Initial commit

Author: nataliagranato

.coderabbit.yaml

@@ -0,0 +1,79 @@
+language: pt-BR
+tone_instructions: ''
+early_access: true
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: true
+  high_level_summary: true
+  high_level_summary_placeholder: '@coderabbitai summary'
+  auto_title_placeholder: '@coderabbitai'
+  review_status: true
+  poem: true
+  collapse_walkthrough: false
+  sequence_diagrams: true
+  path_filters: []
+  path_instructions: []
+  abort_on_close: true
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    ignore_title_keywords: []
+    labels: []
+    drafts: false
+    base_branches: []
+  tools:
+    shellcheck:
+      enabled: true
+    ruff:
+      enabled: true
+    markdownlint:
+      enabled: true
+    github-checks:
+      enabled: true
+      timeout_ms: 90000
+    languagetool:
+      enabled: true
+      enabled_only: false
+      level: default
+      disabled_categories:
+        - TYPOS
+        - TYPOGRAPHY
+        - CASING
+    biome:
+      enabled: true
+    hadolint:
+      enabled: true
+    swiftlint:
+      enabled: true
+    phpstan:
+      enabled: true
+      level: default
+    golangci-lint:
+      enabled: true
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    checkov:
+      enabled: true
+    detekt:
+      enabled: true
+    eslint:
+      enabled: true
+    rubocop:
+      enabled: true
+    buf:
+      enabled: true
+chat:
+  auto_reply: true
+knowledge_base:
+  opt_out: false
+  learnings:
+    scope: auto
+  issues:
+    scope: auto
+  jira:
+    project_keys: []
+  linear:
+    team_keys: []

.github/ PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,39 @@
+## Título do Pull Request
+
+Descreva brevemente o propósito do pull request.
+
+## Descrição
+
+Por favor, inclua um resumo das mudanças e a motivação por trás delas. Liste quaisquer dependências que são necessárias para esta mudança.
+
+## Tipo de Mudança
+
+- [ ] Bugfix
+- [ ] Nova funcionalidade
+- [ ] Mudança de funcionalidade existente
+- [ ] Documentação
+- [ ] Segurança de código
+- [ ] Kubernetes
+- [ ] Helm
+- [ ] Docker
+- [ ] GitHub Actions
+- [ ] Outro
+
+## Checklist
+
+- [ ] Meu código segue as diretrizes de estilo deste projeto
+- [ ] Eu realizei uma auto-revisão do meu próprio código
+- [ ] Eu comentei meu código, especialmente em áreas difíceis de entender
+- [ ] Eu fiz as mudanças correspondentes na documentação
+- [ ] Minhas mudanças não geram novos avisos
+- [ ] Eu adicionei testes que provam que minha correção é eficaz ou que minha funcionalidade funciona
+- [ ] Testes de unidade novos e existentes passam localmente com minhas mudanças
+- [ ] Quaisquer mudanças dependentes foram mescladas e publicadas nos módulos downstream
+
+## Screenshots (se aplicável)
+
+Se aplicável, adicione capturas de tela para ajudar a explicar suas mudanças.
+
+## Questões Relacionadas
+
+Liste quaisquer issues relacionadas aqui, usando o formato `#<issue_number>`.

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Proprietários padrão para todo o repositório
+* @nataliagranato

.github/FUNDING.yml

@@ -0,0 +1,6 @@
+# These are supported funding model platforms
+
+github: nataliagranato
+ko_fi: nataliagranato
+buy_me_a_coffee: nataliagranato
+pix: fada126d-7311-495f-bda2-55ec79b0a39b

.github/ISSUE_TEMPLATE/BUG_REPORT.md

@@ -0,0 +1,35 @@
+---
+name: Bug Report
+about: Crie um relatório para nos ajudar a melhorar
+title: "[BUG]"
+labels: bug
+assignees: nataliagranato
+
+---
+
+## Descrição
+
+Por favor, inclua um resumo do problema e a motivação por trás da issue.
+
+## Screenshots (se aplicável)
+
+Se aplicável, adicione capturas de tela para ajudar a explicar o problema.
+
+## Ambiente
+
+- **Método de Execução**:
+  - [ ] Kubernetes com manifestos
+  - [ ] Kubernetes com Helm
+  - [ ] Docker localmente
+
+- **Sistema Operacional**: [e.g. Ubuntu 20.04]
+- **Navegador**: [e.g. Chrome 89]
+- **Versão da Aplicação**: [e.g. 1.0.0]
+
+## Logs e Saída de Erro
+
+Por favor, inclua quaisquer logs relevantes e saída de erro aqui.
+
+## Questões Relacionadas
+
+Liste quaisquer issues relacionadas aqui, usando o formato `#<issue_number>`.

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/checkov.yml

@@ -0,0 +1,50 @@
+name: Checkov Security Scan
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'    
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened  
+  workflow_dispatch: 
+
+permissions:
+  contents: read
+  security-events: write # Permissão necessária para upload de SARIF
+
+jobs:
+  checkov-scan:
+    name: Checkov Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install Checkov
+        run: pip install checkov
+
+      # Run Checkov with SARIF output
+      - name: Run Checkov and generate SARIF report
+        run: |
+          checkov -d ./ \
+            -o sarif \
+            --output-file checkov-results.sarif \
+            --quiet
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: checkov-results.sarif
+
+      - name: Show Checkov results (verbose)
+        run: checkov -d ./

.github/workflows/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions" # Para GitHub Actions
+  directory: "/" # Localização do workflow YAML
+  schedule:
+    interval: "daily"

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0

.github/workflows/issue.yml

@@ -0,0 +1,26 @@
+name: Resposta Automática a Issues
+
+on:
+  issues:
+    types: [opened]
+permissions:
+  contents: read
+  issues: write  
+  
+jobs:
+  resposta-automatica:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Harden the runner (Audit all outbound calls)
+      uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+      with:
+        egress-policy: audit
+
+    - uses: derekprior/add-autoresponse@500f8788d667c31d43a4469f8a3ec3b491470fd1 # master
+      env:
+        GITHUB_TOKEN: ${{ secrets.USER_TOKEN }}
+      with:
+        respondableId: ${{ github.event.issue.node_id }}
+        response: "Obrigado @${{ github.event.issue.user.login }} por criar esta issue. Se esta issue é sobre um bug, pergunta sobre o produto ou solicitação de funcionalidade: você pode me enviar um e-mail para [email protected]"
+        author: ${{ github.event.issue.user.login }}

.github/workflows/lint.yml

@@ -0,0 +1,38 @@
+---
+name: Lint
+
+on: # yamllint disable-line rule:truthy
+  push: null
+  pull_request: null
+
+permissions: {}
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # super-linter needs the full git history to get the
+          # list of files that changed across commits
+          fetch-depth: 0
+
+      - name: Super-linter
+        uses: super-linter/super-linter@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0
+        env:
+          # To report GitHub Actions status checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/osv-scanner.yml

@@ -0,0 +1,48 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities,
+# in addition to a PR check which fails if new vulnerabilities are introduced.
+#
+# For more examples and options, including how to ignore specific vulnerabilities,
+# see https://google.github.io/osv-scanner/github-action/
+
+name: OSV-Scanner
+
+on:
+  pull_request:
+    branches: [ "main" ]
+  merge_group:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 13 * * *'
+  push:
+    branches: [ "main" ]
+
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Read commit contents
+  contents: read
+
+jobs:
+  scan-scheduled:
+    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@6fc714450122bda9d00e4ad5d639ad6a39eedb1f" # v2.0.1
+    with:
+      # Example of specifying custom arguments
+      scan-args: |-
+        -r
+        --skip-git
+        ./
+  scan-pr:
+    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@6fc714450122bda9d00e4ad5d639ad6a39eedb1f" # v2.0.1
+    with:
+      # Example of specifying custom arguments
+      scan-args: |-
+        -r
+        --skip-git
+        ./