infra: added trivy vulnerability scanner to CI/CD

fix: fixed typo
2025-12-22 10:01:52 +01:00 · 2025-12-22 09:40:43 +01:00
2 changed files with 11 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -60,6 +60,7 @@ jobs:
          password: ${{ secrets.G1T34_TOKEN }}

      - name: Build and push
+        id: docker_build
        uses: docker/build-push-action@v5
        with:
          context: .
@@ -71,3 +72,12 @@ jobs:
            PYTHON_VERSION=${{ steps.config.outputs.python_version }}
            PYTHON_VERSION_SHORT=${{ steps.config.outputs.python_version_short }}
            RUNNER=${{ steps.config.outputs.runner }}
+
+      - name: 🛡️ Run Trivy Vulnerability Scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITAL, HIGH'
--- a/2
+++ b/2
@@ -242,7 +242,7 @@ _ci-dump-config:
 	@echo "image_name=$(IMAGE_NAME)"
 	@echo "python_version=$(PYTHON_VERSION)"
 	@echo "python_version_short=$(PYTHON_VERSION_SHORT)"
-	@echo "runner=$(IMAGE_NAME)"
+	@echo "runner=$(RUNNER)"
 	@echo "service_name=$(SERVICE_NAME)"

 _ci-run-tests: build-test
Author	SHA1	Message	Date
Francwa	56a3c1257d	infra: added trivy vulnerability scanner to CI/CD Some checks failed CI/CD Awesome Pipeline / Test (push) Successful in 1m36s Details CI/CD Awesome Pipeline / Build & Push to Registry (push) Failing after 7m10s Details	2025-12-22 10:01:52 +01:00
Francwa	79d23f936a	fix: fixed typo	2025-12-22 09:40:43 +01:00