Desafio nivel 3

.github/workflows/03-build-containers.yml

@@ -2,30 +2,53 @@ name: "Nível 3: Containers e Segurança"
 
 on:
   pull_request:
-    types: [closed]
     branches: [ desafio-nivel-3 ]
 
-permissions:
-  contents: read
-  packages: write
 
 env:
   CHALLENGE_LEVEL: 3
   CHALLENGE_NAME: "containers-e-seguranca"
-  REGISTRY: ghcr.io
+  IMAGE_NAME: nivel-3-app
+  TAG: latest
 
 jobs:
-  build-scan-and-push:
-    name: "Build, Lint, Trivy Scan e Push no GHCR"
-    if: #????
+  build-lint-scan:
+    name: "Build, Lint e Scan da imagem"
     runs-on: ubuntu-latest
 
     steps:
-      # AQUI VAI O CÓDIGO DO DESAFIO :)
+      - name: "Checkout do código"
+        uses: actions/checkout@v4
+
+      - name: "Instalar Docker, Hadolint e Trivy"
+        run: |
+          # Hadolint
+          wget -O hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
+          chmod +x hadolint
+          sudo mv hadolint /usr/local/bin/
+          hadolint --version
+
+          # Trivy
+          curl -L -o trivy.tar.gz https://github.com/aquasecurity/trivy/releases/download/v0.46.1/trivy_0.46.1_Linux-64bit.tar.gz
+          tar zxvf trivy.tar.gz
+          sudo mv trivy /usr/local/bin/
+          trivy --version
+
+      - name: "Build da imagem Docker"
+        run: |
+          docker build -t $IMAGE_NAME:$TAG .
+
+      - name: "Lint do Dockerfile"
+        run: |
+          hadolint Dockerfile
+
+      - name: "Scan de vulnerabilidades com Trivy"
+        run: |
+          trivy image --exit-code 1 --severity CRITICAL $IMAGE_NAME:$TAG
 
   generate-certificate: # DAQUI PARA BAIXO, NÃO ALTERAR
     name: "Desafio Nível 3 - Certificado"
-    needs: build-scan-and-push
+    needs: build-lint-scan
     if: success()
     runs-on: ubuntu-latest
     steps: