ci: add Trivy image scan to Gitea Actions

This commit is contained in:
striker
2026-05-21 13:42:46 +03:00
parent 5dca709ff2
commit bafd42b774

View File

@@ -25,6 +25,23 @@ jobs:
printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: Build image for security scan
run: |
docker build -t pushkinohistory-ru-v2:scan .
- name: Trivy image scan (HIGH+CRITICAL, warning only)
run: |
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$PWD":/workspace \
ghcr.io/aquasecurity/trivy:latest \
image \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--no-progress \
--exit-code 0 \
pushkinohistory-ru-v2:scan
- name: Deploy to web.hhivp.com
run: |
ssh -i ~/.ssh/id_deploy striker@web.hhivp.com bash -s <<'REMOTE'