Cognition-Partner-Workshops · devin-ai-integration · May 26, 2026 · May 26, 2026 · May 26, 2026 · May 26, 2026
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,197 @@
+name: Build & Deploy to Azure VM
+
+on:
+  push:
+    branches: [main, migration/complete-java-migration]
+  pull_request:
+    branches: [main]
+
+env:
+  JAVA_VERSION: '21'
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/eshop-catalog
+  WORKING_DIR: eShopLegacyMVC-SpringBoot
+
+jobs:
+  # ──────────────────────────────────────────────
+  # Job 1: Build, Test, and Verify
+  # ──────────────────────────────────────────────
+  build-and-test:
+    name: Build & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIR }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: maven
+          cache-dependency-path: ${{ env.WORKING_DIR }}/pom.xml
+
+      - name: Build and run tests
+        run: ./mvnw clean verify -B
+
+      - name: Check code formatting (Spotless)
+        run: ./mvnw spotless:check -B
+
+      - name: Publish test results
+        uses: dorny/test-reporter@v1
+        if: always()
+        with:
+          name: JUnit Test Results
+          path: ${{ env.WORKING_DIR }}/target/surefire-reports/*.xml
+          reporter: java-junit
+
+      - name: Upload JaCoCo coverage report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: jacoco-report
+          path: ${{ env.WORKING_DIR }}/target/site/jacoco/
+          retention-days: 14
+
+  # ──────────────────────────────────────────────
+  # Job 2: Build Docker Image and Push to GHCR
+  # ──────────────────────────────────────────────
+  docker-build-push:
+    name: Docker Build & Push
+    runs-on: ubuntu-latest
+    needs: build-and-test
+    if: github.event_name == 'push'
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ github.sha }}
+            type=ref,event=branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.WORKING_DIR }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  # ──────────────────────────────────────────────
+  # Job 3: Deploy to Staging (auto-deploy)
+  # ──────────────────────────────────────────────
+  deploy-staging:
+    name: Deploy to Staging
+    runs-on: ubuntu-latest
+    needs: docker-build-push
+    environment: staging
+    steps:
+      - name: Deploy to staging VM via SSH
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.STAGING_VM_HOST }}
+          username: ${{ secrets.VM_USERNAME }}
+          key: ${{ secrets.VM_SSH_KEY }}
+          envs: GHCR_TOKEN
+          script: |
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+            docker stop eshop-catalog || true
+            docker rm eshop-catalog || true
+            docker run -d \
+              --name eshop-catalog \
+              --restart unless-stopped \
+              -p 8080:8080 \
+              --env-file /opt/app/staging.env \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+        env:
+          GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # ──────────────────────────────────────────────
+  # Job 4: Health Check on Staging
+  # ──────────────────────────────────────────────
+  health-check-staging:
+    name: Staging Health Check
+    runs-on: ubuntu-latest
+    needs: deploy-staging
+    environment: staging
+    steps:
+      - name: Wait for application startup
+        run: sleep 30
+
+      - name: Verify health endpoint
+        run: |
+          for i in $(seq 1 10); do
+            STATUS=$(curl -sf "${{ secrets.STAGING_URL }}/actuator/health" | jq -r '.status') || true
+            if [ "$STATUS" = "UP" ]; then
+              echo "Health check passed: status is UP"
+              exit 0
+            fi
+            echo "Attempt $i: status=$STATUS — retrying in 10s..."
+            sleep 10
+          done
+          echo "Health check failed after 10 attempts"
+          exit 1
+
+  # ──────────────────────────────────────────────
+  # Job 5: Deploy to Production (manual approval)
+  # ──────────────────────────────────────────────
+  deploy-production:
+    name: Deploy to Production
+    runs-on: ubuntu-latest
+    needs: health-check-staging
+    environment:
+      name: production
+      url: ${{ secrets.PROD_URL }}
+    steps:
+      - name: Deploy to production VM via SSH
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.PROD_VM_HOST }}
+          username: ${{ secrets.VM_USERNAME }}
+          key: ${{ secrets.VM_SSH_KEY }}
+          envs: GHCR_TOKEN
+          script: |
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+            docker stop eshop-catalog || true
+            docker rm eshop-catalog || true
+            docker run -d \
+              --name eshop-catalog \
+              --restart unless-stopped \
+              -p 8080:8080 \
+              --env-file /opt/app/production.env \
+              ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+        env:
+          GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify production health
+        run: |
+          sleep 30
+          for i in $(seq 1 10); do
+            STATUS=$(curl -sf "${{ secrets.PROD_URL }}/actuator/health" | jq -r '.status') || true
+            if [ "$STATUS" = "UP" ]; then
+              echo "Production health check passed: status is UP"
+              exit 0
+            fi
+            echo "Attempt $i: status=$STATUS — retrying in 10s..."
+            sleep 10
+          done
+          echo "Production health check failed after 10 attempts"
+          exit 1
diff --git a/eShopLegacyMVC-SpringBoot/.dockerignore b/eShopLegacyMVC-SpringBoot/.dockerignore
@@ -0,0 +1,36 @@
+# Build output
+target/
+
+# IDE files
+.idea/
+*.iml
+.vscode/
+*.swp
+*.swo
+
+# Git
+.git/
+.gitignore
+
+# Docker
+Dockerfile
+docker-compose.yml
+.dockerignore
+
+# CI/CD
+azure-pipelines.yml
+.github/
+
+# Kubernetes
+k8s/
+
+# Scripts
+scripts/
+
+# Documentation
+*.md
+LICENSE
+
+# OS files
+.DS_Store
+Thumbs.db