From 6d14cf925376e379f41ca017f678d08fd172119c Mon Sep 17 00:00:00 2001
From: ilia <ilia@levkin.ca>
Date: Sat, 13 Dec 2025 23:37:38 -0500
Subject: [PATCH] Fix: Install git for Gitleaks and use direct Trivy binary
 download

---
 .gitea/workflows/ci.yml | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 8e88f82..dd5ff01 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -72,9 +72,9 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install Gitleaks
+      - name: Install git and Gitleaks
         run: |
-          apt-get update && apt-get install -y wget curl
+          apt-get update && apt-get install -y wget curl git
           GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
           wget -q "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" -O /tmp/gitleaks.tar.gz
           tar -xzf /tmp/gitleaks.tar.gz -C /usr/local/bin/ gitleaks
@@ -102,10 +102,11 @@ jobs:
       - name: Install Trivy
         run: |
           apt-get update && apt-get install -y wget curl
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
-          echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
-          apt-get update && apt-get install -y trivy || \
-            (wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
+          # Use direct binary download (more reliable than apt repo)
+          wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
+          chmod +x /usr/local/bin/trivy
+          trivy --version
+          trivy --version
 
       - name: Scan npm dependencies
         run: |
@@ -281,10 +282,11 @@ jobs:
       - name: Install Trivy
         run: |
           apt-get update && apt-get install -y wget curl
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
-          echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
-          apt-get update && apt-get install -y trivy || \
-            (wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
+          # Use direct binary download (more reliable than apt repo)
+          wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
+          chmod +x /usr/local/bin/trivy
+          trivy --version
+          trivy --version
 
       - name: Scan for Dockerfiles and container configs
         run: |