feat: initial commit — kubectl/configure, infisical/fetch-secret, helm/upgrade actions

.gitea/actions/trivy/image_scan/action.yml

@@ -0,0 +1,21 @@
+name: Trivy Scan Image
+description: Scan a container image with Trivy
+inputs:
+  IMAGE_PATH:
+    description: "The registry path to the image to scan"
+    required: true
+  IMAGE_TAG:
+    description: "The image tag to scan"
+    required: true
+  FAIL_HARD:
+    description: "Boolean: true will fail the build if vulnerabilities are found, false will not"
+    required: false
+    default: 'false'
+
+runs:
+  using: composite
+  steps:
+    - name: Scan Container Registry Image
+      shell: sh
+      run: |
+        trivy image ${{ inputs.IMAGE_PATH }}:${{ inputs.IMAGE_TAG }} --report=all --exit-code=${{ contains(fromJSON('["true"]'), inputs.FAIL_HARD) && '1' || '0' }} --severity CRITICAL,HIGH