feat: Migrate Jenkins pipeline to GitHub Actions CI/CD workflows

[devin-ai-integration]

Summary

Migrates the existing Jenkins CI and GitOps CD pipelines to GitHub Actions, preserving all original pipeline stages and functionality.

CI Workflow (.github/workflows/ci.yml)

Maps from Jenkinsfile:

Jenkins Stage	GitHub Actions Job
Workspace cleanup	(handled automatically by GHA runners)
Git: Code Checkout	actions/checkout@v4
Trivy: Filesystem scan	aquasecurity/trivy-action (fs scan)
OWASP: Dependency check	dependency-check/Dependency-Check_Action with HTML report upload
SonarQube: Code Analysis	SonarSource/sonarqube-scan-action (conditional on SONAR_HOST_URL var)
SonarQube: Code Quality Gates	SonarSource/sonarqube-quality-gate-action
Docker: Build Images	docker/build-push-action with Buildx + GHA cache
Docker: Push to DockerHub	Same step as above (build + push combined)
Post-success: Trigger CD	actions/github-script dispatches CD workflow

CD Workflow (.github/workflows/cd.yml)

Maps from GitOps/Jenkinsfile:

Jenkins Stage	GitHub Actions Job
Verify Docker Image Tags	Echo step verifying received tag
Update K8s manifest	sed to update image in kubernetes/bankapp-deployment.yml
Git commit & push	Auto-commit with github-actions[bot]
Email notification	Replaced with GitHub Actions Job Summary

Required GitHub Configuration

To fully enable the workflows, set these in the repo settings:

• Secrets: DOCKERHUB_TOKEN, SONAR_TOKEN (optional)
• Variables: DOCKERHUB_USERNAME, SONAR_HOST_URL (optional)

Review & Testing Checklist for Human

• Verify DOCKERHUB_USERNAME and DOCKERHUB_TOKEN are configured in repo Settings > Secrets and variables > Actions
• If using SonarQube, configure SONAR_TOKEN (secret) and SONAR_HOST_URL (variable)
• Test the CI workflow by pushing a commit or opening a PR against DevOps branch
• Manually trigger the CD workflow via Actions tab to verify K8s manifest update logic

Notes

• SonarQube analysis is conditionally skipped if SONAR_HOST_URL is not configured
• Docker build & push only runs on push events (not on PRs) to avoid unauthorized pushes
• CD workflow is triggered automatically only from the DevOps branch
• OWASP and test steps use continue-on-error: true to match the non-blocking behavior of the original Jenkins pipeline

Link to Devin session: https://app.devin.ai/sessions/6bb3af4d813241e9bb8201feb7453f3c
Requested by: @vanessasalas-cog

---

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring