Update https://git.quad4.io/actions/setup-node action to v6

Update README.md
Add container image scanning and SBOM generation tasks to Taskfile
2025-12-31 00:03:42 +00:00 · 2025-12-29 20:13:27 -06:00 · 2025-12-29 20:13:19 -06:00
4 changed files with 19 additions and 5 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
      - name: Checkout
        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - name: Setup Node.js
-        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
        with:
          node-version: 22
          cache: pnpm
@@ -35,7 +35,7 @@ jobs:
      - name: Checkout
        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - name: Setup Node.js
-        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
        with:
          node-version: 22
          cache: pnpm
--- a/.gitea/workflows/npm-publish.yml
+++ b/.gitea/workflows/npm-publish.yml
@@ -14,7 +14,7 @@ jobs:
        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

      - name: Setup Node.js
-        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
        with:
          node-version: '22'
          cache: pnpm
@@ -34,7 +34,7 @@ jobs:
        run: task package

      - name: Configure npm for publishing
-        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
        with:
          node-version: '22'
          registry-url: 'https://git.quad4.io/api/packages/quad4-software/npm/'
--- a/README.md
+++ b/README.md
@@ -90,6 +90,8 @@ The project uses [Task](https://taskfile.dev/) for all development tasks.
 | podman-build  | Build Podman image                    |
 | podman-run    | Run Podman container                  |
 | podman        | Build and run Podman container        |
+| scan          | Scan container image with trivy       |
+| sbom          | Generate SBOM with trivy              |
 | version:minor | Bump version minor                    |
 | version:major | Bump version major                    |
 | setup         | Setup development environment         |
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -25,7 +25,7 @@ tasks:
  publish:
    desc: Publish to npm registry
    cmds:
-      - pnpm publish
+      - pnpm publish --no-git-checks

  preview:
    desc: Preview production build
@@ -80,6 +80,18 @@ tasks:
    desc: Build and run Podman container
    deps: [podman-build, podman-run]

+  scan:
+    desc: Scan container image with trivy
+    cmds:
+      - trivy image --scanners vuln surveilled
+
+  sbom:
+    desc: Generate SBOM with trivy
+    cmds:
+      - mkdir -p sbom
+      - trivy fs --format spdx-json --include-dev-deps --output sbom/sbom.spdx.json .
+      - trivy fs --format cyclonedx --include-dev-deps --output sbom/sbom.cyclonedx.json .
+
  setup:
    desc: Setup development environment
    cmds:
Author	SHA1	Message	Date
Renovate Bot	e65a88a1c8	Update https://git.quad4.io/actions/setup-node action to v6 All checks were successful OSV-Scanner PR Scan / scan-pr (pull_request) Successful in 9s Details	2025-12-31 00:03:42 +00:00
Sudo-Ivan	1e694fcbf0	Update README.md All checks were successful OSV-Scanner Scheduled Scan / scan-scheduled (push) Successful in 10s Details CI / check (push) Successful in 9m26s Details CI / build (push) Successful in 9m36s Details	2025-12-29 20:13:27 -06:00
Sudo-Ivan	077dbf95c2	Add container image scanning and SBOM generation tasks to Taskfile	2025-12-29 20:13:19 -06:00