change the steps of github actions workflow

LerianStudio · Nov 27, 2024 · 44325ca · 44325ca
1 parent a5a7fc8
commit 44325ca
Show file tree

Hide file tree

Showing 4 changed files with 161 additions and 98 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,69 @@
+name: "Build"
+
+on:
+  push:
+    tags:
+      - '**'
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  build_and_publish:
+    runs-on: ubuntu-latest
+    env:
+      APP_NAME: midaz-console
+      DOCKERHUB_ORG: lerianstudio
+    name: Build And Publish Docker Image to Midaz
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: "${{ secrets.DOCKER_USERNAME }}"
+        password: "${{ secrets.DOCKER_PASSWORD }}"
+
+    - name: Docker metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}
+        tags: |
+          type=semver,pattern={{version}}
+          type=ref,event=branch,suffix=-${{ github.sha }}
+
+    - name: Build Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: . 
+        file: ./Dockerfile
+        load: true
+        tags: ${{ steps.meta.outputs.tags }}
+        cache-from: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}:latest
+
+    - name: Extract tag name
+      shell: bash
+      run: echo "tag=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+      id: extract_tag
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}:${{ steps.extract_tag.outputs.tag }}'
+        format: 'table'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+        exit-code: '1'
+
+    - name: Push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .  
+        file: ./Dockerfile 
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
diff --git a/.github/workflows/notification.yml b/.github/workflows/notification.yml
diff --git a/...workflows/code-quality-security-tests.yml → .github/workflows/pre-release.yml b/...workflows/code-quality-security-tests.yml → .github/workflows/pre-release.yml
@@ -1,4 +1,4 @@
-name: "Code Quality & Security"
+name: "Pre-Release"
 
 on:
   pull_request:
@@ -23,7 +23,7 @@ jobs:
   CodeQL:
     runs-on: ubuntu-latest
     name: Run CodeQL for Next.js
-    timeout-minutes: 360
+    timeout-minutes: 60
     strategy:
       fail-fast: false
       matrix:
@@ -57,56 +57,36 @@ jobs:
     name: Run npm audit and fix vulnerabilities
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '22'
+      - name: Cache Node.js modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
       - name: Install dependencies
         run: npm install
       - name: Run npm audit
         run: npm audit --omit=dev
       - name: Fix vulnerabilities
-        run: npm audit fix  # Fix the vulnerabilities
-
-  # Job to execute ESLint
-  # ESLint:
-  #   runs-on: ubuntu-latest
-  #   name: Run ESLint for Next.js
-  #   steps:
-  #     - uses: actions/checkout@v4
-
-  #     - uses: actions/setup-node@v3
-  #       with:
-  #         node-version: '22'
-
-  #     - name: Set up .env file
-  #       run: |
-  #         cp .env.example .env # Copia .env.example para .env para uso local, se necessário
-
-  #     - name: Install dependencies and update ESLint packages
-  #       run: |
-  #         npm install
-  #         npm install eslint@latest eslint-config-next@latest eslint-plugin-prettier@latest eslint-plugin-react-hooks@latest
-
-  #     - name: Run ESLint
-  #       run: |
-  #         npm run lint
+        run: npm audit fix
 
   # Job to execute Unit Tests
   unit-tests:
     runs-on: ubuntu-latest
     name: Run Unit Tests for Midaz
     steps:
-      - uses: actions/checkout@v4  
-
+      - uses: actions/checkout@v4
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '22'
-
       - name: Install dependencies
-        run: npm install  
-
+        run: npm install
       - name: Run Unit Tests
-        run: npm test  
+        run: npm test
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,85 +1,99 @@
-name: "Build Pipeline"
+name: "Release"
 
 on:
   push:
-    tags:
-      - '**'
+    branches:
+      - develop
+      - main
+      - hotfix/v*
+    paths-ignore:
+      - '.gitignore'
+      - '**/*.env'   # Ignorar todos os arquivos .env
+      - '*.env'      # Ignorar arquivos .env na raiz
+      - '**/*.md'    # Ignorar todos os arquivos .md
+      - '*.md'       # Ignorar arquivos .md na raiz
+      - '**/*.txt'   # Ignorar todos os arquivos .txt
+      - '*.txt'      # Ignorar arquivos .txt na raiz
+    tags-ignore: ['**']
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
   pull-requests: write
 
 jobs:
-  build_and_publish:
+  integration_tests:
+    name: Run Integration Tests
     runs-on: ubuntu-latest
-    env:
-      APP_NAME: midaz-console
-      DOCKERHUB_ORG: lerianstudio
-    name: Build And Publish Docker Image to Midaz
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Log in to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: "${{ secrets.DOCKER_USERNAME }}"
-        password: "${{ secrets.DOCKER_PASSWORD }}"
-
-    - name: Docker metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}
-        tags: |
-          type=semver,pattern={{version}}
-          type=ref,event=branch,suffix=-${{ github.sha }}
-
-    - name: Build Docker image
-      uses: docker/build-push-action@v5
-      with:
-        context: . 
-        file: ./Dockerfile
-        load: true
-        tags: ${{ steps.meta.outputs.tags }}
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Cache Node.js modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
 
-    - name: Extract tag name
-      shell: bash
-      run: echo "tag=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
-      id: extract_tag
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '22'
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: '${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}:${{ steps.extract_tag.outputs.tag }}'
-        format: 'table'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-        exit-code: '1'
+      - name: Install dependencies
+        run: npm install
 
-    - name: Push Docker image
-      uses: docker/build-push-action@v5
-      with:
-        context: .  
-        file: ./Dockerfile 
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
+      - name: Run Unit and Integration Tests
+        run: npm run test
 
-  github-releases-to-discord:
+  publish_release:
     runs-on: ubuntu-latest
+    needs: integration_tests
+    environment:
+      name: create_release
+    name: Create Release for Node.js Project
     steps:
+      - name: Create GitHub App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_APP_ID }}
+          private-key: ${{ secrets.LERIAN_STUDIO_MIDAZ_PUSH_BOT_PRIVATE_KEY }}
+
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
 
-      - name: Github Releases To Discord
-        uses: SethCohen/github-releases-to-discord@v1.13.1
-        if: '!github.event.prerelease'
+      - name: Import GPG Key
+        uses: crazy-max/ghaction-import-gpg@v6
+        id: import_gpg
         with:
-          webhook_url: ${{ secrets.DISCORD_WEBHOOK_URL }}
-          color: "2105893"
-          username: "Release Changelog"
-          content: "||@everyone||"
-          footer_title: "Changelog"
-          footer_timestamp: true
+          gpg_private_key: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY }}
+          passphrase: ${{ secrets.LERIAN_CI_CD_USER_GPG_KEY_PASSWORD }}
+          git_committer_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
+          git_committer_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '22'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run Semantic Release
+        run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GIT_AUTHOR_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
+          GIT_AUTHOR_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
+          GIT_COMMITTER_NAME: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
+          GIT_COMMITTER_EMAIL: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}