fix: clean up formatting and streamline Docker login step in CI workflow

Author: argentinaluiz

.github/workflows/ci.yaml

@@ -2,11 +2,11 @@ name: CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
     # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
+    tags: ["v*.*.*"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 env:
   REGISTRY: docker.io
@@ -16,7 +16,6 @@ env:
   CLOUD_BUILDER_NAME: test-ci
 jobs:
   ci:
-
     runs-on: ubuntu-latest
     permissions:
       contents: read # Ler o conteúdo do repositório
@@ -29,19 +28,19 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver: cloud
           endpoint: "${{ env.DOCKER_USERNAME }}/${{ env.CLOUD_BUILDER_NAME }}"
 
-      - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@v3
-        with:
-          #registry: ${{ env.REGISTRY }}
-          username: ${{ env.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      
       - name: Build for CI
         id: build-ci
         uses: docker/[email protected]
@@ -56,13 +55,13 @@ jobs:
           cache-to: type=gha,mode=max
           secrets: |
             github_token=${{ secrets.MY_GITHUB_TOKEN }}
-    
+
       - name: Up containers
         run: docker compose -f ./src/ci/nestjs-project/compose.ci.yaml up -d --wait-timeout 10
-      
+
       - name: Run tests
         run: echo "Running tests..."
-      
+
       - name: Build for analysis
         id: build-for-analysis
         uses: docker/[email protected]
@@ -76,7 +75,7 @@ jobs:
           cache-to: type=gha,mode=max
           secrets: |
             github_token=${{ secrets.MY_GITHUB_TOKEN }}
-      
+
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves
         uses: docker/scout-action@v1
@@ -87,7 +86,7 @@ jobs:
           only-fixed: true
           summary: true # publicar github actions e pull request
           exit-code: true
-      
+
       - name: Analyze for all CVEs
         id: docker-scout-all-cves
         uses: docker/scout-action@v1
@@ -103,7 +102,7 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: sarif.output.json
-      
+
       - name: Extract Docker metadata
         id: meta
         if: github.event_name != 'pull_request'
@@ -116,7 +115,7 @@ jobs:
             type=edge,branch=$repo.default_branch
             type=semver,pattern=v{{version}}
             type=sha,prefix=,suffix=,format=short
-      
+
       - name: Build final
         id: build-final
         if: github.event_name != 'pull_request'
@@ -133,17 +132,16 @@ jobs:
           sbom: true
           secrets: |
             github_token=${{ secrets.MY_GITHUB_TOKEN }}
-      
+
       - name: Install cosign
         if: github.event_name != 'pull_request'
         uses: sigstore/[email protected]
         with:
-          cosign-release: 'v2.2.4'
-      
+          cosign-release: "v2.2.4"
+
       - name: Sign the published Docker image
         if: github.event_name != 'pull_request'
         env:
           TAGS: ${{ steps.meta.outputs.tags }}
           DIGEST: ${{ steps.build-final.outputs.digest }}
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
-