Convert Jenkins CI/CD pipelines to GitHub Actions workflows

.github/SECRETS.md

@@ -0,0 +1,29 @@
+# Required GitHub Actions Secrets
+
+The following secrets must be configured in the repository settings:
+
+## Docker Hub
+- `DOCKERHUB_USERNAME`: Docker Hub username (madhupdevops)
+- `DOCKERHUB_TOKEN`: Docker Hub access token
+
+## SonarQube
+- `SONAR_TOKEN`: SonarQube authentication token
+- `SONAR_HOST_URL`: SonarQube server URL
+
+## Email Notifications
+- `EMAIL_USERNAME`: SMTP username for notifications
+- `EMAIL_PASSWORD`: SMTP password for notifications  
+- `EMAIL_TO`: Recipient email address
+- `EMAIL_FROM`: Sender email address
+
+## Setup Instructions
+1. Go to repository Settings > Secrets and variables > Actions
+2. Add each secret with the corresponding value
+3. Ensure the GitHub token has write permissions for repository dispatch
+
+## Migration Notes
+These secrets replace the Jenkins credentials that were previously used:
+- Jenkins `docker` credential → `DOCKERHUB_USERNAME` + `DOCKERHUB_TOKEN`
+- Jenkins `Github-cred` credential → Built-in `GITHUB_TOKEN`
+- Jenkins SonarQube configuration → `SONAR_TOKEN` + `SONAR_HOST_URL`
+- Jenkins email configuration → Email secrets above

.github/workflows/cd.yml

@@ -0,0 +1,77 @@
+name: CD Pipeline (GitOps)
+
+on:
+  repository_dispatch:
+    types: [ci-complete]
+  workflow_dispatch:
+    inputs:
+      docker_tag:
+        description: 'Docker tag to deploy'
+        required: true
+
+env:
+  DOCKER_TAG: ${{ github.event.client_payload.docker_tag || github.event.inputs.docker_tag }}
+
+jobs:
+  cd:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Workspace cleanup
+      run: |
+        sudo rm -rf $GITHUB_WORKSPACE/*
+        sudo rm -rf $GITHUB_WORKSPACE/.[!.]*
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        ref: DevOps
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Verify Docker tag
+      run: |
+        echo "DOCKER TAG RECEIVED: ${{ env.DOCKER_TAG }}"
+
+    - name: Update Kubernetes manifest
+      run: |
+        cd kubernetes
+        sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${{ env.DOCKER_TAG }}|g' bankapp-deployment.yml
+
+    - name: Commit and push changes
+      run: |
+        git config --local user.email "devin-ai-integration[bot]@users.noreply.github.com"
+        git config --local user.name "Devin AI"
+        echo "Checking repository status: "
+        git status
+        echo "Adding changes to git: "
+        git add .
+        echo "Commiting changes: "
+        git commit -m "Updated K8s Deployment Docker Image Version to ${{ env.DOCKER_TAG }}"
+        echo "Pushing changes to github: "
+        git push origin DevOps
+
+    - name: Send notification email
+      uses: dawidd6/action-send-mail@v3
+      if: always()
+      with:
+        server_address: smtp.gmail.com
+        server_port: 587
+        username: ${{ secrets.EMAIL_USERNAME }}
+        password: ${{ secrets.EMAIL_PASSWORD }}
+        subject: "BankApp Application has been updated and deployed - ${{ job.status }}"
+        to: ${{ secrets.EMAIL_TO }}
+        from: ${{ secrets.EMAIL_FROM }}
+        html_body: |
+          <html>
+          <body>
+              <div style="background-color: #FFA07A; padding: 10px; margin-bottom: 10px;">
+                  <p style="color: black; font-weight: bold;">Project: ${{ github.repository }}</p>
+              </div>
+              <div style="background-color: #90EE90; padding: 10px; margin-bottom: 10px;">
+                  <p style="color: black; font-weight: bold;">Build Number: ${{ github.run_number }}</p>
+              </div>
+              <div style="background-color: #87CEEB; padding: 10px; margin-bottom: 10px;">
+                  <p style="color: black; font-weight: bold;">URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}</p>
+              </div>
+          </body>
+          </html>

.github/workflows/ci.yml

@@ -0,0 +1,128 @@
+name: CI Pipeline
+
+on:
+  push:
+    branches: [ DevOps, main ]
+  pull_request:
+    branches: [ DevOps, main ]
+  workflow_dispatch:
+    inputs:
+      docker_tag:
+        description: 'Docker tag for the image'
+        required: true
+        default: 'latest'
+
+env:
+  DOCKER_TAG: ${{ github.event.inputs.docker_tag || github.sha }}
+  DOCKERHUB_USERNAME: madhupdevops
+  PROJECT_NAME: bankapp
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Workspace cleanup
+      run: |
+        sudo rm -rf $GITHUB_WORKSPACE/*
+        sudo rm -rf $GITHUB_WORKSPACE/.[!.]*
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        ref: DevOps
+
+    - name: Set up Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    - name: Install Trivy
+      run: |
+        sudo apt-get update
+        sudo apt-get install wget apt-transport-https gnupg lsb-release
+        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+        echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
+        sudo apt-get update
+        sudo apt-get install trivy
+
+    - name: Trivy filesystem scan
+      run: |
+        trivy fs .
+      continue-on-error: true
+
+    - name: OWASP Dependency Check
+      uses: dependency-check/Dependency-Check_Action@main
+      with:
+        project: 'bankapp'
+        path: '.'
+        format: 'XML'
+        out: 'reports'
+      continue-on-error: true
+
+    - name: Upload OWASP results
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: dependency-check-report
+        path: reports/dependency-check-report.xml
+
+    - name: Install SonarQube Scanner
+      run: |
+        wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip
+        unzip sonar-scanner-cli-4.8.0.2856-linux.zip
+        sudo mv sonar-scanner-4.8.0.2856-linux /opt/sonar-scanner
+        sudo ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
+
+    - name: SonarQube analysis
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      run: |
+        sonar-scanner \
+          -Dsonar.projectKey=bankapp \
+          -Dsonar.projectName=bankapp \
+          -Dsonar.sources=. \
+          -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
+          -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
+          -X
+      continue-on-error: true
+
+    - name: SonarQube Quality Gate
+      uses: sonarqube-quality-gate-action@master
+      timeout-minutes: 1
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      continue-on-error: true
+
+    - name: Docker build
+      run: |
+        docker build -t ${{ env.DOCKERHUB_USERNAME }}/${{ env.PROJECT_NAME }}:${{ env.DOCKER_TAG }} .
+
+    - name: Docker login
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Docker push
+      run: |
+        docker push ${{ env.DOCKERHUB_USERNAME }}/${{ env.PROJECT_NAME }}:${{ env.DOCKER_TAG }}
+
+    - name: Archive artifacts
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: build-artifacts
+        path: |
+          reports/*.xml
+          *.xml
+
+    - name: Trigger CD workflow
+      if: success()
+      uses: peter-evans/repository-dispatch@v3
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        event-type: ci-complete
+        client-payload: '{"docker_tag": "${{ env.DOCKER_TAG }}"}'

README.md

@@ -1,5 +1,43 @@
 ## End-to-End Bank Application Deployment using DevSecOps on AWS EKS
-- This is a multi-tier bank an application written in Java (Springboot).
+- This is a multi-tier bank application written in Java (Springboot).
+
+## Migration from Jenkins to GitHub Actions
+
+This repository has been migrated from Jenkins-based CI/CD to GitHub Actions workflows. The legacy Jenkins configuration files are preserved in the `legacy/jenkins/` directory for reference.
+
+### GitHub Actions Workflows
+
+The CI/CD pipeline now consists of two main GitHub Actions workflows:
+
+#### CI Pipeline (`.github/workflows/ci.yml`)
+1. **Code Checkout**: Retrieves source code from GitHub
+2. **Java Setup**: Configures Java 17 environment
+3. **Security Scanning**: 
+   - Trivy filesystem scan for vulnerabilities
+   - OWASP dependency check for known security issues
+4. **Code Quality**: SonarQube analysis with quality gates
+5. **Container Operations**: Docker image build and push to registry
+6. **Trigger CD**: Initiates the GitOps deployment workflow
+
+#### CD Pipeline (`.github/workflows/cd.yml`)
+1. **Manifest Updates**: Updates Kubernetes deployment manifests with new image tags
+2. **GitOps Commit**: Commits and pushes changes to trigger ArgoCD synchronization
+3. **Notifications**: Sends email notifications about deployment status
+
+### Required Secrets
+
+See `.github/SECRETS.md` for the complete list of required repository secrets for Docker Hub, SonarQube, and email notifications.
+
+### Setup Instructions
+
+1. **Configure GitHub Actions Secrets**:
+   - Follow the instructions in `.github/SECRETS.md`
+   - Add all required secrets to repository settings
+
+2. **Pipeline Execution**:
+   - Push changes to the `DevOps` branch to trigger CI pipeline
+   - Use workflow dispatch to manually trigger builds with custom Docker tags
+   - CD pipeline automatically triggers after successful CI builds
 
 ![Login diagram](images/login.png)
 ![Transactions diagram](images/transactions.png)
@@ -86,33 +124,15 @@ sudo su
   ```
 > [!Note]
 >  Make sure the ssh-public-key "eks-nodegroup-key is available in your aws account"
-- <b>Install Jenkins</b>
-```bash
-sudo apt update -y
-sudo apt install fontconfig openjdk-17-jre -y
-
-sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
-  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
-
-echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
-  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
-  /etc/apt/sources.list.d/jenkins.list > /dev/null
-
-sudo apt-get update -y
-sudo apt-get install jenkins -y
-```
-
-- After installing Jenkins, change the default port of jenkins from 8080 to 8081. Because our bankapp application will be running on 8080.
-  - Open /usr/lib/systemd/system/jenkins.service file and change JENKINS_PORT environment variable 
-![image](https://github.com/user-attachments/assets/6320ae49-82d4-4ae3-9811-bd6f06778483)
-  - Reload daemon
-  ```bash
-  sudo systemctl daemon-reload 
-  ```
-  - Restart Jenkins
-  ```bash
-  sudo systemctl restart jenkins
-  ```
+- <b>GitHub Actions Setup (Replaces Jenkins)</b>
+  - No server installation required - GitHub Actions runs in the cloud
+  - Configure repository secrets as documented in `.github/SECRETS.md`
+  - Workflows automatically trigger on push to DevOps branch
+  - Manual triggers available via workflow dispatch
+
+- <b>Legacy Jenkins Installation (For Reference)</b>
+  - Original Jenkins setup preserved in `legacy/jenkins/` directory
+  - Jenkins configuration replaced by GitHub Actions workflows
 #
 
 - <b id="docker">Install docker</b>