Remove CVE-check workflow; add separate lint workflows for frontend and backend

.gitea/workflows/cve-check.yml

@@ -1,118 +0,0 @@
-
-name: CVE Security Check - Trivy + OWASP
-
-on:
-  schedule:
-    - cron: '0 2 * * *'
-  push:
-    paths:
-      - 'package.json'
-      - 'pnpm-lock.yaml'
-      - '.gitea/workflows/cve-check.yml'
-  pull_request:
-    paths:
-      - 'package.json'
-      - 'pnpm-lock.yaml'
-
-jobs:
-  trivy-scan:
-    name: Trivy Vulnerability Scan
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          scan-ref: '.'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'HIGH,CRITICAL'
-
-      - name: Display Trivy results
-        run: |
-          echo "## 🔍 Trivy Scan Results" >> $GITHUB_STEP_SUMMARY
-          if [ -f trivy-results.sarif ]; then
-            echo "✅ Scan complété" >> $GITHUB_STEP_SUMMARY
-          fi
-
-      - name: Upload Trivy SARIF to artifact
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: trivy-results
-          path: trivy-results.sarif
-
-  owasp-dependency-check:
-    name: OWASP Dependency-Check
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Run OWASP Dependency-Check
-        uses: dependency-check/Dependency-Check_Action@main
-        with:
-          project: 'memegoat'
-          path: '.'
-          format: 'JSON'
-          args: >
-            --enableExperimental
-            --suppression ./dependency-check-suppressions.xml
-
-      - name: Generate OWASP HTML Report
-        run: |
-          if [ -d "reports" ]; then
-            echo "📊 Rapport OWASP généré"
-          fi
-
-      - name: Upload OWASP reports
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: dependency-check-reports
-          path: reports/
-
-      - name: Parse OWASP results
-        run: |
-          if [ -f reports/dependency-check-report.json ]; then
-            echo "## 📋 OWASP Dependency-Check Results" >> $GITHUB_STEP_SUMMARY
-            CRITICAL=$(jq '[.reportSchema.vulnerabilities[] | select(.severity=="CRITICAL")] | length' reports/dependency-check-report.json || echo 0)
-            HIGH=$(jq '[.reportSchema.vulnerabilities[] | select(.severity=="HIGH")] | length' reports/dependency-check-report.json || echo 0)
-            MEDIUM=$(jq '[.reportSchema.vulnerabilities[] | select(.severity=="MEDIUM")] | length' reports/dependency-check-report.json || echo 0)
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "| Severity | Count |" >> $GITHUB_STEP_SUMMARY
-            echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
-            echo "| 🔴 CRITICAL | $CRITICAL |" >> $GITHUB_STEP_SUMMARY
-            echo "| 🟠 HIGH | $HIGH |" >> $GITHUB_STEP_SUMMARY
-            echo "| 🟡 MEDIUM | $MEDIUM |" >> $GITHUB_STEP_SUMMARY
-          
-            if [ "$CRITICAL" -gt 0 ]; then
-              echo "" >> $GITHUB_STEP_SUMMARY
-              echo "⚠️ **Vulnérabilités CRITICAL détectées !**" >> $GITHUB_STEP_SUMMARY
-              exit 1
-            fi
-          fi
-
-  security-summary:
-    name: Security Summary
-    runs-on: ubuntu-latest
-    needs: [trivy-scan, owasp-dependency-check]
-    if: always()
-    steps:
-      - uses: actions/download-artifact@v3
-
-      - name: Generate final report
-        run: |
-          echo "## 🔐 Security Audit Complete" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "✅ Trivy scan - Completed" >> $GITHUB_STEP_SUMMARY
-          echo "✅ OWASP Dependency-Check - Completed" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "📁 [Télécharger les rapports détaillés](artifacts)" >> $GITHUB_STEP_SUMMARY
-
-      - name: Fail if critical vulnerabilities found
-        if: failure()
-        run: |
-          echo "🚨 Des vulnérabilités CRITICAL ont été détectées"
-          exit 1

.gitea/workflows/lint-backend.yml

@@ -0,0 +1,25 @@
+name: Backend Lint
+on:
+  push:
+    paths:
+      - 'backend/**'
+  pull_request:
+    paths:
+      - 'backend/**'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+      - name: Install dependencies
+        run: pnpm install
+      - name: Run lint
+        run: pnpm -F @memegoat/backend lint

.gitea/workflows/lint-frontend.yml

@@ -0,0 +1,25 @@
+name: Frontend Lint
+on:
+  push:
+    paths:
+      - 'frontend/**'
+  pull_request:
+    paths:
+      - 'frontend/**'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'pnpm'
+      - name: Install dependencies
+        run: pnpm install
+      - name: Run lint
+        run: pnpm -F @memegoat/frontend lint