From 92e04bcbac5515654ee68470a816029215114c7a Mon Sep 17 00:00:00 2001
From: alpha-nerd <alpha-nerd@noreply.localhost>
Date: Wed, 13 May 2026 10:13:51 +0200
Subject: [PATCH] =?UTF-8?q?.forgejo/workflows/nyx-scan.yml=20hinzugef?=
 =?UTF-8?q?=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .forgejo/workflows/nyx-scan.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .forgejo/workflows/nyx-scan.yml

diff --git a/.forgejo/workflows/nyx-scan.yml b/.forgejo/workflows/nyx-scan.yml
new file mode 100644
index 0000000..2ee672c
--- /dev/null
+++ b/.forgejo/workflows/nyx-scan.yml
@@ -0,0 +1,32 @@
+name: NYX Security Scan
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  nyx-scan:
+    runs-on: docker-amd64
+
+    steps:
+      - name: Checkout PR
+        run: |
+          git clone --depth=1 \
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \
+            .
+          git fetch --depth=1 origin ${{ github.sha }}
+          git checkout ${{ github.sha }}
+
+      - name: Fetch action source
+        run: |
+          git clone --depth=1 --branch master \
+            "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \
+            ./.nyx-action
+
+      - uses: ./.nyx-action/nyx-scan
+        with:
+          forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }}
+          repository: ${{ github.repository }}
+          pr_number: ${{ github.event.pull_request.number }}
+          sha: ${{ github.sha }}
+          fail_on: HIGH
\ No newline at end of file