ci: add GitHub Actions workflows, PR template, dependabot

Author: premtsd-code

.github/dependabot.yml

@@ -0,0 +1,41 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /api-gateway
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /user-service
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /post-service
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /connections-service
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /notification-service
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: maven
+    directory: /uploader-service
+    schedule:
+      interval: weekly

.github/pull_request_template.md

@@ -0,0 +1,30 @@
+## Description
+<!-- What does this PR do? -->
+
+## Type of change
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Breaking change
+- [ ] Documentation update
+
+## Services affected
+- [ ] api-gateway
+- [ ] user-service
+- [ ] post-service
+- [ ] connections-service
+- [ ] notification-service
+- [ ] uploader-service
+- [ ] config-server
+- [ ] discovery-server
+
+## Testing done
+- [ ] Unit tests added/updated
+- [ ] Integration tests added/updated
+- [ ] Manually tested on DEV
+
+## Checklist
+- [ ] Tests pass locally
+- [ ] Coverage above 70%
+- [ ] No hardcoded credentials
+- [ ] Flyway migration added if schema changed
+- [ ] Swagger annotations added for new endpoints

.github/workflows/develop-ci-cd.yml

@@ -0,0 +1,122 @@
+name: Develop CI/CD
+
+on:
+  push:
+    branches: [develop]
+
+jobs:
+
+  detect-changes:
+    name: Detect Changed Services
+    runs-on: ubuntu-latest
+    outputs:
+      api-gateway: ${{ steps.changes.outputs.api-gateway }}
+      user-service: ${{ steps.changes.outputs.user-service }}
+      post-service: ${{ steps.changes.outputs.post-service }}
+      connections-service: ${{ steps.changes.outputs.connections-service }}
+      notification-service: ${{ steps.changes.outputs.notification-service }}
+      uploader-service: ${{ steps.changes.outputs.uploader-service }}
+      config-server: ${{ steps.changes.outputs.config-server }}
+      discovery-server: ${{ steps.changes.outputs.discovery-server }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            api-gateway:
+              - 'api-gateway/**'
+            user-service:
+              - 'user-service/**'
+            post-service:
+              - 'post-service/**'
+            connections-service:
+              - 'connections-service/**'
+            notification-service:
+              - 'notification-service/**'
+            uploader-service:
+              - 'uploader-service/**'
+            config-server:
+              - 'config-server/**'
+            discovery-server:
+              - 'discovery-server/**'
+
+  build-and-push:
+    name: Build and Push Images
+    runs-on: ubuntu-latest
+    needs: detect-changes
+    strategy:
+      matrix:
+        service:
+          - { name: api-gateway, changed: "${{ needs.detect-changes.outputs.api-gateway }}" }
+          - { name: user-service, changed: "${{ needs.detect-changes.outputs.user-service }}" }
+          - { name: post-service, changed: "${{ needs.detect-changes.outputs.post-service }}" }
+          - { name: connections-service, changed: "${{ needs.detect-changes.outputs.connections-service }}" }
+          - { name: notification-service, changed: "${{ needs.detect-changes.outputs.notification-service }}" }
+          - { name: uploader-service, changed: "${{ needs.detect-changes.outputs.uploader-service }}" }
+          - { name: config-server, changed: "${{ needs.detect-changes.outputs.config-server }}" }
+          - { name: discovery-server, changed: "${{ needs.detect-changes.outputs.discovery-server }}" }
+    steps:
+      - uses: actions/checkout@v4
+        if: matrix.service.changed == 'true'
+      - name: Set up JDK 17
+        if: matrix.service.changed == 'true'
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: maven
+      - name: Build service
+        if: matrix.service.changed == 'true'
+        run: cd ${{ matrix.service.name }} && mvn package -DskipTests
+      - name: Login to DockerHub
+        if: matrix.service.changed == 'true'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - name: Build and push image
+        if: matrix.service.changed == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./${{ matrix.service.name }}
+          platforms: linux/amd64
+          push: true
+          tags: |
+            premtsd18/${{ matrix.service.name }}:develop
+            premtsd18/${{ matrix.service.name }}:develop-${{ github.sha }}
+
+  deploy-dev:
+    name: Deploy to DEV
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    environment: development
+    steps:
+      - name: Deploy to Hetzner DEV
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.HETZNER_IP }}
+          username: ${{ secrets.HETZNER_USER }}
+          key: ${{ secrets.HETZNER_SSH_KEY }}
+          script: |
+            cd ~/personal/linkedin
+            git pull origin develop
+            docker compose pull
+            docker compose up -d --remove-orphans
+            docker image prune -f
+      - name: Health check
+        run: |
+          sleep 30
+          curl -f http://${{ secrets.HETZNER_IP }}:10000/actuator/health
+          echo "DEV deployment successful ✅"
+      - name: Rollback on failure
+        if: failure()
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.HETZNER_IP }}
+          username: ${{ secrets.HETZNER_USER }}
+          key: ${{ secrets.HETZNER_SSH_KEY }}
+          script: |
+            cd ~/personal/linkedin
+            docker compose up -d
+            echo "Rolled back ✅"

.github/workflows/pr-checks.yml

@@ -0,0 +1,123 @@
+name: PR Checks
+
+on:
+  pull_request:
+    branches: [develop, main]
+
+jobs:
+
+  detect-changes:
+    name: Detect Changed Services
+    runs-on: ubuntu-latest
+    outputs:
+      api-gateway: ${{ steps.changes.outputs.api-gateway }}
+      user-service: ${{ steps.changes.outputs.user-service }}
+      post-service: ${{ steps.changes.outputs.post-service }}
+      connections-service: ${{ steps.changes.outputs.connections-service }}
+      notification-service: ${{ steps.changes.outputs.notification-service }}
+      uploader-service: ${{ steps.changes.outputs.uploader-service }}
+      config-server: ${{ steps.changes.outputs.config-server }}
+      discovery-server: ${{ steps.changes.outputs.discovery-server }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            api-gateway:
+              - 'api-gateway/**'
+            user-service:
+              - 'user-service/**'
+            post-service:
+              - 'post-service/**'
+            connections-service:
+              - 'connections-service/**'
+            notification-service:
+              - 'notification-service/**'
+            uploader-service:
+              - 'uploader-service/**'
+            config-server:
+              - 'config-server/**'
+            discovery-server:
+              - 'discovery-server/**'
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: maven
+      - name: Run unit tests
+        run: mvn test -DskipIntegrationTests=true
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: unit-test-results
+          path: '**/target/surefire-reports/*.xml'
+
+  code-coverage:
+    name: Code Coverage
+    runs-on: ubuntu-latest
+    needs: unit-tests
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: maven
+      - name: Run tests with coverage
+        run: mvn verify jacoco:report -DskipIntegrationTests=true
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: '**/target/site/jacoco/'
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: maven
+      - name: OWASP Dependency Check
+        run: mvn dependency-check:check -DfailBuildOnCVSS=7 -DskipTestScope=true
+        continue-on-error: true
+      - name: Upload OWASP report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: owasp-report
+          path: '**/target/dependency-check-report.html'
+
+  code-quality:
+    name: Code Quality
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: maven
+      - name: Checkstyle
+        run: mvn checkstyle:check
+        continue-on-error: true
+      - name: SpotBugs
+        run: mvn spotbugs:check
+        continue-on-error: true