From 3abaedccf5dd8ed4aa1b156d2b8a654dca8c2b09 Mon Sep 17 00:00:00 2001
From: hangpersonal <hangcui1201@gmail.com>
Date: Sat, 18 Oct 2025 14:35:09 -0700
Subject: [PATCH] Add .gitea/workflows/*.yaml

---
 .gitea/workflows/010_ci_docker_image.yaml | 26 +++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.gitea/workflows/010_ci_docker_image.yaml b/.gitea/workflows/010_ci_docker_image.yaml
index 3eddc8a..561e098 100644
--- a/.gitea/workflows/010_ci_docker_image.yaml
+++ b/.gitea/workflows/010_ci_docker_image.yaml
@@ -93,6 +93,32 @@ jobs:
           curl -s "http://${{ vars.LOCALHOST }}:8143/" ; echo
           echo "Stop container: "
           docker container stop ${{ inputs.container-name }}
+
+  vulnerability-scan:
+    runs-on: ubuntu-22.04
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ inputs.container-name }}:${{ inputs.image-tag }}
+          format: 'json'
+          output: 'trivy-results.json'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload results
+        uses: actions/upload-artifact@v3
+        with:
+          name: trivy-results
+          path: ${{ github.workspace }}/trivy-results.json
           
   publish-image:
     runs-on: ubuntu-22.04