Modificar .gitea/workflows/deploy.yaml

ci: remover linter e focar no sonarqube
2026-05-08 09:43:55 +00:00
parent 3e77afb0cb
commit 231c0aa4f1
1 changed files with 4 additions and 10 deletions
@@ -12,19 +12,13 @@ jobs:
        with:
          fetch-depth: 0
-      # 1. SECRET SCANNING (Desativado temporariamente)
+      # 1. SCA - Verifica vulnerabilidades no Nginx
      #- name: Gitleaks Scan
      #  run: |
      #    curl -sL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz | tar -xz -C /tmp
      #    /tmp/gitleaks detect --source . --verbose --redact --exit-code 0
      # 2. SCA - Verifica vulnerabilidades no Nginx
      - name: Scan Docker Image Vulnerabilities (Trivy)
        run: |
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
          trivy image --severity HIGH,CRITICAL nginx:alpine
-      # 3. SAST - Análise de Código com SonarQube
+      # 2. SAST - Análise de Código com SonarQube
      - name: SonarQube Analysis
        run: |
          curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip -o sonar-scanner.zip
@@ -42,7 +36,7 @@ jobs:
      - name: Checkout Code
        uses: actions/checkout@v3
-      # 4. DEPLOY ATÓMICO E HARDENING
+      # 3. DEPLOY ATÓMICO E HARDENING
      - name: Hardened Deploy
        run: |
          docker exec website-test-backend tar -czf /tmp/index_backup.tar.gz -C /usr/share/nginx/html index.html || true
@@ -52,7 +46,7 @@ jobs:
          docker exec website-test-backend chmod 444 /usr/share/nginx/html/index.html
          curl --silent --show-error --fail http://localhost:80 || exit 1
-      # 5. AUDITORIA DE DEPLOY
+      # 4. AUDITORIA DE DEPLOY
      - name: Slack/Discord Notification
        if: always()
        run: |