.forgejo/workflows/nyxscanner.yml aktualisiert

.forgejo/workflows/nyxscanner.yml

@@ -6,39 +6,27 @@ on:
 
 jobs:
   nyx-scan:
-    runs-on: docker-amd64  # eine Architektur reicht für SAST
+    runs-on: docker-amd64
 
     steps:
-      - name: Checkout target repo
+      - name: Checkout PR
-        uses: actions/checkout@v4
-
-      - name: Checkout nyx from Forgejo mirror
-        uses: actions/checkout@v4
-        with:
-          repository: apunkt/nyx
-          # URL deiner Forgejo-Instanz:
-          server_url: https://bitfreedom.net/code/
-          ref: master
-          path: .nyx-src
-
-      - name: Install Rust
-        uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Build nyx from source
         run: |
-          cd .nyx-src
+          git clone --depth=1 \
-          cargo build --release
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \
-          sudo cp target/release/nyx /usr/local/bin/nyx
+            .
+          git fetch --depth=1 origin ${{ github.sha }}
+          git checkout ${{ github.sha }}
 
-      - name: Run NYX scan
+      - name: Fetch action source
         run: |
-          nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif
+          git clone --depth=1 --branch master \
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \
+            ./.nyx-action
 
-      - name: Upload results
+      - uses: ./.nyx-action/nyx-scan
-        if: always()
-        uses: actions/upload-artifact@v4
         with:
-          name: nyx-sarif-report
+          forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }}
-          path: nyx-results.sarif
+          repository: ${{ github.repository }}
+          pr_number: ${{ github.event.pull_request.number }}
+          sha: ${{ github.sha }}
+          fail_on: HIGH