From 3ea964d5213c9b8c2ceaff09f31baf3d2caa6ea9 Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 14:59:08 -0300
Subject: [PATCH] chore: better ci

---
 .dockerignore                                 | 35 +++++++
 .github/workflows/deploy.yml                  | 92 +++++++++++++++++++
 .github/workflows/docker-image.yml            | 43 ---------
 .github/workflows/run-tests.yml               | 20 ----
 .gitignore                                    |  4 +-
 Dockerfile                                    | 25 +++--
 .../auth/controller/UserController.java       |  3 -
 .../validator/email/unique/EmailUnique.java   |  2 +-
 8 files changed, 147 insertions(+), 77 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/deploy.yml
 delete mode 100644 .github/workflows/docker-image.yml
 delete mode 100644 .github/workflows/run-tests.yml

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..9dd2a13
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,35 @@
+# Exclude build output and IDE files to reduce Docker build context size
+target
+**/target
+
+# Git and local metadata
+.git
+.gitignore
+.DS_Store
+
+# Local editor / IDE
+.idea
+.vscode
+*.iml
+*.sublime-*
+
+# Build artifacts and temporary files
+*.class
+*.log
+tmp/
+build/
+
+# Swap / editor backups
+*.swp
+
+# Internal Docker
+.dockerignore
+docker/
+
+# Project specific ignores
+README.md
+LICENSE
+
+# CI Files
+.github/
+.k8s/
\ No newline at end of file
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..a9c5971
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,92 @@
+name: ci
+
+on:
+  push:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Build with Maven
+        run: ./mvnw clean package -DskipTests
+
+  run-tests:
+    runs-on: ubuntu-latest
+    needs: [ build ]
+
+    steps:
+
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Running Tests with Maven
+        run: ./mvnw test
+
+  docker:
+    needs: [ build ]
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write   # required to push to ghcr.io
+      id-token: write   # optional for OIDC if you use it
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Prepare image tags
+        run: |
+          OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
+          REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
+          
+          # Determine tag
+          if [ "${GITHUB_REF_NAME}" = "main" ]; then
+            TAG="latest"
+          else
+            TAG="dev"
+          fi
+          
+          SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
+          IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
+          
+          echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV
+          echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV
+
+      - name: Build and push Docker image (with registry cache)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.IMAGE_LATEST }}
+            ${{ env.IMAGE_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
deleted file mode 100644
index e2fac91..0000000
--- a/.github/workflows/docker-image.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: ci
-
-on:
-  push:
-    branches:
-      - 'main'
-
-jobs:
-  docker:
-
-    runs-on: ubuntu-latest
-    steps:
-      
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: yoshiunfriendly/backend-hideyoshi.com:latest
-
-  run-dispatcher:
-    needs: docker
-    runs-on: ubuntu-latest
-    steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - name: Runs Infra-Hideyoshi.com Deployment Dispatcher
-        run: |
-          curl -X POST https://api.github.com/repos/HideyoshiSolutions/infra-hideyoshi.com/dispatches \
-          -H 'Accept: application/vnd.github.everest-preview+json' \
-          -u ${{ secrets.ACTIONS_KEY }} \
-          --data '{"event_type": "refresh-deployments", "client_payload": { "deployments": "backend-deployment" }}'
\ No newline at end of file
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
deleted file mode 100644
index 5c6906a..0000000
--- a/.github/workflows/run-tests.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: ci
-on:
-    push
-
-jobs:
-    run-tests:
-        runs-on: ubuntu-latest
-        
-        steps:
-
-            - uses: actions/checkout@v3
-            - name: Set up JDK 17
-              uses: actions/setup-java@v3
-              with:
-                  java-version: '17'
-                  distribution: 'temurin'
-                  cache: maven
-
-            - name: Running Tests with Maven
-              run: ./mvnw test
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 13dcb63..8efdfcd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,7 +32,9 @@ build/
 ### VS Code ###
 .vscode/
 
-src/main/resources/application-devel.yml
+src/main/resources/application*.yml
+!src/main/resources/application.yml
+!src/main/resources/application-no-oauth.yml
 
 ### Maven ###
 target/
diff --git a/Dockerfile b/Dockerfile
index 38e7828..732dd0b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,24 @@
-#
-# Build stage
-#
 FROM maven:3.9.3-ibm-semeru-17-focal AS build
-COPY src /home/app/src
-COPY pom.xml /home/app
-RUN mvn -Dmaven.test.skip -f /home/app/pom.xml clean package
+
+WORKDIR /home/app
+
+COPY pom.xml mvnw ./
+COPY .mvn/ .mvn/
+
+# Download dependencies into /root/.m2 (use BuildKit cache if available).
+# If BuildKit isn't enabled this still works as a normal mvn dependency:go-offline.
+RUN --mount=type=cache,target=/root/.m2 mvn -B -Dmaven.test.skip=true dependency:go-offline
+
+COPY src ./src
+RUN --mount=type=cache,target=/root/.m2 mvn -B -Dmaven.test.skip=true package
 
 #
 # Package stage
 #
 FROM ibm-semeru-runtimes:open-17-jdk-focal
+WORKDIR /app
 
-COPY --from=build /home/app/target/*.jar app.jar
-COPY src/main/resources/* credentials/
+# Copy final artifact
+COPY --from=build /home/app/target/*.jar ./app.jar
 
-ENTRYPOINT ["java","-XX:TieredStopAtLevel=1","-Xverify:none","-jar","/app.jar"]
\ No newline at end of file
+ENTRYPOINT ["java","-XX:TieredStopAtLevel=1","-Xverify:none","-jar","/app/app.jar"]
diff --git a/src/main/java/br/com/hideyoshi/auth/controller/UserController.java b/src/main/java/br/com/hideyoshi/auth/controller/UserController.java
index 5349b37..7ad0d46 100644
--- a/src/main/java/br/com/hideyoshi/auth/controller/UserController.java
+++ b/src/main/java/br/com/hideyoshi/auth/controller/UserController.java
@@ -8,7 +8,6 @@ import br.com.hideyoshi.auth.model.microservice.StorageServiceUploadResponse;
 import br.com.hideyoshi.auth.security.service.AuthService;
 import br.com.hideyoshi.auth.service.UserService;
 import br.com.hideyoshi.auth.service.microservice.StorageService;
-import br.com.hideyoshi.auth.util.exception.AuthenticationInvalidException;
 import br.com.hideyoshi.auth.util.exception.BadRequestException;
 import br.com.hideyoshi.auth.util.guard.UserResourceGuard;
 import br.com.hideyoshi.auth.util.guard.UserResourceGuardEnum;
@@ -21,9 +20,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
-import java.io.IOException;
 import java.net.URI;
 import java.util.List;
 
diff --git a/src/main/java/br/com/hideyoshi/auth/util/validator/email/unique/EmailUnique.java b/src/main/java/br/com/hideyoshi/auth/util/validator/email/unique/EmailUnique.java
index 5804ebb..d583514 100644
--- a/src/main/java/br/com/hideyoshi/auth/util/validator/email/unique/EmailUnique.java
+++ b/src/main/java/br/com/hideyoshi/auth/util/validator/email/unique/EmailUnique.java
@@ -19,7 +19,7 @@ public class EmailUnique implements ConstraintValidator<UniqueEmail, String> {
     @Override
     public boolean isValid(String email, ConstraintValidatorContext constraintValidatorContext) {
 
-        AtomicReference<Boolean> emailValid = new AtomicReference();
+        AtomicReference<Boolean> emailValid = new AtomicReference<>();
         this.userRepository.findByEmail(email).ifPresentOrElse(
                 (value) -> {
                     emailValid.set(false);