From 4b9be5855c15b191346a0e3d14f4362346a9fc1e Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 13:22:55 +0000
Subject: [PATCH 1/4] chore: deploys using sha images for consistency

---
 .github/workflows/deploy.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4730cb4..ab7ad8b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -57,17 +57,17 @@ jobs:
               run: |
                 OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
                 REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
-      
+
                 # Determine tag
                 if [ "${GITHUB_REF_NAME}" = "main" ]; then
                   TAG="latest"
                 else
                   TAG="dev"
                 fi
-      
+
                 SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
                 IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
-      
+
                 echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV
                 echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV
 
@@ -112,10 +112,11 @@ jobs:
             run: |
               OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
               REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
-              
+              SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
+
               IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
-              IMAGE_TAG="${{ github.event.inputs.tag || 'latest' }}"
-              
+              IMAGE_TAG="sha-${SHORT_SHA}"
+
               echo "IMAGE_BASE=${IMAGE_BASE}" >> $GITHUB_ENV
               echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
 
@@ -129,4 +130,4 @@ jobs:
             run: envsubst < .k8s/service.yaml | kubectl apply -f -
 
           - name: Apply Kubernetes Manifests - Ingress
-            run: envsubst < .k8s/ingress.yaml | kubectl apply -f -
\ No newline at end of file
+            run: envsubst < .k8s/ingress.yaml | kubectl apply -f -

From b8dbffe9a089b2709388c654c2a191793cd5f209 Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 13:27:02 +0000
Subject: [PATCH 2/4] chore: better validation of deployment in ci

---
 .github/workflows/deploy.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index ab7ad8b..d365329 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -121,13 +121,15 @@ jobs:
               echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
 
           - name: Apply Kubernetes Manifests - Configuration
-            run: envsubst < .k8s/config.yml | kubectl apply -f -
+            run: cat .k8s/config.yml | envsubst | kubectl apply -f -
 
           - name: Apply Kubernetes Manifests - Deployment
-            run: envsubst < .k8s/deployment.yaml | kubectl apply -f -
+            run: |
+                cat .k8s/deployment.yaml | envsubst | kubectl apply -f -
+                cat .k8s/deployment.yaml | envsubst | kubectl rollout status deployment/frontend-deployment -n ${KUBE_NAMESPACE} --timeout=120s
 
           - name: Apply Kubernetes Manifests - Service
-            run: envsubst < .k8s/service.yaml | kubectl apply -f -
+            run: cat .k8s/service.yaml | envsubst | kubectl apply -f -
 
           - name: Apply Kubernetes Manifests - Ingress
-            run: envsubst < .k8s/ingress.yaml | kubectl apply -f -
+            run: cat .k8s/ingress.yaml | envsubst | kubectl apply -f -

From 1d888df5c28caf6b1453c2643e2a31dde40b3036 Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 13:00:17 -0300
Subject: [PATCH 3/4] chore: better docker cache

---
 .github/workflows/deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index d365329..ff10718 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -80,8 +80,8 @@ jobs:
                 tags: |
                   ${{ env.IMAGE_LATEST }}
                   ${{ env.IMAGE_SHA }}
-                cache-from: type=registry,ref=${{ env.IMAGE_LATEST }}
-                cache-to: type=inline
+                cache-from: type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache
+                cache-to: type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache,mode=max
 
     deploy:
         needs: [docker]

From 701ae249810475e699a921cc6085607a7b89c821 Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 13:15:10 -0300
Subject: [PATCH 4/4] chore: better and more secure docker cache

---
 .dockerignore                | 9 +++++----
 .github/workflows/deploy.yml | 8 ++++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 2418a9e..87b5fbb 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,11 +1,12 @@
-node_modules
-dist
+node_modules/*
+dist/*
+.k8s/*
+.github/*
 
-.github
 .gitignore
+.dockerignore
 Dockerfile
 README.md
-.k8s
 
 .env
 .secret
\ No newline at end of file
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index ff10718..344e1bb 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -80,8 +80,12 @@ jobs:
                 tags: |
                   ${{ env.IMAGE_LATEST }}
                   ${{ env.IMAGE_SHA }}
-                cache-from: type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache
-                cache-to: type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache,mode=max
+                cache-from: |
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64
+                cache-to: |
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64,mode=max,platform=linux/amd64
+                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64,mode=max,platform=linux/arm64
 
     deploy:
         needs: [docker]