Release v1.5.0

.github/workflows/pr-security-scan.yml

@@ -42,6 +42,10 @@ on:
         description: 'Name of the Dockerfile'
         type: string
         default: 'Dockerfile'
+      enable_docker_scan:
+        description: 'Enable Docker image build and vulnerability scanning. Set to false for projects without Dockerfile (e.g., CLI tools)'
+        type: boolean
+        default: true
 
 permissions:
   id-token: write       # Required for OIDC authentication
@@ -129,6 +133,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
+        if: inputs.enable_docker_scan
         uses: docker/setup-buildx-action@v3
 
       # ----------------- Security Scans -----------------
@@ -156,7 +161,7 @@ jobs:
           skip-dirs: '.git,node_modules,dist,build,.next,coverage,vendor'
 
       - name: Build Docker Image for Scanning
-        if: always()
+        if: always() && inputs.enable_docker_scan
         uses: docker/build-push-action@v6
         with:
           context: ${{ inputs.monorepo_type == 'type2' && matrix.working_dir == inputs.frontend_folder && inputs.frontend_folder || '.' }}
@@ -170,7 +175,7 @@ jobs:
             ${{ secrets.NPMRC_TOKEN && format('npmrc=//npm.pkg.github.com/:_authToken={0}', secrets.NPMRC_TOKEN) || '' }}
 
       - name: Trivy Vulnerability Scan - Docker Image (Table Output)
-        if: always()
+        if: always() && inputs.enable_docker_scan
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: '${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}:pr-scan-${{ github.sha }}'
@@ -181,7 +186,7 @@ jobs:
           exit-code: '0'
 
       - name: Trivy Vulnerability Scan - Docker Image (SARIF Output)
-        if: always()
+        if: always() && inputs.enable_docker_scan
         uses: aquasecurity/trivy-action@0.33.1
         with:
           image-ref: '${{ env.DOCKERHUB_ORG }}/${{ env.APP_NAME }}:pr-scan-${{ github.sha }}'

docs/api-dog-e2e-tests-workflow.md

@@ -24,10 +24,7 @@ api-tests:
     output_formats: "html,cli"
     node_version: "20"
     runner_type: "firmino-lxc-runners"
-  secrets:
-    test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-    apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-    environment_id: ${{ secrets.APIDOG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ### Auto-detect Environment from Tag
@@ -37,11 +34,7 @@ api-tests:
   uses: LerianStudio/github-actions-shared-workflows/.github/workflows/api-dog-e2e-tests.yml@main
   with:
     auto_detect_environment: true
-  secrets:
-    test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-    apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-    dev_environment_id: ${{ secrets.APIDOG_DEV_ENVIRONMENT_ID }}
-    stg_environment_id: ${{ secrets.APIDOG_STG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ### Complete Example with GitOps Integration
@@ -74,11 +67,7 @@ jobs:
       auto_detect_environment: true
       test_iterations: "3"
       output_formats: "html,cli,json"
-    secrets:
-      test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-      apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-      dev_environment_id: ${{ secrets.APIDOG_DEV_ENVIRONMENT_ID }}
-      stg_environment_id: ${{ secrets.APIDOG_STG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ## Inputs
@@ -244,13 +233,11 @@ with:
 
 **Error**: Environment ID not set
 
-**Solution**: When using `auto_detect_environment: true`, ensure both secrets are provided:
+**Solution**: When using `auto_detect_environment: true`, ensure both environment secrets are configured at the repository or organization level:
+- `APIDOG_DEV_ENVIRONMENT_ID`
+- `APIDOG_STG_ENVIRONMENT_ID`
 
-```yaml
-secrets:
-  dev_environment_id: ${{ secrets.APIDOG_DEV_ENVIRONMENT_ID }}
-  stg_environment_id: ${{ secrets.APIDOG_STG_ENVIRONMENT_ID }}
-```
+Then use `secrets: inherit` in your workflow call.
 
 ### CLI Installation Issues
 
@@ -294,10 +281,7 @@ on:
 jobs:
   api-tests:
     uses: LerianStudio/github-actions-shared-workflows/.github/workflows/api-dog-e2e-tests.yml@main
-    secrets:
-      test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-      apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-      environment_id: ${{ secrets.APIDOG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ### Release Pipeline with E2E
@@ -324,11 +308,7 @@ jobs:
       test_iterations: "3"
       output_formats: "html,cli,json"
       runner_type: "firmino-lxc-runners"
-    secrets:
-      test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-      apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-      dev_environment_id: ${{ secrets.APIDOG_DEV_ENVIRONMENT_ID }}
-      stg_environment_id: ${{ secrets.APIDOG_STG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ### Scheduled E2E Tests
@@ -344,19 +324,13 @@ jobs:
     uses: LerianStudio/github-actions-shared-workflows/.github/workflows/api-dog-e2e-tests.yml@main
     with:
       test_iterations: "2"
-    secrets:
-      test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-      apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-      environment_id: ${{ secrets.APIDOG_DEV_ENVIRONMENT_ID }}
+    secrets: inherit
 
   test_stg:
     uses: LerianStudio/github-actions-shared-workflows/.github/workflows/api-dog-e2e-tests.yml@main
     with:
       test_iterations: "2"
-    secrets:
-      test_scenario_id: ${{ secrets.APIDOG_TEST_SCENARIO_ID }}
-      apidog_access_token: ${{ secrets.APIDOG_ACCESS_TOKEN }}
-      environment_id: ${{ secrets.APIDOG_STG_ENVIRONMENT_ID }}
+    secrets: inherit
 ```
 
 ## Related Workflows

docs/gitops-update-workflow.md

@@ -24,16 +24,11 @@ update_gitops:
   uses: LerianStudio/github-actions-shared-workflows/.github/workflows/gitops-update.yml@main
   with:
     yaml_key_mappings: '{"backend.tag": ".auth.image.tag"}'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
-    docker_username: ${{ secrets.DOCKER_USERNAME }}
-    docker_password: ${{ secrets.DOCKER_PASSWORD }}
+  secrets: inherit
 ```
 
+> **Required Secrets**: `MANAGE_TOKEN`, `LERIAN_CI_CD_USER_NAME`, `LERIAN_CI_CD_USER_EMAIL`, `ARGOCD_GHUSER_TOKEN`, `ARGOCD_URL`, `DOCKER_USERNAME`, `DOCKER_PASSWORD`
+
 **Auto-generated values** (for repo `my-backend-service`):
 - App name: `my-backend-service`
 - Artifact pattern: `gitops-tags-my-backend-service-*`
@@ -50,14 +45,7 @@ update_gitops:
   uses: LerianStudio/github-actions-shared-workflows/.github/workflows/gitops-update.yml@main
   with:
     yaml_key_mappings: '{"backend.tag": ".crm.image.tag", "frontend.tag": ".frontend.image.tag"}'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
-    docker_username: ${{ secrets.DOCKER_USERNAME }}
-    docker_password: ${{ secrets.DOCKER_PASSWORD }}
+  secrets: inherit
 ```
 
 ### Dynamic Mapping Example (Multiple Components like Midaz)
@@ -70,14 +58,7 @@ update_gitops:
   with:
     use_dynamic_mapping: true
     yaml_key_mappings: '{"prefix": "midaz-"}'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
-    docker_username: ${{ secrets.DOCKER_USERNAME }}
-    docker_password: ${{ secrets.DOCKER_PASSWORD }}
+  secrets: inherit
 ```
 
 ### Manual Environment Selection
@@ -97,10 +78,7 @@ update_gitops:
       }
     commit_message_prefix: 'my-backend-service'
     enable_argocd_sync: false
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
+  secrets: inherit
 ```
 
 ## Inputs
@@ -282,12 +260,7 @@ update_gitops_backend:
     yaml_key_mappings: '{"backend.tag": ".auth.image.tag"}'
     commit_message_prefix: 'my-backend-service'
     argocd_app_name: 'firmino-my-backend-service'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
+  secrets: inherit
 ```
 
 ### From Multi-Component App
@@ -322,12 +295,7 @@ update_gitops:
     commit_message_prefix: 'my-fullstack-app'
     argocd_app_name: 'firmino-my-fullstack-app'
     runner_type: 'ubuntu-latest'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
+  secrets: inherit
 ```
 
 ### From Monorepo with Dynamic Mapping
@@ -356,12 +324,7 @@ update_gitops:
     yaml_key_mappings: '{"prefix": "myapp-"}'
     commit_message_prefix: 'my-platform'
     argocd_app_name: 'firmino-my-platform'
-  secrets:
-    manage_token: ${{ secrets.MANAGE_TOKEN }}
-    ci_cd_user_name: ${{ secrets.LERIAN_CI_CD_USER_NAME }}
-    ci_cd_user_email: ${{ secrets.LERIAN_CI_CD_USER_EMAIL }}
-    argocd_token: ${{ secrets.ARGOCD_GHUSER_TOKEN }}
-    argocd_url: ${{ secrets.ARGOCD_URL }}
+  secrets: inherit
 ```
 
 ## Troubleshooting

docs/go-pr-analysis-workflow.md

@@ -72,8 +72,7 @@ jobs:
       enable_tests: true
       enable_coverage: true
       enable_build: true
-    secrets:
-      manage_token: ${{ secrets.GITHUB_TOKEN }}
+    secrets: inherit
 ```
 
 ### Minimal (Only Tests and Lint)

docs/go-release-workflow.md

@@ -45,11 +45,11 @@ jobs:
       enable_docker: true
       docker_registry: 'ghcr.io'
       docker_platforms: 'linux/amd64,linux/arm64'
-    secrets:
-      docker_username: ${{ secrets.DOCKER_USERNAME }}
-      docker_password: ${{ secrets.DOCKER_PASSWORD }}
+    secrets: inherit
 ```
 
+> **Note**: Requires `DOCKER_USERNAME` and `DOCKER_PASSWORD` secrets in repository.
+
 ### With Homebrew Formula
 
 ```yaml
@@ -65,10 +65,11 @@ jobs:
     with:
       enable_homebrew: true
       homebrew_tap_repo: 'myorg/homebrew-tap'
-    secrets:
-      tap_github_token: ${{ secrets.TAP_GITHUB_TOKEN }}
+    secrets: inherit
 ```
 
+> **Note**: Requires `TAP_GITHUB_TOKEN` secret with write access to tap repository.
+
 ### Full Configuration
 
 ```yaml
@@ -92,10 +93,7 @@ jobs:
       enable_homebrew: true
       homebrew_tap_repo: 'myorg/homebrew-tap'
       enable_notifications: true
-    secrets:
-      tap_github_token: ${{ secrets.TAP_GITHUB_TOKEN }}
-      docker_username: ${{ secrets.DOCKER_USERNAME }}
-      docker_password: ${{ secrets.DOCKER_PASSWORD }}
+    secrets: inherit
 ```
 
 ## Inputs
@@ -159,10 +157,11 @@ jobs:
     uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@main
     with:
       goreleaser_distribution: 'goreleaser-pro'
-    secrets:
-      goreleaser_key: ${{ secrets.GORELEASER_KEY }}
+    secrets: inherit
 ```
 
+> **Note**: Requires `GORELEASER_KEY` secret with your GoReleaser Pro license.
+
 ### Skip Tests (Fast Release)
 
 ```yaml