Refactor CI workflows by removing security scan steps for API Docs, API Gateway, Frontend, and Service Adapters; update Docker build configurations for improved clarity and maintainability.

.gitea/workflows/api-docs.yml

@@ -132,7 +132,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ~/.npm
-        key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package-lock.json') }}
+        key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package.json') }}
         restore-keys: |
           ${{ runner.os }}-node-18-
           ${{ runner.os }}-node-
@@ -169,29 +169,3 @@ jobs:
       
     - name: Build Docker image (test only)
       run: docker build -t api-docs:test .
-
-  security:
-    runs-on: [self-hosted]
-    needs: build
-    
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Build Docker image for security scan
-      run: |
-        cd services/api-docs
-        docker build -t api-docs:security-scan .
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@0.28.0
-      with:
-        image-ref: api-docs:security-scan
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'

.gitea/workflows/api-gateway.yml

@@ -119,31 +119,3 @@ jobs:
     runs-on: [self-hosted]
     needs: build
     
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Set up JDK 17
-      uses: actions/setup-java@v4
-      with:
-        java-version: '17'
-        distribution: 'temurin'
-        cache: maven
-      
-    - name: Build Docker image for security scan
-      run: |
-        cd services/api-gateway
-        docker build -t api-gateway:security-scan .
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: api-gateway:security-scan
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'

.gitea/workflows/ci.yml

@@ -221,26 +221,3 @@ jobs:
     - name: Stop services
       if: always()
       run: docker-compose -f docker-compose.dev.yml down
-
-  # Security and Quality Gates
-  security-scan:
-    runs-on: [self-hosted]
-    needs: [api-gateway, service-adapters, api-docs, frontend]
-    
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        scan-type: 'fs'
-        scan-ref: '.'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'

.gitea/workflows/docker-build.yml

@@ -90,80 +90,3 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         cache-from: type=gha,scope=frontend
         cache-to: type=gha,mode=max,scope=frontend
-
-  security-scan:
-    runs-on: ubuntu-latest
-    needs: build-and-push
-    
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Extract metadata for security scan
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: |
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=semver,pattern={{major}}
-          type=sha,prefix={{branch}}-
-          type=raw,value=latest,enable={{is_default_branch}}
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: |
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway:${{ steps.meta.outputs.version }}
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters:${{ steps.meta.outputs.version }}
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs:${{ steps.meta.outputs.version }}
-          ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ steps.meta.outputs.version }}
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'
-
-  deploy-staging:
-    runs-on: ubuntu-latest
-    needs: [build-and-push, security-scan]
-    if: github.ref == 'refs/heads/develop'
-    
-    steps:
-    - name: Deploy to staging
-      run: |
-        echo "Deploying to staging environment..."
-        # Add your staging deployment commands here
-        # This could include:
-        # - Updating Kubernetes manifests
-        # - Running helm charts
-        # - Updating Docker Compose files
-        # - Running database migrations
-
-  deploy-production:
-    runs-on: ubuntu-latest
-    needs: [build-and-push, security-scan]
-    if: startsWith(github.ref, 'refs/tags/v')
-    
-    steps:
-    - name: Deploy to production
-      run: |
-        echo "Deploying to production environment..."
-        # Add your production deployment commands here
-        # This could include:
-        # - Updating Kubernetes manifests
-        # - Running helm charts
-        # - Updating Docker Compose files
-        # - Running database migrations
-        # - Health checks
-        # - Rollback procedures

.gitea/workflows/frontend.yml

@@ -151,34 +151,3 @@ jobs:
         configPath: './frontend/.lighthouserc.json'
         uploadArtifacts: true
         temporaryPublicStorage: true
-
-  security:
-    runs-on: [self-hosted]
-    needs: build
-    
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Set up Node.js 18
-      uses: actions/setup-node@v4
-      with:
-        node-version: '18'
-      
-    - name: Build Docker image for security scan
-      run: |
-        cd frontend
-        docker build -t frontend:security-scan .
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: frontend:security-scan
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'

.gitea/workflows/service-adapters.yml

@@ -128,34 +128,3 @@ jobs:
         
     - name: Build Docker image (test only)
       run: docker build -t service-adapters:test .
-
-  security:
-    runs-on: [self-hosted]
-    needs: build
-    
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      
-    - name: Set up Python 3.11
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.11'
-      
-    - name: Build Docker image for security scan
-      run: |
-        cd services/service-adapters
-        docker build -t service-adapters:security-scan .
-      
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: service-adapters:security-scan
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        
-    - name: Upload Trivy scan results
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'