Merge pull request 'workflow-tuning' (#75) from workflow-tuning into dev-0.9.x

Reviewed-on: https://bitfreedom.net/code/code/nomyo-ai/nomyo-router/pulls/75
2026-05-13 10:44:31 +02:00 · 2026-05-13 10:44:31 +02:00 · 2106dadf94
commit 2106dadf94
parent 27dfc07889 c8ff25f8f5
1 changed files with 32 additions and 0 deletions
--- a/.forgejo/workflows/nyxscanner.yml
+++ b/.forgejo/workflows/nyxscanner.yml
@ -0,0 +1,32 @@
+name: NYX Security Scan
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  nyx-scan:
+    runs-on: docker-amd64
+
+    steps:
+      - name: Checkout PR
+        run: |
+          git clone --depth=1 \
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \
+            .
+          git fetch --depth=1 origin ${{ github.sha }}
+          git checkout ${{ github.sha }}
+
+      - name: Fetch action source
+        run: |
+          git clone --depth=1 --branch master \
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \
+            ./.nyx-action
+
+      - uses: ./.nyx-action/nyx-scan
+        with:
+          forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }}
+          repository: ${{ github.repository }}
+          pr_number: ${{ github.event.pull_request.number }}
+          sha: ${{ github.sha }}
+          fail_on: HIGH