.forgejo/workflows/nyxscanner.yml

@@ -6,25 +6,21 @@ on:
 
 jobs:
   nyx-scan:
-    runs-on: docker-amd64  # eine Architektur reicht für SAST
+    runs-on: docker-amd64
 
     steps:
-      - name: Checkout target repo
-        uses: actions/checkout@v4
+      - name: Checkout PR
+        uses: https://code.forgejo.org/actions/checkout@v4
 
-      - name: Checkout nyx from Forgejo mirror
-        uses: actions/checkout@v4
-        with:
-          repository: apunkt/nyx
-          # URL deiner Forgejo-Instanz:
-          server_url: https://deine-forgejo-instanz.example.com
-          ref: master
-          path: .nyx-src
+      - name: Clone nyx from Forgejo mirror
+        run: |
+          git clone --depth=1 --branch master \
+            https://bitfreedom.net/code/apunkt/nyx .nyx-src
 
       - name: Install Rust
-        uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          toolchain: stable
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
 
       - name: Build nyx from source
         run: |
@@ -36,9 +32,9 @@ jobs:
         run: |
           nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif
 
-      - name: Upload results
+      - name: Upload SARIF results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: https://code.forgejo.org/actions/upload-artifact@v4
         with:
           name: nyx-sarif-report
           path: nyx-results.sarif