From 8b454dfb372ff2ac4eeaec0bc840723b8b14782f Mon Sep 17 00:00:00 2001
From: Arne Baeumler <arne@br0tkasten.de>
Date: Sun, 25 Jan 2026 20:35:30 +0100
Subject: [PATCH] feat: update ci/cd, migrate to zot container registry

---
 .gitea/workflows/publish-docker.yml | 49 ++++++++++++++++-------------
 1 file changed, 28 insertions(+), 21 deletions(-)

diff --git a/.gitea/workflows/publish-docker.yml b/.gitea/workflows/publish-docker.yml
index 5e8442a..a99035c 100644
--- a/.gitea/workflows/publish-docker.yml
+++ b/.gitea/workflows/publish-docker.yml
@@ -14,28 +14,35 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: install Trivy Security scanner
-        run: |
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
-
-      - name: Lint & Format Check python code with ruff
-        uses: astral-sh/ruff-action@v3
-
-      - name: Lint Dockerfile (Hadolint)
-        uses: hadolint/hadolint-action@v3.1.0
-        with:
-          dockerfile: Dockerfile
-
-      - name: Security Lint Dockerfile (Trivy)
-        run: |
-          trivy config --exit-code 1 --severity CRITICAL,HIGH .
+#      - name: install Trivy Security scanner
+#        run: |
+#          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+#
+#      - name: Lint & Format Check python code with ruff
+#        uses: astral-sh/ruff-action@v3
+#
+#      - name: Lint Dockerfile (Hadolint)
+#        uses: hadolint/hadolint-action@v3.1.0
+#        with:
+#          dockerfile: Dockerfile
+#
+#      - name: Security Lint Dockerfile (Trivy)
+#        run: |
+#          trivy config --exit-code 1 --severity CRITICAL,HIGH .
+#
+#      - name: Log in to Gitea Container Registry
+#        uses: docker/login-action@v3
+#        with:
+#          registry: git.br0tkasten.de
+#          username: ${{ secrets.PACKAGE_USER }}
+#          password: ${{ secrets.PACKAGE_TOKEN }}
 
       - name: Log in to Gitea Container Registry
         uses: docker/login-action@v3
         with:
-          registry: git.br0tkasten.de
-          username: ${{ secrets.PACKAGE_USER }}
-          password: ${{ secrets.PACKAGE_TOKEN }}
+          registry: registry.br0tkasten.de
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
@@ -56,9 +63,9 @@ jobs:
           load: true # This loads the image into the local docker daemon for Trivy to find
           tags: local_scan_target:${{ github.sha }}
 
-      - name: Run Trivy scanner (Binary Mode)
-        run: |
-          trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
+#      - name: Run Trivy scanner (Binary Mode)
+#        run: |
+#          trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5