feat: Add GitHub Actions CI/CD workflows replacing Jenkins pipelines

[devin-ai-integration]

Summary

Adds two GitHub Actions workflow files that replace the existing Jenkins CI and CD pipelines (Jenkinsfile and GitOps/Jenkinsfile). The existing Jenkinsfiles and shared library (vars/) are preserved for transition.

.github/workflows/ci.yml (replaces root Jenkinsfile)

• Triggers on workflow_dispatch (with DOCKER_TAG input) and push to DevOps
• Runs Trivy filesystem scan (aquasecurity/trivy-action)
• Runs OWASP Dependency Check with XML report uploaded as artifact
• SonarQube analysis and quality gate check via SonarSource actions
• Docker login, build, and push to DockerHub (madhupdevops/bankapp:<tag>)
• Triggers the CD workflow via gh workflow run

.github/workflows/cd.yml (replaces GitOps/Jenkinsfile)

• Triggers on workflow_dispatch (with DOCKER_TAG input) and repository_dispatch
• Updates the K8s deployment manifest (kubernetes/bankapp-deployment.yml) image tag via sed
• Commits and pushes the manifest change back to DevOps
• Sends email notification (via dawidd6/action-send-mail) with if: always() matching Jenkins post { always {} }

Required GitHub Secrets

Secret	Purpose
SONAR_TOKEN	SonarQube authentication
SONAR_HOST_URL	SonarQube server URL
DOCKERHUB_USERNAME	DockerHub login
DOCKERHUB_TOKEN	DockerHub password/token
MAIL_USERNAME	SMTP email username
MAIL_PASSWORD	SMTP email password

Review & Testing Checklist for Human

• Verify the required GitHub Secrets listed above are configured in the repository settings
• Manually trigger the CI workflow (workflow_dispatch) with a test DOCKER_TAG to validate end-to-end
• Confirm the CD workflow is triggered successfully after CI completes
• Verify the sed command correctly updates kubernetes/bankapp-deployment.yml (note: file uses .yml extension, not .yaml)
• Verify email notification is received after CD runs

Notes

• Existing Jenkinsfile, GitOps/Jenkinsfile, and vars/*.groovy are intentionally preserved — they can be removed once the GH Actions migration is validated.
• The CD workflow supports both workflow_dispatch (manual / CI-triggered via gh) and repository_dispatch (API-triggered) for flexibility.
• The CI workflow's push trigger on DevOps will not have DOCKER_TAG available — the Docker build/push and CD trigger steps will only work with workflow_dispatch.

Link to Devin session: https://app.devin.ai/sessions/d56d0bf676bc4ef198f214d80cae0ff6
Requested by: @joao-cognition

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[staging-devin-ai-integration]

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.