Add Tricy to CI

.gitea/workflows/release.yml

@@ -31,26 +31,26 @@ jobs:
     needs: test
     steps:
       - name: Checkout code
-        uses: https://github.com/actions/checkout@v4
+        uses: actions/checkout@v4
 
       - name: Get date for image label
         id: date
         run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
 
       - name: Set up Docker Buildx
-        uses: https://github.com/docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
 
       - name: Login to Docker Registry
-        uses: https://github.com/docker/login-action@v3
+        uses: docker/login-action@v3
         with:
           registry: git.orebolt.cz
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_TOKEN }}
 
       - name: Build and push image
-        uses: https://github.com/docker/build-push-action@v5
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true
@@ -66,3 +66,15 @@ jobs:
             org.opencontainers.image.vendor=Orebolt.cz
             org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
             org.opencontainers.image.title=Telegram Downloader
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: '${{ vars.DOCKER_IMAGE }}:latest'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results Security tab
+        uses: codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'