From 0b20e38f1f73269ad51456e72079d1956da78f87 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Fri, 31 Oct 2025 14:52:59 +0100
Subject: [PATCH] Optimize workflows: use php-ci image for security-scan, fix
 production-deploy trigger

---
 .gitea/workflows/production-deploy.yml |  3 ++-
 .gitea/workflows/security-scan.yml     | 37 +++-----------------------
 2 files changed, 5 insertions(+), 35 deletions(-)

diff --git a/.gitea/workflows/production-deploy.yml b/.gitea/workflows/production-deploy.yml
index 85b4be3f..6f0b2e21 100644
--- a/.gitea/workflows/production-deploy.yml
+++ b/.gitea/workflows/production-deploy.yml
@@ -22,7 +22,8 @@ jobs:
   test:
     name: Run Tests & Quality Checks
     runs-on: ubuntu-latest
-    if: ${{ !inputs.skip_tests }}
+    # Note: if condition might not work with push events in Gitea
+    # For now, always run tests - we can add skip_tests logic later
     steps:
       - name: Checkout code
         run: |
diff --git a/.gitea/workflows/security-scan.yml b/.gitea/workflows/security-scan.yml
index e6e0ce81..3d3b0efd 100644
--- a/.gitea/workflows/security-scan.yml
+++ b/.gitea/workflows/security-scan.yml
@@ -13,7 +13,7 @@ on:
 jobs:
   security-audit:
     name: Composer Security Audit
-    runs-on: ubuntu-latest
+    runs-on: php-ci  # Uses pre-built PHP 8.5 CI image with Composer pre-installed
 
     steps:
       - name: Checkout code
@@ -42,35 +42,6 @@ jobs:
           
           cd /workspace/repo
 
-      - name: Setup PHP
-        run: |
-          # Add sury.org repository for PHP 8.x
-          apt-get update
-          apt-get install -y lsb-release ca-certificates apt-transport-https software-properties-common
-          curl -sSL https://packages.sury.org/php/apt.gpg | apt-key add -
-          echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
-          apt-get update
-          
-          # Install PHP 8.5 (matches composer.json requirement ^8.5 and Dockerfiles)
-          # Note: pcntl and sodium are built-in in PHP 8.5, no separate packages needed
-          apt-get install -y \
-            php8.5 \
-            php8.5-cli \
-            php8.5-dom \
-            php8.5-curl \
-            php8.5-xml \
-            php8.5-mbstring \
-            php8.5-zip \
-            php8.5-pdo \
-            php8.5-pdo-sqlite \
-            php8.5-bcmath \
-            php8.5-soap \
-            php8.5-intl \
-            php8.5-gd \
-            php8.5-exif \
-            php8.5-iconv \
-            composer
-
       - name: Validate composer.json and composer.lock
         run: |
           cd /workspace/repo
@@ -108,10 +79,8 @@ jobs:
         run: |
           cd /workspace/repo
           if [ -f audit-result.json ]; then
-            # Check if jq is available, install if not
-            if ! command -v jq &> /dev/null; then
-              apt-get update && apt-get install -y jq
-            fi
+            # jq is pre-installed in php-ci image
+            jq --version
 
             ADVISORIES=$(jq -r '.advisories | length' audit-result.json 2>/dev/null || echo "0")
             ABANDONED=$(jq -r '.abandoned | length' audit-result.json 2>/dev/null || echo "0")