enroll/.forgejo/workflows/trivy.yml

name: Trivy

on:
  schedule:
    - cron: '0 1 * * *'
  push:

jobs:
  test:
    runs-on: docker

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install system dependencies
        run: |
          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends wget gnupg
          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | tee -a /etc/apt/sources.list.d/trivy.list
          apt-get update
          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends trivy

      - name: Run trivy
        run: |
          trivy fs --no-progress --ignore-unfixed --format table --disable-telemetry --skip-version-check --exit-code 1 .

      # Notify if any previous step in this job failed
      - name: Notify on failure
        if: ${{ failure() }}
        env:
          WEBHOOK_URL: ${{ secrets.NODERED_WEBHOOK_URL }}
          REPOSITORY: ${{ forgejo.repository }}
          RUN_NUMBER: ${{ forgejo.run_number }}
          SERVER_URL: ${{ forgejo.server_url }}
        run: |
          curl -X POST \
               -H "Content-Type: application/json" \
               -d "{\"repository\":\"$REPOSITORY\",\"run_number\":\"$RUN_NUMBER\",\"status\":\"failure\",\"url\":\"$SERVER_URL/$REPOSITORY/actions/runs/$RUN_NUMBER\"}" \
               "$WEBHOOK_URL"
Many tweaks 2025-12-15 11:04:54 +11:00			`name: Trivy`

			`on:`
			`schedule:`
			`- cron: '0 1 * * *'`
			`push:`

			`jobs:`
			`test:`
			`runs-on: docker`

			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v4`

			`- name: Install system dependencies`
			`run: \|`
			`DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends wget gnupg`
			`wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| gpg --dearmor \| tee /usr/share/keyrings/trivy.gpg > /dev/null`
			`echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" \| tee -a /etc/apt/sources.list.d/trivy.list`
			`apt-get update`
			`DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends trivy`

			`- name: Run trivy`
			`run: \|`
Fix trivy exit code 2025-12-22 17:28:10 +11:00			`trivy fs --no-progress --ignore-unfixed --format table --disable-telemetry --skip-version-check --exit-code 1 .`
Many tweaks 2025-12-15 11:04:54 +11:00
			`# Notify if any previous step in this job failed`
			`- name: Notify on failure`
			`if: ${{ failure() }}`
			`env:`
			`WEBHOOK_URL: ${{ secrets.NODERED_WEBHOOK_URL }}`
			`REPOSITORY: ${{ forgejo.repository }}`
			`RUN_NUMBER: ${{ forgejo.run_number }}`
			`SERVER_URL: ${{ forgejo.server_url }}`
			`run: \|`
			`curl -X POST \`
			`-H "Content-Type: application/json" \`
			`-d "{\"repository\":\"$REPOSITORY\",\"run_number\":\"$RUN_NUMBER\",\"status\":\"failure\",\"url\":\"$SERVER_URL/$REPOSITORY/actions/runs/$RUN_NUMBER\"}" \`
			`"$WEBHOOK_URL"`