feat(76477): remove the jarArtifactName and jarArtifact Path and hardcode them

feat(76471): check Java version alignment between Dockerfile and pom.xml

feat(76471): check Java version alignment between Dockerfile and pom.xml

feat(76471): check Java version alignment between Dockerfile and pom.xml

feat(76471): fix the .gitignore and remove the scripts/__pycache__

fix(76471): fix shared workflow scripts checkout using hardcoded repo and workflow_sha

github.workflow_ref inside a reusable workflow returns the caller's
workflow ref instead of the shared workflow's ref, causing the scripts
checkout to target the wrong repository. Replace dynamic resolution with
a hardcoded repository name and github.workflow_sha which correctly
references the reusable workflow's commit SHA.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(76471): potential fix

test(76471): add unit tests for validate_java_version_consistency.py and CI workflow

feat(76455): inline the test layer of the Dockerfile in the CI/CD for simplifying the microservice's Dockerfiles

feat(76471): fixes after PR review

feat(76471): fixes++

Author: bogdandina

.github/workflows/ci-cd-java.yml

@@ -12,12 +12,6 @@ on:
         required: false
         type: boolean
         default: false
-      jarArtifactName:
-        required: false
-        type: string
-      jarArtifactPath:
-        required: false
-        type: string
       performRelease:
         required: false
         type: boolean
@@ -32,11 +26,10 @@ on:
       runTestsInsideDocker:
         required: false
         type: boolean
-        default: false
+        default: true
 
 env:
   IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"
-  TEST_STAGE: test
 
 jobs:
   build-check-test-push:
@@ -49,19 +42,80 @@ jobs:
           clean: 'true'
           fetch-depth: 2
 
+      # Required since custom scripts from /scripts are being used
+      - name: Resolve shared workflow ref
+        id: resolve_shared_workflow_ref
+        run: |
+          set -euo pipefail
+          SHARED_WORKFLOW_REF=$(grep -roh \
+            'transitdata-shared-workflows/.github/workflows/[^@]*@[^ "'\'']*' \
+            "${GITHUB_WORKSPACE}/.github/workflows/" 2>/dev/null \
+            | sed 's/.*@//' | head -1 || true)
+
+          if [[ -z "${SHARED_WORKFLOW_REF}" ]]; then
+            echo "::warning::Could not detect shared workflow ref from caller workflows; falling back to main"
+            SHARED_WORKFLOW_REF="main"
+          fi
+
+          echo "Resolved shared workflow ref: ${SHARED_WORKFLOW_REF}"
+          echo "shared_workflow_ref=${SHARED_WORKFLOW_REF}" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout shared workflow scripts
+        uses: actions/checkout@v4
+        with:
+          repository: HSLdevcom/transitdata-shared-workflows
+          ref: ${{ steps.resolve_shared_workflow_ref.outputs.shared_workflow_ref }}
+          path: .shared-workflows
+
       - name: Setup JDK
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '25'
           cache: 'maven'
 
+      - name: Validate Java version consistency
+        working-directory: ${{ inputs.workingDirectory }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          JAVA_TOOL_OPTIONS: ""
+          MAVEN_OPTS: ""
+        run: python3 "${GITHUB_WORKSPACE}/.shared-workflows/scripts/validate_java_version_consistency.py"
+
       - name: Check code format and lint
         working-directory: ${{ inputs.workingDirectory }}
         run: |
           mvn spotless:check
 
-      - name: Run tests outside Docker
+      - name: Run unit tests inside Docker
+        if: ${{ inputs.runTestsInsideDocker }}
+        working-directory: ${{ inputs.workingDirectory }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACTOR: ${{ github.actor }}
+          DOCKER_BUILDKIT: "1"
+        run: |
+          cat > /tmp/Dockerfile.test << DOCKERFILE
+          # syntax=docker/dockerfile:1
+          # check=error=true
+          FROM ${TEST_BASE_IMAGE}
+          WORKDIR /usr/app
+          COPY . .
+          COPY .mvn/settings.xml /root/.m2/settings.xml
+          RUN --mount=type=secret,id=github_token \
+              --mount=type=secret,id=github_actor \
+              export GITHUB_TOKEN="\$(cat /run/secrets/github_token)" && \
+              export GITHUB_ACTOR="\$(cat /run/secrets/github_actor)" && \
+              ./mvnw -B test
+          DOCKERFILE
+          docker build \
+            --secret id=github_token,env=GITHUB_TOKEN \
+            --secret id=github_actor,env=GITHUB_ACTOR \
+            -f /tmp/Dockerfile.test \
+            .
+
+      - name: Run unit tests outside Docker
+        if: ${{ !inputs.runTestsInsideDocker }}
         working-directory: ${{ inputs.workingDirectory }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -104,8 +158,8 @@ jobs:
         if: ${{ inputs.uploadJarArtifact }}
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ inputs.jarArtifactName }}
-          path: ${{ inputs.jarArtifactPath }}
+          name: 'app.jar'
+          path: '/app/app.jar'
 
       - name: Set Docker Image Name
         run: |
@@ -119,19 +173,6 @@ jobs:
 
           echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV"
 
-      - name: Build & run tests inside Docker
-        if: ${{ inputs.runTestsInsideDocker }}
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ inputs.workingDirectory }}
-          load: true
-          target: "${{ env.TEST_STAGE }}"
-          tags: "${{ env.IMAGE_NAME }}:${{ env.TEST_STAGE }}"
-          secrets:
-            github_token=${{ secrets.GITHUB_TOKEN }}
-          build-args:
-            GITHUB_ACTOR=${{ github.actor }}
-
       - name: Build Docker Image
         uses: docker/build-push-action@v6
         with:

.github/workflows/ci-cd-kotlin.yml

@@ -21,6 +21,14 @@ on:
         required: false
         type: boolean
         default: false
+      runTestsInsideDocker:
+        required: false
+        type: boolean
+        default: true
+      hasIntegrationTests:
+        required: false
+        type: boolean
+        default: false
 
 env:
   IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"
@@ -36,25 +44,86 @@ jobs:
           clean: 'true'
           fetch-depth: 2
 
+      # Required since custom scripts from /scripts are being used
+      - name: Resolve shared workflow ref
+        run: |
+          set -euo pipefail
+          SHARED_WORKFLOW_REF=$(grep -roh \
+            'transitdata-shared-workflows/.github/workflows/[^@]*@[^ "'\'']*' \
+            "${GITHUB_WORKSPACE}/.github/workflows/" 2>/dev/null \
+            | sed 's/.*@//' | head -1 || true)
+
+          if [[ -z "${SHARED_WORKFLOW_REF}" ]]; then
+            echo "::warning::Could not detect shared workflow ref from caller workflows; falling back to main"
+            SHARED_WORKFLOW_REF="main"
+          fi
+
+          echo "Resolved shared workflow ref: ${SHARED_WORKFLOW_REF}"
+          echo "SHARED_WORKFLOW_REF=${SHARED_WORKFLOW_REF}" >> "$GITHUB_ENV"
+
+      - name: Checkout shared workflow scripts
+        uses: actions/checkout@v4
+        with:
+          repository: HSLdevcom/transitdata-shared-workflows
+          ref: ${{ env.SHARED_WORKFLOW_REF }}
+          path: .shared-workflows
+
       - name: Setup JDK
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '11'
           cache: 'gradle'
 
+      - name: Validate Java version consistency
+        env:
+          JAVA_TOOL_OPTIONS: ""
+        run: python3 "${GITHUB_WORKSPACE}/.shared-workflows/scripts/validate_java_version_consistency.py"
+
       - name: Check code format and lint
         run: ./gradlew spotlessCheck
         env:
           GITHUB_ACTOR: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Run tests
+      - name: Run unit tests inside Docker
+        if: ${{ inputs.runTestsInsideDocker }}
         env:
-          GITHUB_ACTOR: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACTOR_ARG: ${{ github.actor }}
+          DOCKER_BUILDKIT: "1"
         run: |
-            ./gradlew test jacocoTestReport --stacktrace
+          cat > /tmp/Dockerfile.test << DOCKERFILE
+          # syntax=docker/dockerfile:1
+          # check=error=true
+          FROM ${TEST_BASE_IMAGE}
+          WORKDIR /usr/app
+          ARG GITHUB_ACTOR=github-actions
+          COPY . .
+          RUN --mount=type=secret,id=github_token \
+              export GITHUB_TOKEN="\$(cat /run/secrets/github_token)" && \
+              export GITHUB_ACTOR="\$GITHUB_ACTOR" && \
+              ./gradlew test --stacktrace --no-daemon
+          DOCKERFILE
+          docker build \
+            --secret id=github_token,env=GITHUB_TOKEN \
+            --build-arg "GITHUB_ACTOR=${GITHUB_ACTOR_ARG}" \
+            -f /tmp/Dockerfile.test \
+            .
+
+      - name: Run unit tests
+        if: ${{ inputs.hasIntegrationTests == false }}
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew test jacocoTestReport --stacktrace
+
+      - name: Run unit tests and integration tests
+        if: ${{ inputs.hasIntegrationTests }}
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew test integrationTest jacocoTestReport --stacktrace
 
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v5

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: ci.yml
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  test-scripts:
+    name: Test Python scripts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install pytest
+        run: pip install pytest
+
+      - name: Run script tests
+        run: pytest scripts/ -v

.gitignore

@@ -1,4 +1,5 @@
 .idea
+scripts/__pycache__
 /AGENTS.md
 /CLAUDE.md
 /.claude/settings.local.json