From 9ecc88a0eb62f02e85ca82451c5df8dc0a341b47 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Sat, 1 Nov 2025 21:34:40 +0100
Subject: [PATCH] ci: improve image tag handling and add staging to security
 scan

---
 .gitea/workflows/build-image.yml   | 6 +++++-
 .gitea/workflows/security-scan.yml | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/build-image.yml b/.gitea/workflows/build-image.yml
index d2055b75..1c9ca850 100644
--- a/.gitea/workflows/build-image.yml
+++ b/.gitea/workflows/build-image.yml
@@ -828,7 +828,11 @@ jobs:
           DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}"
           REGISTRY="${{ env.REGISTRY }}"
           IMAGE_NAME="${{ env.IMAGE_NAME }}"
-          IMAGE_TAG="latest"
+          IMAGE_TAG="${{ needs.build.outputs.image_tag || 'latest' }}"
+          
+          if [ -z "$IMAGE_TAG" ] || [ "$IMAGE_TAG" = "null" ]; then
+            IMAGE_TAG="latest"
+          fi
           
           FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}"
           STACK_PATH="~/deployment/stacks/staging"
diff --git a/.gitea/workflows/security-scan.yml b/.gitea/workflows/security-scan.yml
index 48440d3c..eef63157 100644
--- a/.gitea/workflows/security-scan.yml
+++ b/.gitea/workflows/security-scan.yml
@@ -2,9 +2,9 @@ name: Security Vulnerability Scan
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [ main, staging, develop ]
   pull_request:
-    branches: [ main, develop ]
+    branches: [ main, staging, develop ]
   schedule:
     # Daily security scan at 2 AM UTC
     - cron: '0 2 * * *'