From 4fda0fe3325c6d361402dae2fd8c00e365ec5b6d Mon Sep 17 00:00:00 2001
From: Hordunlarmy <hordunlarmy@gmail.com>
Date: Sun, 14 Sep 2025 14:29:26 +0100
Subject: [PATCH 1/4] chore(ci): Remove security scan from workflow

---
 .github/workflows/build-and-push.yml | 63 ++++++++++++++--------------
 1 file changed, 32 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
index 56d00e3..6212408 100644
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@@ -114,42 +114,43 @@ jobs:
           echo "Digest: ${{ steps.meta.outputs.digest }}"
           echo "Liquibase version used: ${{ steps.liquibase-version.outputs.LIQUIBASE_VERSION }}"
           echo "image-digest=${{ steps.meta.outputs.digest }}" >> $GITHUB_OUTPUT
+        id: output-info
 
-  security-scan:
-    name: Security Scan
-    runs-on: ubuntu-latest
-    needs: build-and-push
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-    permissions:
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Wait for image to be available
-        run: |
-          echo "Waiting for image to be available in registry..."
-          sleep 30
-          
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
+  # security-scan:
+  #   name: Security Scan
+  #   runs-on: ubuntu-latest
+  #   needs: build-and-push
+  #   if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+  #   permissions:
+  #     contents: read
+  #     security-events: write
+  #
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v4
+  #
+  #     - name: Wait for image to be available
+  #       run: |
+  #         echo "Waiting for image to be available in registry..."
+  #         sleep 60
+  #         
+  #     - name: Run Trivy vulnerability scanner
+  #       uses: aquasecurity/trivy-action@master
+  #       with:
+  #         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push.outputs.image-digest }}
+  #         format: 'sarif'
+  #         output: 'trivy-results.sarif'
+  #
+  #     - name: Upload Trivy scan results to GitHub Security tab
+  #       uses: github/codeql-action/upload-sarif@v3
+  #       if: always()
+  #       with:
+  #         sarif_file: 'trivy-results.sarif'
 
   release:
     name: Create Release
     runs-on: ubuntu-latest
-    needs: [build-and-push, security-scan]
+    needs: [build-and-push]
     if: startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: write

From 51b7ef43b17867fcafd202e8b386a72f6b04672f Mon Sep 17 00:00:00 2001
From: Hordunlarmy <hordunlarmy@gmail.com>
Date: Sun, 14 Sep 2025 14:31:59 +0100
Subject: [PATCH 2/4] ci(build-and-push.yml): Update Docker image tagging
 strategy

---
 .github/workflows/build-and-push.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
index 6212408..36556a4 100644
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@@ -76,9 +76,7 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest
-            type=semver,pattern={{major}}.{{minor}}.{{patch}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
+            type=ref,event=tag
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5

From 19d2a2be9efe6bcb6c9b9970d8e0ef1272870107 Mon Sep 17 00:00:00 2001
From: Hordunlarmy <hordunlarmy@gmail.com>
Date: Sun, 14 Sep 2025 14:44:51 +0100
Subject: [PATCH 3/4] feat(github actions): Add separate test workflow

---
 .github/workflows/build-and-push.yml | 33 +------------------------
 .github/workflows/test.yml           | 37 ++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 32 deletions(-)
 create mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
index 36556a4..8e07df2 100644
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@@ -3,47 +3,15 @@ name: Build and Push Docker Image
 on:
   push:
     tags: [ 'v*' ]
-  pull_request:
-    branches: [ main ]
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}/liquibase-migrator
 
 jobs:
-  # test:
-  #   name: Run Tests
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout code
-  #       uses: actions/checkout@v4
-  #
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v3
-  #
-  #     - name: Build test image
-  #       run: |
-  #         docker build -t migkit/liquibase-migrator:test ./liquibase-migrator
-  #
-  #     - name: Start test services
-  #       run: |
-  #         docker-compose --profile test up -d postgres-test
-  #         sleep 10
-  #
-  #     - name: Run tests
-  #       run: |
-  #         chmod +x ./test.sh
-  #         ./test.sh
-  #
-  #     - name: Cleanup test environment
-  #       if: always()
-  #       run: |
-  #         docker-compose --profile test down -v --remove-orphans
-
   build-and-push:
     name: Build and Push
     runs-on: ubuntu-latest
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: read
       packages: write
@@ -77,6 +45,7 @@ jobs:
           tags: |
             type=raw,value=latest
             type=ref,event=tag
+            type=semver,pattern={{raw}}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..f0c7e42
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,37 @@
+name: Test
+
+on:
+  push:
+    branches: [ main, dev, staging ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build test image
+        run: |
+          docker build -t migkit/liquibase-migrator:test ./liquibase-migrator
+
+      - name: Start test services
+        run: |
+          docker-compose --profile test up -d postgres-test
+          sleep 10
+
+      - name: Run tests
+        run: |
+          chmod +x ./test.sh
+          ./test.sh
+
+      - name: Cleanup test environment
+        if: always()
+        run: |
+          docker-compose --profile test down -v --remove-orphans

From 392aeafe9e0aa309fa766b780cde374f702da922 Mon Sep 17 00:00:00 2001
From: Hordunlarmy <hordunlarmy@gmail.com>
Date: Sun, 14 Sep 2025 14:45:38 +0100
Subject: [PATCH 4/4] ci(workflow): restrict testing to main branch only

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f0c7e42..a04bcfb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,7 +2,7 @@ name: Test
 
 on:
   push:
-    branches: [ main, dev, staging ]
+    branches: [ main ]
   pull_request:
     branches: [ main ]