From 17c32c00d35fda54bec3038bd29ba6a97aa82fb1 Mon Sep 17 00:00:00 2001
From: hangpersonal <hangcui1201@gmail.com>
Date: Sat, 18 Oct 2025 20:13:26 -0700
Subject: [PATCH] Add .gitea/workflows/*.yaml

---
 .gitea/workflows/010_ci_docker_image.yaml | 28 +++++++++++++++++------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/010_ci_docker_image.yaml b/.gitea/workflows/010_ci_docker_image.yaml
index 1a3e56c..afbf93a 100644
--- a/.gitea/workflows/010_ci_docker_image.yaml
+++ b/.gitea/workflows/010_ci_docker_image.yaml
@@ -103,14 +103,28 @@ jobs:
         with:
           name: image
           path: /tmp
-      - name: Load image
-        run: docker load --input /tmp/image.tar
-      - name: Scan loaded image
+          
+          
+      # Trivy CLI install (no Docker needed)
+      - name: Install Trivy CLI
         run: |
-          IMAGE="${{ inputs.image-name }}:${{ inputs.image-tag }}"
-          docker run --rm aquasec/trivy:0.52.2 image \
-            --format json --severity CRITICAL,HIGH --ignore-unfixed \
-            "$IMAGE" > /tmp/trivy-results.json
+          set -euo pipefail
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \
+            | sh -s -- -b /usr/local/bin v0.65.0
+          trivy --version
+            
+
+      # IMPORTANT: the tar sits under /tmp/image.tar
+      - name: Scan saved image tar with Trivy (no daemon)
+        run: |
+          ls -la /tmp || true
+          trivy image \
+            --input /tmp/image.tar \
+            --format json \
+            --output /tmp/trivy-results.json \
+            --severity CRITICAL,HIGH \
+            --ignore-unfixed
+         
       - name: Upload results
         uses: actions/upload-artifact@v3
         with: