name: security-scanning

on:
  push:
  workflow_dispatch:

jobs:
  audit:
    runs-on: debian

    steps:
      - name: Clone repository
        run: |
          rm -rf repo
          git clone https://gitea.bubuit.net/oib/aitbc.git repo

      - name: Verify repository context
        run: |
          cd repo
          echo "PWD:"
          pwd
          echo "FILES:"
          ls -la

      - name: Install dependencies
        run: |
          cd repo
          npm install

      - name: Audit dependencies
        run: |
          cd repo
          npm audit || true

      - name: Security scan
        run: |
          cd repo
          npm audit --audit-level moderate || true