similar .github/workflows/push-trigger.yml edits switching workflow references to java21 variants.
• [MOSIP-43541] Added changes detection for conditional builds #1544: Updates to docker/build workflow entries and related workflow reference changes.

Suggested reviewers

• ckm007
• ase-101

Poem

🐰
I nibbled tags and hopped a little tweak,
Swapped workflows' labels, kept the steps meek.
A zip kept its name — a small hoppity twist,
CI carrots gleam in the dev-pipeline mist.
Hooray for tiny changes that quietly persist.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title references updated workflow references but lacks specificity about the actual changes made (Java21 branch, kattu repository change).	Make the title more specific by mentioning key changes, e.g., 'Updated workflow references to use Java21 branch and develop kattu source' or clarify what 'use as build' means.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d52929d and 6549b31.

📒 Files selected for processing (1)

• esignet-service/Dockerfile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: oidc-ui / build-dockers
• GitHub Check: build-maven-uitest-esignet / maven-build
• GitHub Check: build_maven_esignet / maven-build
• GitHub Check: build_maven_apitest_esignet / maven-build
• GitHub Check: Analyze (java-kotlin)

🔇 Additional comments (1)

esignet-service/Dockerfile (1)

91-91: No issue found - filenames match.

The Dockerfile wget command downloads the file as client.zip (the last component of the URL), which matches the filename that configure_start.sh expects at line 26: FILE_NAME="client.zip". There is no filename mismatch.

Likely an incorrect or invalid review comment.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/push-trigger.yml:
- Line 322: Update the reusable workflow reference that currently reads uses:
anup-nehe/kattu/.github/workflows/maven-build-browserStack.yml@develop to a
pinned ref (commit SHA or immutable tag); locate the uses entry in the workflow
file (the line referencing
anup-nehe/kattu/.github/workflows/maven-build-browserStack.yml) and replace the
branch ref (develop) with a specific commit SHA or a signed release tag so the
external reusable workflow cannot drift while high-privilege secrets (OSSRH,
GPG, BrowserStack, Slack) are exposed.

♻️ Duplicate comments (5)

.github/workflows/push-trigger.yml (5)

110-110: Same concern as Line 27: pin mutable workflow refs.

Line 110 also uses @master; please apply the same verification/pinning guidance as noted for Line 27.

---

124-124: Same concern as Line 27: pin mutable workflow refs.

Line 124 also uses @master; please apply the same verification/pinning guidance as noted for Line 27.

---

159-159: Same concern as Line 27: pin mutable workflow refs.

Line 159 also uses @master; please apply the same verification/pinning guidance as noted for Line 27.

---

172-172: Same concern as Line 27: pin mutable workflow refs.

Line 172 also uses @master; please apply the same verification/pinning guidance as noted for Line 27.

---

195-195: Same concern as Line 27: pin mutable workflow refs.

Line 195 also uses @master; please apply the same verification/pinning guidance as noted for Line 27.

🧹 Nitpick comments (1)

.github/workflows/push-trigger.yml (1)

27-27: Pin the reusable workflow ref and confirm Java toolchain expectations.

Line 27 switches to @master, which is mutable and may change the Java/toolchain behavior unexpectedly. Please verify the master workflow still matches the required Java version and consider pinning to a tag or commit SHA for reproducibility and supply-chain hardening.

🔒️ Suggested pinning (example)

-    uses: mosip/kattu/.github/workflows/maven-build.yml@master
+    uses: mosip/kattu/.github/workflows/maven-build.yml@<tag-or-commit-sha>

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d69fb8e and d9c116f.

📒 Files selected for processing (1)

• .github/workflows/push-trigger.yml

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-12-19T07:14:21.109Z

Learnt from: mohanachandran-s
Repo: mosip/esignet PR: 1590
File: api-test/pom.xml:76-85
Timestamp: 2025-12-19T07:14:21.109Z
Learning: In the mosip/esignet repository, the distributionManagement release repository uses `https://central.sonatype.com/api/v1/publisher` with the central-publishing-maven-plugin (version 0.7.0), which is the correct configuration for Sonatype Central Portal API-based publishing across all modules.

Applied to files:

• .github/workflows/push-trigger.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: oidc-ui / build-dockers
• GitHub Check: build-maven-uitest-esignet / maven-build
• GitHub Check: build_maven_apitest_esignet / maven-build
• GitHub Check: Analyze (java-kotlin)

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}