CI/CD Improvements: Dependabot automation and testing infrastructure reorganization

[chadmf]

Summary

This PR introduces two major improvements to the CI/CD infrastructure:

1. Automated Dependency Management - Adds Dependabot configuration for GitHub Actions and pre-commit hooks
2. Testing Infrastructure Reorganization - Moves all testing and CI scripts into a dedicated top-level tests/ directory

Changes

1. Dependabot Configuration (265a5db)

Added .github/dependabot.yml:

• Weekly automated updates for GitHub Actions versions
• Weekly updates for Python/pre-commit hooks
• Grouped updates to reduce PR noise
• Automatic reviewer assignment

Fixed critical stability issue:

• Replaced ludeeus/action-shellcheck@master (unstable) with @2.0.0 (stable release)
• Updated in both pr-validation.yml and shell-script-testing.yml

Expected benefits:

• Automatic security updates
• Version drift prevention
• Reduced maintenance burden

2. Testing Infrastructure Reorganization (c7c874a)

New tests/ directory structure:

tests/
├── README.md              # Comprehensive testing documentation
├── scripts/               # Test and validation scripts
│   ├── dr-failover-test.sh
│   ├── measure-rto-rpo.sh
│   ├── validate-aap-data.sh
│   ├── test-split-brain-prevention.sh
│   ├── generate-dr-report.sh
│   └── run-ci-checks-locally.sh
├── hooks/                 # Pre-commit and CI hooks
│   ├── check-script-permissions.sh
│   └── validate-openshift-manifests.sh
└── openshift/             # DR testing CronJob manifests
    └── dr-testing/

Updated scripts/ to contain only operational scripts:

• AAP scaling and cluster management
• EFM integration hooks
• Shared operational libraries

Documentation updates (15 files):

• All script references updated to new paths
• Repository structure diagrams updated in README.md and CLAUDE.md
• .pre-commit-config.yaml updated with new hook paths
• All DR testing documentation updated

Benefits:

• Clear separation of concerns (testing vs operations)
• Better project organization
• Easier navigation for contributors
• Complete git history preserved via git mv

Testing

Pre-commit Hooks

All pre-commit hooks updated and tested with new paths:

# Hooks now correctly reference tests/hooks/
- tests/hooks/check-script-permissions.sh
- tests/hooks/validate-openshift-manifests.sh

CI Workflows

All GitHub Actions workflows validated:

• YAML validation ✅
• Shell script testing ✅
• Security scanning ✅

Documentation

All 15 updated documentation files verified:

• No broken links ✅
• All script references point to correct paths ✅
• Repository structure diagrams accurate ✅

Files Changed

30 files total:

• 1 new file: .github/dependabot.yml
• 1 new file: tests/README.md
• 14 files moved: scripts/ and openshift/dr-testing/ → tests/
• 15 files updated: Documentation with new paths
• 2 workflows updated: ShellCheck action pinned to stable version

Impact

Low risk changes:

• All file moves preserve complete git history
• No functional code changes to scripts
• Documentation updates only affect references, not content
• Dependabot is additive (no breaking changes)

Expected Dependabot PRs after merge:

• GitHub Actions version updates (actions/checkout, actions/setup-python)
• Pre-commit hook updates (shellcheck-py, yamllint, markdownlint, detect-secrets)

Checklist

• All tests passing
• Documentation updated
• Pre-commit hooks work with new paths
• No broken links
• Git history preserved for moved files
• Repository structure diagrams updated
• Conventional commit messages used

Related

This PR sets the foundation for future CI/CD improvements identified in pipeline analysis:

• BATS unit testing framework (future PR)
• Migration from kubeval to kubeconform (future PR)
• Trivy container scanning (future PR)
• DR script integration tests (future PR)

🤖 Generated with Claude Code