From abbf38d86044cc11f949b73e2b2880f03885de0b Mon Sep 17 00:00:00 2001
From: tebarius <tba@gmx.li>
Date: Sat, 13 Dec 2025 23:03:57 +0100
Subject: [PATCH] trivy_image_scan.yml

---
 .gitea/workflows/trivy_image_scan.yml | 28 +++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .gitea/workflows/trivy_image_scan.yml

diff --git a/.gitea/workflows/trivy_image_scan.yml b/.gitea/workflows/trivy_image_scan.yml
new file mode 100644
index 0000000..5c031db
--- /dev/null
+++ b/.gitea/workflows/trivy_image_scan.yml
@@ -0,0 +1,28 @@
+name: release-tag
+
+on:
+  workflow_dispatch: # Manuelles Auslösen des Workflows
+    inputs:
+      image_tag:
+        description: 'Tag für das zu scannende Docker-Image z.B. latest'
+        required: true
+        default: 'latest'
+
+env:
+  image_name_gitea: flask-qr
+  registry_gitea: gitea.tebarius.duckdns.org
+  user: tebarius
+
+jobs:
+  trivy_image_scan:
+    runs-on: ubuntu-latest
+    container: aquasec/trivy:latest
+    steps:
+      - name: Scan image with trivy
+        run: |
+          trivy image \
+          --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          --severity MEDIUM,HIGH,CRITICAL \
+          --ignore-unfixed \
+          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ github.event.inputs.image_tag }}