infra: added trivy vulnerability scanner to CI/CD

.gitea/workflows/ci.yml

@@ -60,6 +60,7 @@ jobs:
           password: ${{ secrets.G1T34_TOKEN }}
 
       - name: Build and push
+        id: docker_build
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -71,3 +72,12 @@ jobs:
             PYTHON_VERSION=${{ steps.config.outputs.python_version }}
             PYTHON_VERSION_SHORT=${{ steps.config.outputs.python_version_short }}
             RUNNER=${{ steps.config.outputs.runner }}
+
+      - name: 🛡️ Run Trivy Vulnerability Scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITAL, HIGH'