From f98e4610674d9f92a671c3897b2f5e1730da912c Mon Sep 17 00:00:00 2001
From: "Diego Ferreira L.G.Oliveira" <diegoferreira1964@gmail.com>
Date: Sat, 6 Jun 2026 23:19:11 -0300
Subject: [PATCH] fix(ci): mover docker-push para environment producao para
 acessar secrets

---
 .github/workflows/release.yml | 27 +++++++--------------------
 1 file changed, 7 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8cc93f4..c484572 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -240,29 +240,16 @@ jobs:
       - name: Auditoria de dependências
         run: pnpm audit --audit-level=high
 
-  # ─── Aprovação manual — gate antes de qualquer push para produção ─────────
-  aprovacao-producao:
-    name: Aprovacao para Producao
-    runs-on: ubuntu-latest
-    needs: security-scan
-    timeout-minutes: 10
-    environment: producao
-    permissions:
-      contents: read
-
-    steps:
-      - name: Release ${{ github.ref_name }} aprovado para producao
-        run: |
-          echo "Tag: ${{ github.ref_name }}"
-          echo "Commit: ${{ github.sha }}"
-          echo "Aprovado por: ${{ github.actor }}"
-
-  # ─── Build e push da imagem Docker para o Docker Hub ──────────────────────
+  # ─── Aprovação manual + Push Docker Hub (mesmo job = mesmo environment) ────
+  # O environment: producao serve dois propósitos:
+  #   1. Gate de aprovação manual (Required reviewers no GitHub)
+  #   2. Acesso aos secrets DOCKERHUB_USERNAME e DOCKER_TOKEN do environment
   docker-push:
-    name: Build e Push Docker Hub
+    name: Aprovacao e Push Docker Hub
     runs-on: ubuntu-latest
-    needs: aprovacao-producao
+    needs: security-scan
     timeout-minutes: 15
+    environment: producao
     permissions:
       contents: read