From d876a67244005bec0e30493096cb33f4ca08025b Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Fri, 29 May 2026 21:19:56 -0500
Subject: [PATCH] ci: refresh workflow (re-run pipelines)

---
 .gitea/workflows/ci.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 4423808..aa938db 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,5 +1,5 @@
 ---
-# ci-sync: 2026-05-30T01:31:07Z
+# ci-sync: 2026-05-30T02:20:03Z
 # Homelab CI — Docker/heavy lane (git-ci-02)
 name: CI
 
@@ -42,7 +42,8 @@ jobs:
           for f in Dockerfile docker/**/Dockerfile */Dockerfile; do
             [ -f "$f" ] || continue
             found=1
-            docker run --rm -i hadolint/hadolint < "$f"
+            # Warnings (unpinned apt/pip) are advisory; only errors fail the job
+            docker run --rm -i hadolint/hadolint hadolint --failure-threshold error - < "$f"
           done
           [ "$found" -eq 1 ] || echo "No Dockerfile — skip hadolint"
 
@@ -60,5 +61,9 @@ jobs:
           fetch-depth: 0
       - name: Gitleaks
         run: |
+          extra=""
+          if [ -f .gitleaks.toml ]; then
+            extra="--config /repo/.gitleaks.toml"
+          fi
           docker run --rm -v "$PWD:/repo" ghcr.io/gitleaks/gitleaks:latest \
-            detect --source /repo --no-banner --redact
+            detect --source /repo --no-banner --redact ${extra}