feat: Add CI workflow and Trivy scanning capabilities

.github/workflows/cd.yaml

@@ -65,14 +65,14 @@ jobs:
           file: ./Dockerfile
           load: true
           platforms: linux/amd64
-          tags: kaiohz/unispace:unispace-landing-scan
+          tags: kaiohz/pickpro:unispace-landing-scan
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
       - name: Trivy Image Scan (report)
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "kaiohz/unispace:unispace-landing-scan"
+          image-ref: "kaiohz/pickpro:unispace-landing-scan"
           format: "table"
           severity: "CRITICAL,HIGH,MEDIUM"
           exit-code: "0"
@@ -81,7 +81,7 @@ jobs:
       - name: Trivy Image Scan (CRITICAL gate)
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "kaiohz/unispace:unispace-landing-scan"
+          image-ref: "kaiohz/pickpro:unispace-landing-scan"
           format: "table"
           severity: "CRITICAL"
           exit-code: "1"
@@ -95,8 +95,8 @@ jobs:
           push: true
           platforms: linux/amd64,linux/arm64
           tags: |
-            kaiohz/unispace:unispace-landing-${{ steps.sha.outputs.result }}
-            kaiohz/unispace:unispace-landing-latest
+            kaiohz/pickpro:unispace-landing-${{ steps.sha.outputs.result }}
+            kaiohz/pickpro:unispace-landing-latest
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -108,7 +108,7 @@ jobs:
         run: |
           DEPLOYMENT_FILE="flux-repo/dev/unispace/unispace-landing/deployment.yaml"
           if [ -f "$DEPLOYMENT_FILE" ]; then
-            sed -i 's|image: kaiohz/unispace:unispace-landing-.*|image: kaiohz/unispace:unispace-landing-${{ steps.sha.outputs.result }}|g' "$DEPLOYMENT_FILE"
+            sed -i 's|image: kaiohz/pickpro:unispace-landing-.*|image: kaiohz/pickpro:unispace-landing-${{ steps.sha.outputs.result }}|g' "$DEPLOYMENT_FILE"
           else
             echo "Error: Deployment file not found at $DEPLOYMENT_FILE"
             exit 1

.github/workflows/ci.yaml

@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  trivy:
+    name: Trivy FS Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Trivy FS Scan (report)
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          exit-code: '0'
+          trivy-config: trivy.yaml
+
+      - name: Trivy FS Scan (CRITICAL gate)
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          severity: 'CRITICAL'
+          exit-code: '1'
+          trivy-config: trivy.yaml

.trivyignore

@@ -0,0 +1,3 @@
+# .trivyignore - Known false positives and accepted risks
+# Format: CVE-YYYY-NNNNN
+# Add a comment above each entry explaining why it is ignored.

Makefile

@@ -0,0 +1,28 @@
+PROJECT_NAME := unispace-landing
+IMAGE_TAG := $(PROJECT_NAME):local-scan
+
+.PHONY: trivy-fs trivy-image trivy-fs-critical trivy-image-critical trivy-all trivy-help
+
+trivy-fs:
+	trivy fs --severity CRITICAL,HIGH,MEDIUM --exit-code 0 --format table .
+
+trivy-image:
+	docker build -t $(IMAGE_TAG) -f Dockerfile .
+	trivy image --severity CRITICAL,HIGH,MEDIUM --exit-code 0 --format table $(IMAGE_TAG)
+
+trivy-fs-critical:
+	trivy fs --severity CRITICAL --exit-code 1 --format table .
+
+trivy-image-critical:
+	docker build -t $(IMAGE_TAG) -f Dockerfile .
+	trivy image --severity CRITICAL --exit-code 1 --format table $(IMAGE_TAG)
+
+trivy-all: trivy-fs trivy-image
+
+trivy-help:
+	@echo "Available Trivy scanning targets:"
+	@echo "  make trivy-fs             - Scan filesystem dependencies (report only)"
+	@echo "  make trivy-image          - Build and scan Docker image (report only)"
+	@echo "  make trivy-fs-critical    - Scan filesystem - fail on CRITICAL"
+	@echo "  make trivy-image-critical - Build and scan image - fail on CRITICAL"
+	@echo "  make trivy-all            - Run both fs and image scans"

package.json

@@ -17,7 +17,7 @@
     "@astrojs/mdx": "4.3.12",
     "@astrojs/netlify": "6.6.3",
     "@astrojs/react": "4.4.2",
-    "@astrojs/rss": "4.0.14",
+    "@astrojs/rss": "4.0.17",
     "@astrojs/sitemap": "3.6.0",
     "@fontsource-variable/inter": "5.2.8",
     "@keystatic/astro": "5.0.6",
@@ -35,15 +35,15 @@
     "motion-on-scroll": "^1.0.0",
     "react": "19.2.0",
     "react-dom": "19.2.0",
-    "swiper": "12.0.3",
+    "swiper": "^12.1.2",
     "tailwind-merge": "3.4.0",
     "tailwind-variants": "3.2.2",
     "tailwindcss": "4.1.17",
     "tw-animate-css": "1.4.0"
   },
   "devDependencies": {
     "@eslint/js": "^9.36.0",
-    "@playform/compress": "0.2.0",
+    "@playform/compress": "^0.2.0",
     "eslint": "^9.36.0",
     "eslint-plugin-astro": "^1.3.1",
     "eslint-plugin-jsx-a11y": "^6.10.2",