aitbc/.gitea/workflows/security-scanning.yml

name: security-scanning

on:
  push:
  workflow_dispatch:

jobs:
  audit:
    runs-on: debian

    steps:
      - name: Nuclear fix - absolute path control
        run: |
          echo "=== SECURITY SCANNING NUCLEAR FIX ==="
          echo "Current PWD: $(pwd)"
          echo "Forcing absolute workspace path..."
          
          # Clean and create absolute workspace
          rm -rf /opt/gitea-runner/workspace
          mkdir -p /opt/gitea-runner/workspace
          cd /opt/gitea-runner/workspace
          
          echo "Workspace PWD: $(pwd)"
          echo "Cloning repository..."
          git clone https://gitea.bubuit.net/oib/aitbc.git repo
          
          cd repo
          echo "Repo PWD: $(pwd)"
          echo "Files in repo:"
          ls -la
          
          echo "=== PACKAGE.JSON CHECK ==="
          if [ -f "package.json" ]; then
            echo "✅ package.json found!"
            echo "=== NPM INSTALL ==="
            npm install --legacy-peer-deps
            echo "✅ Running audit..."
            npm audit || true
            echo "✅ Security scan..."
            npm audit --audit-level moderate || true
          else
            echo "❌ package.json NOT found!"
            exit 1
          fi