From 9855c5e787bd7093228bf3a978e899dfda8275cc Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <commits@nhcarrigan.com>
Date: Thu, 11 Dec 2025 11:49:43 -0800
Subject: [PATCH] clean shit up

---
 .../{action.yml/action.yml => security.yml}   |  0
 workflows/.gitea/action.yml                   | 83 -------------------
 2 files changed, 83 deletions(-)
 rename .gitea/workflows/{action.yml/action.yml => security.yml} (100%)
 delete mode 100644 workflows/.gitea/action.yml

diff --git a/.gitea/workflows/action.yml/action.yml b/.gitea/workflows/security.yml
similarity index 100%
rename from .gitea/workflows/action.yml/action.yml
rename to .gitea/workflows/security.yml
diff --git a/workflows/.gitea/action.yml b/workflows/.gitea/action.yml
deleted file mode 100644
index 7ca4d99..0000000
--- a/workflows/.gitea/action.yml
+++ /dev/null
@@ -1,83 +0,0 @@
-name: Security Scan
-
-on:
-  push:
-    branches: [ main, master, develop ]
-  pull_request:
-    branches: [ main, master, develop ]
-  schedule:
-    # Run weekly on Mondays at 00:00 UTC
-    - cron: '0 0 * * 1'
-  workflow_dispatch:
-
-jobs:
-  trivy-scan:
-    name: Trivy Security Scan
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      # Manually install Trivy (workaround for Gitea Actions not supporting node24)
-      - name: Install Trivy
-        run: |
-          sudo apt-get update
-          sudo apt-get install wget apt-transport-https gnupg lsb-release -y
-          wget -qO /tmp/trivy-key.asc https://aquasecurity.github.io/trivy-repo/deb/public.key
-          sudo apt-key add /tmp/trivy-key.asc
-          echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install trivy -y
-
-      # Combined scan for vulnerabilities, secrets, and IaC misconfigurations
-      - name: Run Trivy comprehensive security scan
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          scan-ref: '.'
-          scanners: 'vuln,secret,config'
-          format: 'table'
-          output: 'trivy-results.txt'
-          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
-          # Fail on any vulnerability found
-          exit-code: '1'
-          # Don't ignore unfixed vulnerabilities
-          ignore-unfixed: false
-          # Skip database update to speed up scans (uses cached DB)
-          skip-db-update: false
-          # Skip setup since we installed Trivy manually
-          skip-setup-trivy: true
-
-      # Display results for visibility
-      - name: Display Trivy scan results
-        if: always()
-        run: |
-          if [ -f trivy-results.txt ]; then
-            echo "=== Trivy Security Scan Results ==="
-            cat trivy-results.txt
-          fi
-
-      # Static code analysis with Semgrep
-      - name: Run Semgrep static analysis
-        uses: returntocorp/semgrep-action@v1
-        with:
-          config: >-
-            p/security-audit
-            p/owasp-top-ten
-            p/ci
-            p/security
-          generateSarif: '1'
-          outputFormat: 'text'
-          outputFile: 'semgrep-results.txt'
-          # Fail on any finding
-          error: 'true'
-
-      # Display Semgrep results
-      - name: Display Semgrep scan results
-        if: always()
-        run: |
-          if [ -f semgrep-results.txt ]; then
-            echo "=== Semgrep Static Analysis Results ==="
-            cat semgrep-results.txt
-          fi