From dd98dd190633bfd750ffe5f1cf8e1a55f301d5f8 Mon Sep 17 00:00:00 2001
From: Michael Seele <michael.seele@schmalz.de>
Date: Thu, 30 Apr 2026 13:35:25 +0200
Subject: [PATCH] feat: add Aikido security workflows for full scan and PR
 check

---
 .forgejo/workflows/full-scan-aikido.yml       | 18 +++++++++++++++
 .forgejo/workflows/pr-check-aikido.yml        | 23 +++++++++++++++++++
 aikido-full-scan/action.yml                   |  2 +-
 .../docker}/Dockerfile                        |  0
 .../docker}/action.yml                        |  0
 .../docker}/entrypoint.sh                     |  0
 aikido-pr-scan/action.yml                     |  2 +-
 .../docker}/Dockerfile                        |  0
 .../docker}/action.yml                        |  0
 .../docker}/entrypoint.sh                     |  0
 10 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 .forgejo/workflows/full-scan-aikido.yml
 create mode 100644 .forgejo/workflows/pr-check-aikido.yml
 rename {.forgejo/actions/internal-aikido-full-scan => aikido-full-scan/docker}/Dockerfile (100%)
 rename {.forgejo/actions/internal-aikido-full-scan => aikido-full-scan/docker}/action.yml (100%)
 rename {.forgejo/actions/internal-aikido-full-scan => aikido-full-scan/docker}/entrypoint.sh (100%)
 rename {.forgejo/actions/internal-aikido-pr-scan => aikido-pr-scan/docker}/Dockerfile (100%)
 rename {.forgejo/actions/internal-aikido-pr-scan => aikido-pr-scan/docker}/action.yml (100%)
 rename {.forgejo/actions/internal-aikido-pr-scan => aikido-pr-scan/docker}/entrypoint.sh (100%)

diff --git a/.forgejo/workflows/full-scan-aikido.yml b/.forgejo/workflows/full-scan-aikido.yml
new file mode 100644
index 0000000..193323a
--- /dev/null
+++ b/.forgejo/workflows/full-scan-aikido.yml
@@ -0,0 +1,18 @@
+name: Aikido Security Full Scan
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  aikido-full-scan:
+    name: Aikido Security Full Scan
+    runs-on: stackit-ubuntu-22
+    steps:
+      - name: Checkout repository
+        uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/checkout@checkout-v1
+
+      - name: Run Aikido full scan
+        uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/aikido-full-scan@aikido-full-scan-v1
+        with:
+          apikey: ${{ secrets.AIKIDO_CLIENT_API_KEY }}
diff --git a/.forgejo/workflows/pr-check-aikido.yml b/.forgejo/workflows/pr-check-aikido.yml
new file mode 100644
index 0000000..8845713
--- /dev/null
+++ b/.forgejo/workflows/pr-check-aikido.yml
@@ -0,0 +1,23 @@
+name: Aikido Security PR Check
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ forgejo.workflow }}-${{ forgejo.ref }}
+  cancel-in-progress: true
+
+jobs:
+  aikido-security:
+    name: Aikido Security Scan
+    runs-on: stackit-ubuntu-22
+    steps:
+      - name: Checkout repository
+        uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/checkout@checkout-v1
+
+      - name: Security scan
+        uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/aikido-pr-scan@aikido-pr-scan-v1
+        with:
+          apikey: ${{ secrets.AIKIDO_CLIENT_API_KEY }}
diff --git a/aikido-full-scan/action.yml b/aikido-full-scan/action.yml
index fb54ef9..608f7b0 100644
--- a/aikido-full-scan/action.yml
+++ b/aikido-full-scan/action.yml
@@ -12,7 +12,7 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: ./.forgejo/actions/internal-aikido-full-scan
+    - uses: ./aikido-full-scan/docker
       with:
         apikey: ${{ inputs.apikey }}
         organization: ${{ forgejo.repository_owner }}
diff --git a/.forgejo/actions/internal-aikido-full-scan/Dockerfile b/aikido-full-scan/docker/Dockerfile
similarity index 100%
rename from .forgejo/actions/internal-aikido-full-scan/Dockerfile
rename to aikido-full-scan/docker/Dockerfile
diff --git a/.forgejo/actions/internal-aikido-full-scan/action.yml b/aikido-full-scan/docker/action.yml
similarity index 100%
rename from .forgejo/actions/internal-aikido-full-scan/action.yml
rename to aikido-full-scan/docker/action.yml
diff --git a/.forgejo/actions/internal-aikido-full-scan/entrypoint.sh b/aikido-full-scan/docker/entrypoint.sh
similarity index 100%
rename from .forgejo/actions/internal-aikido-full-scan/entrypoint.sh
rename to aikido-full-scan/docker/entrypoint.sh
diff --git a/aikido-pr-scan/action.yml b/aikido-pr-scan/action.yml
index 714cd79..52c3094 100644
--- a/aikido-pr-scan/action.yml
+++ b/aikido-pr-scan/action.yml
@@ -16,7 +16,7 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: ./.forgejo/actions/internal-aikido-pr-scan
+    - uses: ./aikido-pr-scan/docker
       with:
         apikey: ${{ inputs.apikey }}
         organization: ${{ forgejo.repository_owner }}
diff --git a/.forgejo/actions/internal-aikido-pr-scan/Dockerfile b/aikido-pr-scan/docker/Dockerfile
similarity index 100%
rename from .forgejo/actions/internal-aikido-pr-scan/Dockerfile
rename to aikido-pr-scan/docker/Dockerfile
diff --git a/.forgejo/actions/internal-aikido-pr-scan/action.yml b/aikido-pr-scan/docker/action.yml
similarity index 100%
rename from .forgejo/actions/internal-aikido-pr-scan/action.yml
rename to aikido-pr-scan/docker/action.yml
diff --git a/.forgejo/actions/internal-aikido-pr-scan/entrypoint.sh b/aikido-pr-scan/docker/entrypoint.sh
similarity index 100%
rename from .forgejo/actions/internal-aikido-pr-scan/entrypoint.sh
rename to aikido-pr-scan/docker/entrypoint.sh