feat: CI/CD

.github/workflows/ci.yaml

@@ -24,7 +24,7 @@ jobs:
       uses: actions/checkout@v5
 
     - name: Install Nix
-      uses: cachix/install-nix-action@v31.6.0
+      uses: cachix/install-nix-action@v31.5.2
       with:
         github_access_token: ${{ secrets.GITHUB_TOKEN }}
 
@@ -103,22 +103,3 @@ jobs:
       run: |
         echo "Built and pushed the following tags:"
         echo "${{ steps.determine-tags.outputs.tags }}"
-
-  security-scan:
-    runs-on: ubuntu-latest
-    needs: build-and-publish
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
-    steps:
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: '${{ env.IMAGE_NAME }}:${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' && 'develop' || github.event_name == 'pull_request' && format('pr{0}', github.event.number) || 'latest' }}'
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-      continue-on-error: true
-
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
-      if: always()
-      with:
-        sarif_file: 'trivy-results.sarif'