diff --git a/.github/workflows/02-tests-ci.yml b/.github/workflows/02-tests-ci.yml index 3a9801b..013c811 100644 --- a/.github/workflows/02-tests-ci.yml +++ b/.github/workflows/02-tests-ci.yml @@ -1,7 +1,9 @@ name: "Nível 2: Testes Automatizados" on: pull_request: - branches: [ main ] + branches: + - main + - desafio-nivel-3 env: NODE_VERSION: '18' @@ -20,10 +22,16 @@ jobs: - name: "Checkout do código" uses: actions/checkout@v4 - # INSIRA AQUI A LÓGICA PARA RODAR OS TESTES E VERIFICAR A COBERTURA - ### - ### - ### + - name: "Setup Node" + uses: actions/setup-node@v5 + with: + node-version: ${{ env.NODE_VERSION }} + + - name: "Instalar dependencias" + run: npm install + + - name: "Executar testes" + run: npm run tests - name: "Extrair porcentagem de cobertura" # Esse step será validado pelo desafio, não altere o nome. No final, ele deve gerar o output "coverage" com a porcentagem de cobertura. id: coverage @@ -32,6 +40,12 @@ jobs: echo "Coverage: $COVERAGE%" echo "coverage=$COVERAGE" >> $GITHUB_OUTPUT + - name: "Valida se os testes passaram" + if: ${{ steps.coverage.outputs.coverage < env.COVERAGE_MIN }} + run: | + echo "Cobertura minima não atendida: Esperado - ${{ env.COVERAGE_MIN }}%. Atingido: ${{ steps.coverage.outputs.coverage }}%" + exit 1 + generate-certificate: # DAQUI PARA BAIXO, NÃO ALTERAR name: "Desafio Nível 2 - Certificado" runs-on: ubuntu-latest diff --git a/.github/workflows/03-build-containers.yml b/.github/workflows/03-build-containers.yml index cbddc24..4154d49 100644 --- a/.github/workflows/03-build-containers.yml +++ b/.github/workflows/03-build-containers.yml @@ -21,6 +21,80 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Definir variáveis da imagem + id: vars + run: | + OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') + REPO=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]') + REGISTRY=ghcr.io + TAG=${GITHUB_SHA} + echo "IMAGE_NAME=${{ vars.IMAGE_NAME }}" >> $GITHUB_ENV + echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV + echo "OWNER=$OWNER" >> $GITHUB_ENV + echo "TAG=$TAG" >> $GITHUB_ENV + + - name: Docker Login + uses: docker/login-action@v3.6.0 + with: + registry: ${{ env.REGISTRY }} + username: brasleiro01 + password: ${{ secrets.TOKEN_PAT }} + + - name: Rodar Hadolint + id: hadolint + uses: hadolint/hadolint-action@v3.3.0 + with: + dockerfile: Dockerfile + output-file: lint-report.txt + format: tty + no-color: true + no-fail: true + + - name: Output (DL3006 e DL3008) + run: | + cat lint-report.txt + if grep -q "DL3006\|DL3008" lint-report.txt; then + echo "Erros críticos encontrados no Dockerfile (DL3006 ou DL3008)!" + exit 1 + else + echo "Dockerfile passou no lint!" + fi + + - name: Build + uses: docker/build-push-action@v6.18.0 + with: + context: . + file: ./Dockerfile + load: true + tags: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} + + - name: Scan de vulnerabilidades com Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: image + image-ref: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} + severity: CRITICAL + exit-code: 1 + format: table + output: trivy-report.txt + + - name: Upload relatório Trivy + uses: actions/upload-artifact@v4 + with: + name: trivy-report + path: trivy-report.txt + + - name: Push da imagem no GHCR + uses: docker/build-push-action@v6.18.0 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} + # AQUI VAI O CÓDIGO DO DESAFIO :) generate-certificate: # DAQUI PARA BAIXO, NÃO ALTERAR diff --git a/README.md b/README.md index 7bb74fc..e0637f7 100644 --- a/README.md +++ b/README.md @@ -87,4 +87,8 @@ Ao completar cada workflow com sucesso, você ganha os badges: **Feito pela comunidade LINUXtips.** +Marcus Vinicius +<<<<<<< HEAD +======= +>>>>>>> 8f45690 (teste 01)