[ITEP-83030] CI for Tracker Service

[dmytroye]

📝 Description

This PR adds comprehensive CI pipeline infrastructure for the new Tracker Service, including security scanning, license compliance checks, and updates to dependency management configuration.
Changes:

• Adds four new CI jobs to tracker-service.yaml: gitleaks-scan (secrets detection) and trivy-scan (optional security scanning)
• Updates dependabot.yml to include tracker paths in Docker, docker-compose, and pip ecosystem monitoring

✨ Type of Change

Select the type of change your PR introduces:

• 🐞 Bug fix – Non-breaking change which fixes an issue
• 🚀 New feature – Non-breaking change which adds functionality
• 🔨 Refactor – Non-breaking change which refactors the code base
• 💥 Breaking change – Changes that break existing functionality
• 📚 Documentation update
• 🔒 Security update
• 🧪 Tests
• 🚂 CI

🧪 Testing Scenarios

Describe how the changes were tested and how reviewers can test them too:

• ✅ Tested manually
• 🤖 Ran automated end-to-end tests

✅ Checklist

Before submitting the PR, ensure the following:

• 🔍 PR title is clear and descriptive
• 📝 For internal contributors: If applicable, include the JIRA ticket number (e.g., ITEP-123456) in the PR title. Do not include full URLs
• 💬 I have commented my code, especially in hard-to-understand areas
• 📄 I have made corresponding changes to the documentation
• ✅ I have added tests that prove my fix is effective or my feature works

[Copilot]

Pull request overview

This PR adds comprehensive CI pipeline infrastructure for the new Tracker Service, including security scanning, license compliance checks, and updates to dependency management configuration. It also refactors the Coverity workflow logic for better handling of different event types.

Changes:

• Adds four new CI jobs to tracker-service.yaml: license-check (REUSE compliance), gitleaks-scan (secrets detection), bandit-scan (Python security), and trivy-scan (optional security scanning)
• Refactors coverity.yml to cleanly separate push-to-main events (comparing to parent commit) from other events (comparing to main branch)
• Updates dependabot.yml to include tracker paths in Docker, docker-compose, and pip ecosystem monitoring

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/tracker-service.yaml	Adds four security and compliance CI jobs for the tracker service
.github/workflows/coverity.yml	Refactors C/C++ file change detection logic with clearer conditional handling for push vs other events
.github/dependabot.yml	Adds tracker and tracker/test/service paths to Docker, docker-compose, and pip ecosystems

[jdanieck]

please explain what is the benefit of this change; previous approach was simpler and it did the same thing; what am I missing ?

[dmytroye]

The benefit is to make this workflow required for PRs merging. Tests against Tracker will run as previously in case of changes to Tracker and workflow will not be blocking other PRs (without changes to Tracker).