From 8124424e963e3728716a444290c5bbde137b3ef8 Mon Sep 17 00:00:00 2001
From: anti <samuel@securejump.cl>
Date: Mon, 13 Apr 2026 07:56:44 -0400
Subject: [PATCH] fix: replace trivy-action with direct install to avoid GitHub
 credential dependency

---
 .gitea/workflows/release.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index e7c198e..5fc3273 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -115,13 +115,13 @@ $CHANGELOG"
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Install Trivy
+        run: |
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
       - name: Scan with Trivy
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: decnet-${{ matrix.service }}:scan
-          exit-code: "1"
-          severity: CRITICAL
-          ignore-unfixed: true
+        run: |
+          trivy image --exit-code 1 --severity CRITICAL --ignore-unfixed decnet-${{ matrix.service }}:scan
 
       - name: Push image
         if: success()