Pos-Grad-Devops · v-venes · Sep 5, 2025 · Aug 23, 2025 · Aug 23, 2025 · Sep 1, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,35 +1,85 @@
 name: CI/CD - Restaurant Management API
 
 on:
-  push:
-    branches: [ main , develop]
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
 
 jobs:
+  notify-fail:
+    runs-on: ubuntu-latest
+    if: failure()
+    needs: [check, test, build, sonar-analyze]
+    steps:
+      - name: 📣 Notificar Discord - Falha
+        run: |
+          curl -H "Content-Type: application/json" -X POST -d "{\"content\":\"❌ Pipeline falhou no repositório ${{ github.repository }} na branch ${{ github.ref_name }}. Verifique os logs para mais detalhes.\"}" ${{ secrets.DISCORD_WEBHOOK_URL }}
+
+  notify-success:
+    runs-on: ubuntu-latest
+    if: success()
+    needs: [check, test, build, sonar-analyze]
+    steps:
+      - name: 📣 Notificar Discord - Sucesso
+        run: |
+          curl -H "Content-Type: application/json" -X POST -d "{\"content\":\"✅ Pipeline concluída com sucesso no repositório ${{ github.repository }} na branch ${{ github.ref_name }}. Todos os jobs passaram!\"}" ${{ secrets.DISCORD_WEBHOOK_URL }}
 
-  integration:
+  sonar-analyze:
     runs-on: ubuntu-latest
 
     steps:
-      - name: 📥 Verificar branches conflitantes
+      - name: 📥 Checkout do código
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  
+          fetch-depth: 0
 
-      - name: 🔑 Configurar credenciais do Git
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-      - name: 🔍 Testar merge main <- develop
-        run: |
-          git fetch origin
-          git checkout main
-          git merge --no-commit --no-ff origin/develop || (
-            echo "❌ Conflitos detectados entre main e develop" && exit 1
-          )
-          git merge --abort || true
-          echo "✅ Nenhum conflito entre main e develop"
+      - name: 🟢 Configurar Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: 📦 Instalar dependências
+        run: npm install
+
+      - name: ✅ Rodar testes e gerar cobertura
+        run: npm run test:coverage
+
+      - name: 🔍️ Sonar scan
+        uses: SonarSource/sonarqube-scan-action@v5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Comentando pra não ficar dando erro
+      # - name: 🚩 Sonar quality gate
+      #   uses: SonarSource/sonarqube-quality-gate-action@v1
+      #   timeout-minutes: 5
+      #   env:
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  # Adicionar essa na de PR de DEV para PROD
+  # integration:
+  #   runs-on: ubuntu-latest
+  #
+  #   steps:
+  #     - name: 📥 Verificar branches conflitantes
+  #       uses: actions/checkout@v4
+  #       with:
+  #         fetch-depth: 0
+  #
+  #     - name: 🔑 Configurar credenciais do Git
+  #       run: |
+  #         git config user.name "github-actions[bot]"
+  #         git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+  #     - name: 🔍 Testar merge main <- develop
+  #       run: |
+  #         git fetch origin
+  #         git checkout main
+  #         git merge --no-commit --no-ff origin/develop || (
+  #           echo "❌ Conflitos detectados entre main e develop" && exit 1
+  #         )
+  #         git merge --abort || true
+  #         echo "✅ Nenhum conflito entre main e develop"
   check:
     runs-on: ubuntu-latest
 
@@ -86,13 +136,3 @@ jobs:
 
       - name: 🚀 Build do projeto
         run: npm run build
-
-  deploy:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: 📥 Checkout do código
-        uses: actions/checkout@v4
-
-      - name: 📦 Instalar dependências
-        run: npm install
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -0,0 +1,155 @@
+name: Deploy to Dev
+
+on:
+  push:
+    branches: [develop]
+
+env:
+  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
+  REGION: us-east1
+  REPOSITORY: trabalho-pos
+  SERVICE_NAME: api-restaurant-dev
+  IMAGE_TAG: ${{ github.sha }}
+  CREDENTIALS_FILE: /tmp/gcp-credentials.json
+
+jobs:
+  build-and-push:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Google Auth
+        id: auth
+        uses: 'google-github-actions/auth@v3'
+        with:
+          credentials_json: '${{ secrets.GCP_SA_KEY }}'
+          project_id: ${{ env.PROJECT_ID }}
+
+      - name: Configure Docker for Artifact Registry
+        run: |
+          gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
+          gcloud auth list
+
+      - name: Create Repository if not exists
+        run: |
+          if ! gcloud artifacts repositories describe ${{ env.REPOSITORY }} --location=${{ env.REGION }} 2>/dev/null; then
+            echo "Creating repository ${{ env.REPOSITORY }} in ${{ env.REGION }}..."
+            gcloud artifacts repositories create ${{ env.REPOSITORY }} \
+              --repository-format=docker \
+              --location=${{ env.REGION }} \
+              --description="Docker repository for API"
+          else
+            echo "Repository ${{ env.REPOSITORY }} already exists"
+          fi
+
+      - name: Build Docker image
+        run: |
+          docker build -t ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }} .
+
+      - name: Push Docker image
+        run: |
+          docker push ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}
+
+      - name: Verify Image Push
+        run: |
+          gcloud artifacts docker images list ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}
+
+  deploy:
+    name: Deploy to Cloud Run
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    environment: dev
+    outputs:
+      service_url: ${{ steps.get-url.outputs.service_url }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Save GCP Credentials
+        run: |
+          echo '${{ secrets.GCP_SA_KEY }}' > ${{ env.CREDENTIALS_FILE }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+
+      - name: Terraform Init with Backend
+        working-directory: ./infra/dev
+        env:
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ env.CREDENTIALS_FILE }}
+        run: |
+          terraform init -reconfigure \
+            -backend-config="bucket=tf-state-${{ env.PROJECT_ID }}" \
+            -backend-config="prefix=terraform/dev"
+
+      - name: Terraform Apply
+        working-directory: ./infra/dev
+        env:
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ env.CREDENTIALS_FILE }}
+        run: |
+          terraform apply -auto-approve \
+            -var="project_id=${{ env.PROJECT_ID }}" \
+            -var="image_url=${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}"
+
+      - name: Get Cloud Run URL
+        id: get-url
+        working-directory: ./infra/dev
+        env:
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ env.CREDENTIALS_FILE }}
+        run: |
+          SERVICE_URL=$(terraform output service_url)
+          echo "service_url=$SERVICE_URL" >> $GITHUB_OUTPUT
+
+      - name: Cleanup Credentials
+        if: always()
+        run: rm -f ${{ env.CREDENTIALS_FILE }}
+
+  notify-fail:
+    runs-on: ubuntu-latest
+    if: failure()
+    needs: [build-and-push, deploy]
+    steps:
+      - name: Generate Action Link
+        run: |
+          ACTION_LINK="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          echo "ACTION_LINK=$ACTION_LINK" >> $GITHUB_ENV
+
+      - name: 📣 Fail discord notification
+        uses: tsickert/discord-webhook@v5.3.0
+        with:
+          webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          username: 'Github Actions'
+          avatar-url: 'https://cdn-icons-png.flaticon.com/512/7717/7717267.png'
+          embed-title: 'Deploy DEV'
+          embed-description: '❌ Falha ao fazer deploy da api em DEV!'
+          embed-color: 14553088
+          embed-thumbnail-url: 'https://e7.pngegg.com/pngimages/834/472/png-clipart-google-cloud-icon-google-cloud-platform-cloud-computing-amazon-web-services-virtual-private-cloud-cloud-computing-text-trademark.png'
+          embed-author-name: 'Github Actions'
+          embed-author-icon-url: 'https://cdn-icons-png.flaticon.com/512/25/25231.png'
+          embed-footer-text: 'URL da execução: ${{ env.ACTION_LINK }}'
+          embed-footer-icon-url: 'https://cdn-icons-png.flaticon.com/512/25/25231.png'
+
+  notify-success:
+    runs-on: ubuntu-latest
+    if: success()
+    needs: [build-and-push, deploy]
+    steps:
+      - name: 📣 Success discord notification
+        uses: tsickert/discord-webhook@v5.3.0
+        with:
+          webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          username: 'Github Actions'
+          avatar-url: 'https://cdn-icons-png.flaticon.com/512/7717/7717267.png'
+          embed-title: 'Deploy DEV'
+          embed-description: '✅ O Deploy da api em DEV foi realizado com sucesso!'
+          embed-color: 2067276
+          embed-thumbnail-url: 'https://e7.pngegg.com/pngimages/834/472/png-clipart-google-cloud-icon-google-cloud-platform-cloud-computing-amazon-web-services-virtual-private-cloud-cloud-computing-text-trademark.png'
+          embed-author-name: 'Github Actions'
+          embed-author-icon-url: 'https://cdn-icons-png.flaticon.com/512/25/25231.png'
+          embed-footer-text: 'URL da api: ${{ needs.deploy.outputs.service_url }}'
+          embed-footer-icon-url: 'https://cdn-icons-png.flaticon.com/512/25/25231.png'