OpsGuild · Hordunlarmy · Sep 14, 2025 · Sep 14, 2025 · Sep 14, 2025 · Sep 14, 2025
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -3,47 +3,15 @@ name: Build and Push Docker Image
 on:
   push:
     tags: [ 'v*' ]
-  pull_request:
-    branches: [ main ]
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}/liquibase-migrator
 
 jobs:
-  # test:
-  #   name: Run Tests
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout code
-  #       uses: actions/checkout@v4
-  #
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v3
-  #
-  #     - name: Build test image
-  #       run: |
-  #         docker build -t migkit/liquibase-migrator:test ./liquibase-migrator
-  #
-  #     - name: Start test services
-  #       run: |
-  #         docker-compose --profile test up -d postgres-test
-  #         sleep 10
-  #
-  #     - name: Run tests
-  #       run: |
-  #         chmod +x ./test.sh
-  #         ./test.sh
-  #
-  #     - name: Cleanup test environment
-  #       if: always()
-  #       run: |
-  #         docker-compose --profile test down -v --remove-orphans
-
   build-and-push:
     name: Build and Push
     runs-on: ubuntu-latest
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: read
       packages: write
@@ -76,9 +44,8 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest
-            type=semver,pattern={{major}}.{{minor}}.{{patch}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
+            type=ref,event=tag
+            type=semver,pattern={{raw}}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
@@ -114,42 +81,43 @@ jobs:
           echo "Digest: ${{ steps.meta.outputs.digest }}"
           echo "Liquibase version used: ${{ steps.liquibase-version.outputs.LIQUIBASE_VERSION }}"
           echo "image-digest=${{ steps.meta.outputs.digest }}" >> $GITHUB_OUTPUT
+        id: output-info
 
-  security-scan:
-    name: Security Scan
-    runs-on: ubuntu-latest
-    needs: build-and-push
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-    permissions:
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Wait for image to be available
-        run: |
-          echo "Waiting for image to be available in registry..."
-          sleep 30
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
+  # security-scan:
+  #   name: Security Scan
+  #   runs-on: ubuntu-latest
+  #   needs: build-and-push
+  #   if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+  #   permissions:
+  #     contents: read
+  #     security-events: write
+  #
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v4
+  #
+  #     - name: Wait for image to be available
+  #       run: |
+  #         echo "Waiting for image to be available in registry..."
+  #         sleep 60
+  #         
+  #     - name: Run Trivy vulnerability scanner
+  #       uses: aquasecurity/trivy-action@master
+  #       with:
+  #         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push.outputs.image-digest }}
+  #         format: 'sarif'
+  #         output: 'trivy-results.sarif'
+  #
+  #     - name: Upload Trivy scan results to GitHub Security tab
+  #       uses: github/codeql-action/upload-sarif@v3
+  #       if: always()
+  #       with:
+  #         sarif_file: 'trivy-results.sarif'
 
   release:
     name: Create Release
     runs-on: ubuntu-latest
-    needs: [build-and-push, security-scan]
+    needs: [build-and-push]
     if: startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: write

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,37 @@
+name: Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build test image
+        run: |
+          docker build -t migkit/liquibase-migrator:test ./liquibase-migrator
+
+      - name: Start test services
+        run: |
+          docker-compose --profile test up -d postgres-test
+          sleep 10
+
+      - name: Run tests
+        run: |
+          chmod +x ./test.sh
+          ./test.sh
+
+      - name: Cleanup test environment
+        if: always()
+        run: |
+          docker-compose --profile test down -v --remove-orphans