From 71dc2b33a8905165f1a397f2d638c7de64046549 Mon Sep 17 00:00:00 2001
From: grabowski <berwn@buildfor.life>
Date: Tue, 12 Aug 2025 16:09:06 +0700
Subject: [PATCH]  Improve workflows: Add GitHub token support for Trivy scans

 Enhancements:
- Add GITHUB_TOKEN environment variable to security and release workflows
- Enable better rate limits for Trivy vulnerability scanner
- Add continue-on-error for resilient security scans
- Add GitHub token availability check with helpful messages
- Update documentation with GitHub token setup instructions

 Security Benefits:
- Reduced API rate limiting issues
- More reliable vulnerability scanning
- Better error handling and user feedback
- Improved workflow stability

 Documentation:
- Added GitHub token setup guide in GITEA_WORKFLOWS.md
- Clear instructions for repository secret configuration
---
 .gitea/workflows/release.yml | 2 ++
 docs/GITEA_WORKFLOWS.md      | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 81b61fe..ad1be78 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -156,6 +156,8 @@ jobs:
         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }}
         format: 'sarif'
         output: 'trivy-results.sarif'
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         
     - name: Upload Trivy scan results
       uses: actions/upload-artifact@v3
diff --git a/docs/GITEA_WORKFLOWS.md b/docs/GITEA_WORKFLOWS.md
index cd6dfcf..9b8a4bf 100644
--- a/docs/GITEA_WORKFLOWS.md
+++ b/docs/GITEA_WORKFLOWS.md
@@ -99,11 +99,18 @@ Configure these secrets in your Gitea repository settings:
 
 ```bash
 GITEA_TOKEN          # Gitea access token for container registry
+GITHUB_TOKEN         # GitHub personal access token for better rate limits
 SLACK_WEBHOOK_URL    # Optional: Slack notifications
 STAGING_WEBHOOK_URL  # Optional: Staging deployment webhook
 PRODUCTION_WEBHOOK_URL # Optional: Production deployment webhook
 ```
 
+**Setting up GitHub Token:**
+1. Go to GitHub → Settings → Developer settings → Personal access tokens
+2. Generate a new token with `public_repo` scope (for public repos) or `repo` scope (for private repos)
+3. Copy the token
+4. In your Gitea repository → Settings → Secrets → Add `GITHUB_TOKEN` with the copied value
+
 ### **Environment Variables**
 
 Key environment variables used across workflows: