[KOB-52442][Black] - new CI

[duchnguyen]

Summary

Types of changes

What types of changes does your code introduce to this project? Put an x in the boxes that apply.

• Bugfix.
• New feature.
• Documentation update.

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the pull request. If you are unsure about any of them, do not hesitate to ask. We are here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING documentation.
• I have rebased, and my remote branch is now up-to-date with the master branch of the upstream.
• Lint and unit tests pass locally with my changes.
• I have added tests that prove my changes are effective.
• I have added the necessary documentation (if appropriate).

Further comments

[Copilot]

Pull request overview

Updates the repository’s GitHub Actions CI pipeline to use reusable workflows from kobiton/deployment, adding manual dispatch support and expanding push-branch triggers.

Changes:

• Add workflow_dispatch with inputs and run build/push from manual dispatch.
• Replace inline lint/test jobs with a reusable ci-lint-test workflow for PRs.
• Add reusable workflows for environment detection, SonarCloud, and PR image build/push.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

git-ref contains a hyphen, so github.event.inputs.git-ref will be parsed as an expression (subtraction) rather than a property lookup. Use bracket notation (github.event.inputs['git-ref']) or rename the input to git_ref and update the reference.

Suggested change

	git-ref: ${{ github.event.inputs.git-ref }}
	git-ref: ${{ github.event.inputs['git-ref'] }}

[Copilot]

pull_request is configured only for master, but push includes main, release, and production branches. If PRs can target those branches (especially main), the CI jobs won’t run for them; consider aligning the pull_request.branches list with push.branches.

Suggested change

	- master
	- master
	- main
	- '**-rc'
	- production
	- 'production-hotfix'
	- 'v*'

[Copilot]

Global permissions were reduced to only id-token: write and contents: read. The previous workflow granted checks: write; if any of the called reusable workflows publishes check runs/statuses or comments on PRs, it will fail due to insufficient permissions. Confirm required permissions of the reusable workflows and add the minimal additional permissions needed (e.g., checks: write / pull-requests: write).

Suggested change

	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	checks: write # Required if reusable workflows publish check runs/statuses
	pull-requests: write # Required if reusable workflows update or comment on PRs

[Copilot]

Reusable workflows are referenced from @master. Pinning to an immutable tag or commit SHA reduces supply-chain risk and prevents unexpected CI changes when the upstream default branch updates.

[Copilot]

workflow_dispatch defines an input logLevel, but it isn’t used or forwarded to any job. If it’s not needed, remove it to avoid confusion; if it is needed, pass it through to the relevant reusable workflow via with:.

Suggested change

	logLevel:
	description: 'Log level'
	required: true
	default: 'info'
	type: choice
	options:
	- info
	- warning
	- debug

[Copilot]

workflow_dispatch.inputs.logLevel.options list items are not indented under options:. As written, this YAML is invalid and the workflow will fail to load; indent the - info/- warning/- debug lines under options:.

Suggested change

	- info
	- warning
	- debug
	- info
	- warning
	- debug