Add integration tests for PostgreSQL, Redis, RabbitMQ, and Prometheus using TestContainers

- Implemented comprehensive integration tests for PostgreSQL, Redis, RabbitMQ, and Prometheus within the Nephoran Intent Operator.
- Established a ContainerTestTracker to monitor container operations, cache operations, queue operations, and metrics collection.
- Created performance testing scripts using k6 to evaluate intent processing under various load scenarios, including baseline, spike, and stress tests.
- Defined custom metrics for tracking intent processing duration, success rates, error rates, and throughput.
- Enhanced health check mechanisms and added detailed logging for intent creation and status checks.
- Generated HTML and JSON reports for load test summaries, including key metrics and thresholds.

Author: thc1006

.github/codeql/codeql-config.yml

@@ -0,0 +1,58 @@
+# CodeQL configuration for Nephoran Intent Operator
+name: "Nephoran CodeQL Configuration"
+
+# Disable default queries and use custom query suites
+disable-default-queries: false
+
+# Query suites to run
+queries:
+  - uses: security-and-quality
+  - uses: security-experimental
+  - name: Custom telecom queries
+    uses: ./.github/codeql/queries/
+
+# Paths to analyze
+paths:
+  - pkg/
+  - cmd/
+  - api/
+  
+# Paths to ignore  
+paths-ignore:
+  - "**/*_test.go"
+  - "**/vendor/**"
+  - "**/testdata/**"
+  - "bin/"
+  - ".excellence-reports/"
+  - "chaos-results/"
+
+# Build configuration for Go
+build-mode: manual
+
+# Language-specific configuration
+go:
+  # Use Go build tags for conditional compilation
+  build-tags:
+    - "integration"
+    - "security"
+  # Include test files for analysis
+  include-test-files: false
+  
+# Query filters
+query-filters:
+  - exclude:
+      id: go/hardcoded-credentials
+      # Exclude test credentials and examples
+      paths:
+        - "**/examples/**"
+        - "**/testutils/**"
+        - "**/fixtures/**"
+  
+  - exclude:
+      id: go/clear-text-logging
+      # Exclude logging in test files
+      paths:
+        - "**/*_test.go"
+
+# Enable experimental features
+experimental: true

.github/dependabot.yml

@@ -1,111 +1,133 @@
-# Dependabot configuration for Nephoran Intent Operator
-# This configuration ensures dependencies are kept up-to-date and secure
-
+# Dependabot configuration for automated dependency updates
 version: 2
 updates:
-  # Go modules
+  # Go modules dependencies
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "04:00"
+      time: "06:00"
+      timezone: "UTC"
     open-pull-requests-limit: 10
     reviewers:
-      - "security-team"
+      - "thc1006"
     assignees:
-      - "devops-team"
+      - "thc1006"
     commit-message:
-      prefix: "deps"
+      prefix: "build(deps): "
       include: "scope"
     labels:
       - "dependencies"
-      - "security"
-      - "auto-merge"
-    ignore:
-      # Ignore major version updates for critical dependencies
-      - dependency-name: "k8s.io/*"
-        update-types: ["version-update:semver-major"]
-      - dependency-name: "sigs.k8s.io/*"
-        update-types: ["version-update:semver-major"]
+      - "go"
+      - "automated"
+    # Security updates get higher priority
+    groups:
+      security-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "security"
+    # Group non-security updates by ecosystem
+    groups:
+      go-dependencies:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+        update-types:
+          - "minor"
+          - "patch"
+      kubernetes-dependencies:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+        update-types:
+          - "minor"
+          - "patch"
 
   # Docker dependencies
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "monday"
-      time: "04:30"
+      day: "tuesday"
+      time: "06:00"
+      timezone: "UTC"
     open-pull-requests-limit: 5
     reviewers:
-      - "security-team"
+      - "thc1006"
     assignees:
-      - "devops-team"
+      - "thc1006"
     commit-message:
-      prefix: "docker"
-      include: "scope"
+      prefix: "build(docker): "
     labels:
       - "dependencies"
       - "docker"
-      - "security"
+      - "automated"
 
-  # RAG Python dependencies
-  - package-ecosystem: "pip"
-    directory: "/rag-python"
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
     schedule:
       interval: "weekly"
-      day: "monday"
-      time: "05:00"
-    open-pull-requests-limit: 10
+      day: "wednesday"
+      time: "06:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
     reviewers:
-      - "security-team"
+      - "thc1006"
     assignees:
-      - "ai-team"
+      - "thc1006"
     commit-message:
-      prefix: "python-deps"
-      include: "scope"
+      prefix: "ci: "
     labels:
       - "dependencies"
-      - "python"
-      - "rag-api"
-      - "security"
+      - "github-actions"
+      - "ci-cd"
+      - "automated"
 
-  # GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
+  # Helm dependencies
+  - package-ecosystem: "bundler"
+    directory: "/deployments/helm"
     schedule:
-      interval: "weekly"
-      day: "monday"
-      time: "05:30"
-    open-pull-requests-limit: 5
+      interval: "monthly"
+      day: 15
+      time: "06:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 3
     reviewers:
-      - "devops-team"
+      - "thc1006"
     assignees:
-      - "devops-team"
+      - "thc1006"
     commit-message:
-      prefix: "ci"
-      include: "scope"
+      prefix: "build(helm): "
     labels:
       - "dependencies"
-      - "github-actions"
-      - "ci-cd"
+      - "helm"
+      - "automated"
 
-  # Terraform modules (if any)
-  - package-ecosystem: "terraform"
-    directory: "/deployments/multi-region/terraform"
+  # Python dependencies (for rag-python module)
+  - package-ecosystem: "pip"
+    directory: "/rag-python"
     schedule:
       interval: "weekly"
-      day: "monday"
+      day: "thursday"
       time: "06:00"
-    open-pull-requests-limit: 3
+      timezone: "UTC"
+    open-pull-requests-limit: 5
     reviewers:
-      - "infrastructure-team"
+      - "thc1006"
     assignees:
-      - "devops-team"
+      - "thc1006"
     commit-message:
-      prefix: "terraform"
-      include: "scope"
+      prefix: "build(python): "
     labels:
       - "dependencies"
-      - "terraform"
-      - "infrastructure"
+      - "python"
+      - "rag"
+      - "automated"
+
+# Global settings for all ecosystems
+enable-beta-ecosystems: true

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,81 @@
+name: "CodeQL Advanced Security Analysis"
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+  schedule:
+    - cron: '30 2 * * 1' # Monday at 2:30 AM UTC
+
+jobs:
+  analyze:
+    name: "CodeQL Analysis"
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'javascript', 'python' ]
+
+    steps:
+    - name: "Checkout Repository"
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/codeql-config.yml
+        # Use custom queries for telecommunications security
+        queries: security-and-quality,security-experimental
+
+    - name: "Setup Go (for Go analysis)"
+      if: matrix.language == 'go'
+      uses: actions/setup-go@v5
+      with:
+        go-version: '1.24.1'
+        cache: true
+
+    - name: "Build Go Project (for Go analysis)"
+      if: matrix.language == 'go'
+      run: |
+        make deps
+        make generate
+        make build
+
+    - name: "Setup Python (for Python analysis)"
+      if: matrix.language == 'python'
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11'
+
+    - name: "Install Python Dependencies (for Python analysis)"
+      if: matrix.language == 'python'
+      run: |
+        if [ -f requirements-rag.txt ]; then
+          pip install -r requirements-rag.txt
+        fi
+
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+        upload: true
+        
+    - name: "Upload CodeQL Results"
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: codeql-results-${{ matrix.language }}
+        path: |
+          /home/runner/work/_temp/codeql_databases/
+          /home/runner/work/_temp/codeql-sarif-results/
+        retention-days: 30