rework build, requirements and pipline

2026-01-18 23:55:52 +01:00
parent 4170a3f3b4
commit 97737c8b73
10 changed files with 80 additions and 79 deletions
--- a/.gitea/workflows/trivy_image_scan.yml
+++ b/.gitea/workflows/trivy_image_scan.yml
@@ -0,0 +1,34 @@
+name: trivy-scan-image
+run-name: Trivy - Scan Docker Image
+
+on:
+  workflow_dispatch: # Manuelles Auslösen des Workflows
+    inputs:
+      image_tag:
+        description: 'Tag für das zu scannende Docker-Image z.B. latest'
+        required: true
+        default: 'latest'
+  schedule:
+    - cron: '15 2 * * 5'
+
+env:
+  image_name: doc_rudi
+  image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
+  registry_gitea: gitea.tebarius.duckdns.org
+  user: tebarius
+
+jobs:
+  trivy_image_scan:
+    runs-on: ubuntu-latest
+    container: aquasec/trivy:latest
+    steps:
+      - name: Scan image with trivy
+        run: |
+          trivy image \
+          --username ${{ env.user }} \
+          --password ${{ secrets.DOCKER_PULL_TOKEN }} \
+          --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          --severity HIGH,CRITICAL \
+          --ignore-unfixed \
+          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}