Purpose: Demonstrate migration of a complex, real-world Jenkins pipeline with shared libraries, approval gates, and multi-stage deployments to GitHub Actions.
This is a deliberately complex legacy system showcasing the typical migration challenges customers face:
- 448-line Jenkinsfile with 17 stages
- 3 custom shared library functions
- Manual approval gates for production
- Docker-in-Docker for integration tests
- Scattered credentials across multiple stages
- Platform-specific logic (
isUnix()checks) - Complex conditionals and nested parallel stages
- Hard-coded environment URLs and configuration
The application code is minimal by design - just enough to justify the complex pipeline:
- Rule Engine: Spring Boot service (~100 lines) - evaluates fraud risk
- Model Service: Flask service (~50 lines) - fake ML predictions
The Jenkins pipeline is the star of the show - 448 lines of deliberate complexity that represents real-world legacy systems.
fraud-detection-legacy/
├── Jenkinsfile # 448 lines - THE NIGHTMARE
├── vars/ # Jenkins shared library
│ ├── deployModel.groovy # Custom deployment logic
│ ├── notifyTeam.groovy # Slack/email notifications
│ └── runComplianceCheck.groovy # PCI/compliance validation
├── jenkins-demo/
│ ├── docker-compose.yml # Local Jenkins setup
│ └── plugins.txt # Required Jenkins plugins
├── rule-engine/ # Java Spring Boot service
│ ├── pom.xml
│ ├── Dockerfile
│ └── src/
├── model-service/ # Python Flask ML service
│ ├── requirements.txt
│ ├── Dockerfile
│ ├── app.py
│ └── test_model.py
├── integration-tests/
│ ├── docker-compose.test.yml # Kafka + Redis for tests
│ └── run_integration_tests.sh
└── deployment/
├── dev-config.properties
├── staging-config.properties
└── prod-config.properties
- Docker & Docker Compose
- Java 11+ (for local development)
- Python 3.9+ (for local development)
- Maven 3.6+ (for local development)
Rule Engine (Java Spring Boot):
cd rule-engine
mvn clean test
mvn spring-boot:runModel Service (Python Flask):
cd model-service
pip install -r requirements.txt
pytest test_model.py
python app.py# Build images
docker build -t fraud-rule-engine rule-engine/
docker build -t fraud-model-service model-service/
# Run containers
docker run -p 8080:8080 fraud-rule-engine
docker run -p 5000:5000 fraud-model-servicecd jenkins-demo
docker-compose up -d
# Access Jenkins at http://localhost:8080
# Default credentials: admin/admin (configure on first run)Java:
cd rule-engine
mvn testPython:
cd model-service
pytest test_model.pycd integration-tests
docker-compose -f docker-compose.test.yml up -d
sleep 30
./run_integration_tests.sh
docker-compose -f docker-compose.test.yml downRule Engine:
# Health check
curl http://localhost:8080/health
# Low risk transaction
curl -X POST http://localhost:8080/api/check-transaction \
-H 'Content-Type: application/json' \
-d '{"transactionId":"test-001","amount":100,"country":"US","hour":14,"merchantNew":false}'
# High risk transaction
curl -X POST http://localhost:8080/api/check-transaction \
-H 'Content-Type: application/json' \
-d '{"transactionId":"test-002","amount":15000,"country":"RU","hour":3,"merchantNew":true}'Model Service:
# Health check
curl http://localhost:5000/health
# ML prediction
curl -X POST http://localhost:5000/predict \
-H 'Content-Type: application/json' \
-d '{"amount":5000,"merchant":"Test Store"}'The Jenkinsfile contains 17 stages showcasing real-world complexity:
- Checkout - SCM checkout
- Parallel Build - Java (Maven) + Python (pip)
- Unit Tests - JUnit + pytest
- Code Quality - Checkstyle + PMD
- Security Scans - OWASP + Safety + Custom compliance
- Build Docker Images - Multi-platform builds
- Integration Tests - Docker-in-Docker with Kafka/Redis
- Deploy to Dev - Using shared library
- Smoke Tests Dev - Health checks
- Deploy to Staging - Conditional on main branch
- Integration Tests Staging - Full API tests
- Manual Approval Gate ⭐ - 2-hour timeout
- Production Compliance Check ⭐ - Shared library
- Deploy to Production ⭐ - Conditional deployment
- Smoke Tests Prod - With retries
- Archive Artifacts - JARs and test reports
- Notify Team - Slack/email via shared library
These are the challenges that make this demo realistic:
@Library('fraud-detection-lib@v1.0') _- Custom functions:
deployModel(),notifyTeam(),runComplianceCheck() - Challenge: Convert to reusable workflows or composite actions
input(
message: 'Deploy to Production?',
ok: 'Deploy',
submitter: 'deploy-team,managers'
)- Challenge: GitHub environments with required reviewers
withCredentials([
string(credentialsId: 'dev-db-password', variable: 'DB_PASS'),
usernamePassword(credentialsId: 'kafka-creds', ...)
])- Challenge: Migrate to GitHub secrets with proper scoping
agent {
docker {
image 'docker:dind'
args '--privileged'
}
}- Challenge: Service containers or setup-docker action
if (isUnix()) {
sh './gradlew test'
} else {
bat 'gradlew.bat test'
}- Challenge: Remove (GHA Linux by default) or use
runner.os
when {
allOf {
branch 'main'
not { changelog '.*\\[skip-ci\\].*' }
expression { env.DEPLOY_ENABLED == 'true' }
}
}- Challenge: Translate to
if:conditions in GHA
- Environment URLs scattered throughout
- Challenge: Environment variables and GitHub environments
"This is our fraud detection system - a legacy monster.
448 lines of Jenkins pipeline. 17 stages. 3 custom shared libraries. Manual approval gates. Docker-in-Docker. Platform-specific logic everywhere.
Traditional migration? 5+ days of manual work. Breaks on edge cases. Error-prone. Expensive.
Watch Devin migrate this in 3 minutes.
It handles the shared libraries. Converts approval gates to GitHub environments. Migrates credentials properly. Removes platform logic. Simplifies conditionals.
Complete, tested, ready to run."
- ✅ 448-line Jenkinsfile successfully created
- ✅ 3 shared library functions implemented
- ✅ 17 pipeline stages with realistic complexity
- ✅ 2 services (Java + Python) with tests
- ✅ Integration tests with Docker Compose
- ✅ Manual approval gates demonstrated
- ✅ Docker-in-Docker setup
- ✅ Multiple environments (dev/staging/prod)
These are intentional anti-patterns to make the demo realistic:
- ❌ Magic sleep statements - No explanation for delays
- ❌ No error handling - Scripts can fail silently
- ❌ Hard-coded secrets - Commented out but visible
- ❌ Copy-paste code - Repeated logic instead of DRY
- ❌ Unclear naming - Generic stage names
- ❌ Missing cleanup - Containers not removed on failure
- ❌ No timeouts - Stages could hang forever
- ❌ Environment coupling - Dev/staging/prod logic intertwined
- Fraud Detection Legacy Plan - Detailed implementation plan
- Jenkins Demo Use Cases - Overview of all 5 demos
- Migration Comparison - Jenkins vs GitHub Actions
This is a demo project - not accepting contributions. Use it as a reference for your own migration demos.
MIT License - Use this for demos and workshops.
- Jenkins Pipeline Syntax
- GitHub Actions Documentation
- Shared Libraries in Jenkins
- GitHub Reusable Workflows
Demo Status: ✅ Complete and ready for presentation