Skip to content

ci: Migrate Jenkins pipelines to GitHub Actions#197

Open
devin-ai-integration[bot] wants to merge 2 commits into
DevOpsfrom
devin/1778161154-migrate-jenkins-to-github-actions
Open

ci: Migrate Jenkins pipelines to GitHub Actions#197
devin-ai-integration[bot] wants to merge 2 commits into
DevOpsfrom
devin/1778161154-migrate-jenkins-to-github-actions

Conversation

@devin-ai-integration

@devin-ai-integration devin-ai-integration Bot commented May 7, 2026

Copy link
Copy Markdown

Summary

Replaces the Jenkins CI and CD pipelines (and the Groovy shared library) with equivalent GitHub Actions workflows.

CI workflow (.github/workflows/ci.yml) — runs on push/PR to DevOps/main:

  1. Maven build + tests (JDK 17)
  2. Trivy filesystem scan
  3. OWASP Dependency Check (report uploaded as artifact)
  4. SonarQube analysis + quality gate (conditional on SONAR_TOKEN secret)
  5. Docker build & push to DockerHub (conditional on DOCKERHUB_USERNAME secret; falls back to local-only build)
  6. Triggers CD workflow on success via repository_dispatch

CD workflow (.github/workflows/cd.yml) — triggered by CI or manual dispatch:

  1. Updates the image tag in kubernetes/bankapp-deployment.yml via sed
  2. Commits and pushes the manifest change
  3. Writes a deployment summary to the GitHub Actions job summary

Removed:

  • Jenkinsfile (CI pipeline)
  • GitOps/Jenkinsfile (CD pipeline)
  • vars/ directory (17 Groovy shared library files)

Other:

  • README.md tech stack updated from "Jenkins (CI)" to "GitHub Actions (CI/CD)"

Review & Testing Checklist for Human

  • Configure required GitHub secrets before merging: DOCKERHUB_USERNAME, DOCKERHUB_TOKEN, and optionally SONAR_TOKEN, SONAR_HOST_URL, GH_PAT. Without DockerHub secrets, CI will only build the image locally (no push). Without SonarQube secrets, those steps are skipped entirely.
  • CD checkout token fallback: ${{ secrets.GH_PAT || github.token }} — verify this expression correctly falls back to github.token when GH_PAT is not set. The CD job needs write/push permissions on the repo; the default github.token may not have sufficient permissions depending on repo settings.
  • Email notifications removed: The Jenkins CD pipeline sent email via emailext. The GHA replacement writes a job summary but does not send email. Confirm this is acceptable or add an email notification step (e.g., via dawidd6/action-send-mail).
  • Test plan: After merging, trigger the CI workflow manually (workflow_dispatch) with a test docker tag and verify each step passes. Then trigger the CD workflow and confirm the K8s manifest is updated correctly.

Notes

  • SonarQube and Docker push steps degrade gracefully (skip) when their respective secrets are not configured. When DockerHub secrets are absent, a local-only docker build runs instead so the build is still validated.
  • Maven tests and OWASP Dependency Check use continue-on-error: true to avoid blocking the pipeline on non-critical failures, matching the original Jenkins behavior.
  • The sed regex in the CD workflow (image: .*/bankapp.*) is broader than the original Jenkins regex (trainwithshubham/bankapp-eks:.*). This should be fine for the current manifest but could over-match if additional bankapp-related image references are added.

Link to Devin session: https://app.devin.ai/sessions/47131ba3402a43a1b475de79c44893c5
Requested by: @vanessasalas-cog


Devin Review

Status Commit
⚪ Not started

Run Devin Review

💡 Connect your GitHub account to enable automatic code reviews.

Open in Devin Review (Staging)

- Add .github/workflows/ci.yml (build, Trivy scan, OWASP check, SonarQube, Docker build/push)
- Add .github/workflows/cd.yml (update K8s manifest, commit & push)
- Remove Jenkinsfile, GitOps/Jenkinsfile, and vars/ shared library
- Update README.md tech stack to reflect GitHub Actions

Co-Authored-By: vanessa.salas <vanessa.salas@cognition.ai>
@devin-ai-integration

Copy link
Copy Markdown
Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

- Skip Docker buildx/push steps when DOCKERHUB_USERNAME secret is not set
- Fall back to plain docker build (no push) when secrets are missing
- Fix SonarQube conditionals to use secrets context directly

Co-Authored-By: vanessa.salas <vanessa.salas@cognition.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant