ci: Migrate Jenkins pipeline to GitHub Actions

[devin-ai-integration]

Summary

Migrates the existing Jenkins CI pipeline (Jenkinsfile + shared library in vars/) to a GitHub Actions workflow (.github/workflows/ci.yml).

Pipeline stage mapping

Jenkins Stage	GitHub Actions Equivalent
Workspace cleanup	Handled automatically by actions/checkout
Git: Code Checkout	actions/checkout@v4
Trivy: Filesystem scan	aquasecurity/trivy-action@0.35.0
OWASP: Dependency check	dependency-check/Dependency-Check_Action@main + artifact upload
SonarQube: Code Analysis	SonarSource/sonarqube-scan-action@v5 (non-blocking, matches Jenkins abortPipeline: false)
SonarQube: Code Quality Gates	SonarSource/sonarqube-quality-gate-action@v1 (non-blocking)
Docker: Build Images	docker/build-push-action@v6 with Buildx + GHA caching
Docker: Push to DockerHub	Integrated into build-push-action; conditional on secrets being configured

Workflow structure

• 3 jobs: security-scans and code-quality run in parallel; docker runs after security-scans passes.
• SonarQube is non-blocking (continue-on-error: true), matching the original Jenkins behavior (abortPipeline: false).
• Docker login/push is conditional — skips login and sets push: false when DOCKERHUB_USERNAME/DOCKERHUB_TOKEN secrets aren't configured, so the build step still validates the Dockerfile.
• Triggers: push/pull_request on main/DevOps branches, plus workflow_dispatch with a DOCKER_TAG input (mirrors the Jenkins parameter).
• Docker tag: Uses the DOCKER_TAG input on manual dispatch; falls back to the short commit SHA on push/PR triggers.

Required GitHub Secrets

Secret	Purpose
DOCKERHUB_USERNAME	DockerHub login
DOCKERHUB_TOKEN	DockerHub access token
SONAR_TOKEN	SonarQube authentication token
SONAR_HOST_URL	SonarQube server URL

Review & Testing Checklist for Human

• Configure the required GitHub secrets (DOCKERHUB_USERNAME, DOCKERHUB_TOKEN, SONAR_TOKEN, SONAR_HOST_URL) in repo Settings → Secrets and variables → Actions
• Run the workflow manually via Actions tab → CI Pipeline → Run workflow, with a test DOCKER_TAG to confirm end-to-end execution
• Confirm the Docker image appears in DockerHub after a successful run with secrets configured

Notes

• The Jenkins post-success step triggered a downstream BankApp-CD job. If CD automation is needed, consider adding a separate workflow_dispatch or repository_dispatch trigger in a CD workflow.
• The Jenkinsfile and vars/ shared library are left in place so the migration can be validated before removing them.

Link to Devin session: https://app.devin.ai/sessions/f69bcbedc7c741eeb8ae16174d31cca5
Requested by: @vanessasalas-cog

---

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring