Workflow maintenance: fix Trivy, disable CodeQL (#46)

- Trivy: switch to table output, increase timeout, skip Java source dirs
  (SARIF upload requires Advanced Security, not available on private repos)
- CodeQL: disabled (same reason) — will re-enable when repo goes public
- codeql-action updated to v4

Co-authored-by: litebito <litebito@users.noreply.github.com>
This commit is contained in:
litebito 2026-04-27 21:57:15 +02:00 committed by GitHub
parent c0bf92c0ed
commit 99ca0df7de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 11 deletions

View file

@ -8,9 +8,6 @@ on:
- main
schedule:
- cron: '0 0 * * *'
permissions:
contents: read
security-events: write
jobs:
scan:
name: scan
@ -22,16 +19,10 @@ jobs:
uses: aquasecurity/trivy-action@v0.36.0
with:
scan-type: 'fs'
format: 'sarif'
format: 'table'
ignore-unfixed: true
output: 'trivy-results.sarif'
severity: 'CRITICAL'
severity: 'CRITICAL,HIGH'
timeout: '15m'
skip-dirs: 'airsonic-main,airsonic-rest-api,airsonic-sonos-api'
env:
TRIVY_SKIP_JAVA_DB_UPDATE: 'true'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
if: always() && hashFiles('trivy-results.sarif') != ''
with:
sarif_file: 'trivy-results.sarif'