From fb54130928f0d1ba1cb667cf6c18cb50d79fbe48 Mon Sep 17 00:00:00 2001
From: Arne Baeumler <arne@br0tkasten.de>
Date: Sun, 18 Jan 2026 12:40:03 +0100
Subject: [PATCH] fix: trivy workflow

---
 .gitea/workflows/publish-docker.yml | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/publish-docker.yml b/.gitea/workflows/publish-docker.yml
index afbb72f..76f527c 100644
--- a/.gitea/workflows/publish-docker.yml
+++ b/.gitea/workflows/publish-docker.yml
@@ -1,5 +1,5 @@
 ---
-name: Build, Scan and Publish Docker Image
+name: Lint, Build, Scan and Publish Docker Image
 on:
   push:
     branches:
@@ -8,6 +8,29 @@ on:
       - 'v*'
 
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Ruff
+        run: pip install ruff
+
+      - name: Run Ruff (Lint & Format Check)
+        run: |
+          ruff check .
+          ruff format --check .
+
+      - name: Lint Dockerfile (Hadolint)
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+
+      - name: Security Lint Dockerfile (Trivy)
+        run: |
+          trivy config --server http://trivy-server:8080 .
+
   build-and-push:
     runs-on: ubuntu-latest
     steps: