From 49ab12b7f6b1da482e02bd344f46faa1e026d272 Mon Sep 17 00:00:00 2001
From: pm <pedro.maio@each-cs.com>
Date: Fri, 8 May 2026 10:30:57 +0000
Subject: [PATCH] Modificar .gitea/workflows/deploy.yaml

ci: reativar gitleaks com segredos ignorados
---
 .gitea/workflows/deploy.yaml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 11bc011..bbab475 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -12,23 +12,19 @@ jobs:
         with:
           fetch-depth: 0
 
-<<<<<<< HEAD
-      # 1. SCA - Verifica vulnerabilidades no Nginx
-=======
-      # 1. SECRET SCANNING (Desativado temporariamente)
+      # 1. SECRET SCANNING (Ativo: Ignora o commit antigo graças ao .gitleaksignore, mas bloqueia novas fugas)
       - name: Gitleaks Scan
         run: |
           curl -sL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz | tar -xz -C /tmp
           /tmp/gitleaks detect --source . --verbose --redact --exit-code 1
 
       # 2. SCA - Verifica vulnerabilidades no Nginx
->>>>>>> 8c9be4c (ativar gitleaks)
       - name: Scan Docker Image Vulnerabilities (Trivy)
         run: |
           curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
           trivy image --severity HIGH,CRITICAL nginx:alpine
 
-      # 2. SAST - Análise de Código com SonarQube
+      # 3. SAST - Análise de Código com SonarQube
       - name: SonarQube Analysis
         run: |
           curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip -o sonar-scanner.zip
@@ -46,18 +42,18 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v3
 
-      # 3. DEPLOY ATÓMICO E HARDENING
-    - name: Hardened Deploy
+      # 4. DEPLOY ATÓMICO E HARDENING
+      - name: Hardened Deploy
         run: |
           docker exec website-test-backend tar -czf /tmp/index_backup.tar.gz -C /usr/share/nginx/html index.html || true
           docker exec website-test-backend sh -c "rm -rf /usr/share/nginx/html/*"
           docker cp index.html website-test-backend:/usr/share/nginx/html/index.html
           docker exec website-test-backend chown root:root /usr/share/nginx/html/index.html
           docker exec website-test-backend chmod 444 /usr/share/nginx/html/index.html
-          # CORREÇÃO: Testar o acesso local por dentro do próprio container Nginx
+          # Testar o acesso local por dentro do próprio container Nginx
           docker exec website-test-backend curl --silent --show-error --fail http://localhost:80 || exit 1
 
-      # 4. AUDITORIA DE DEPLOY
+      # 5. AUDITORIA DE DEPLOY
       - name: Slack/Discord Notification
         if: always()
         run: |