schedule for trivy_scan_image.yml

.gitea/workflows/create_and_push_multiarch_container.yml

@@ -1,4 +1,5 @@
-name: release-tag
+name: build-image
+run-name: build and push Docker-Image
 
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -6,7 +7,7 @@ on:
       image_tag:
         description: 'Tag für das Docker-Image z.B. v1.0.0 (latest wird immer mit gebaut)'
         required: true
-        default: '1.0.1'
+        default: '1.1.0'
 
 env:
   image_name: 404_games
@@ -15,7 +16,7 @@ env:
 
 jobs:
   release-image:
-    runs-on: ubuntu-latest
+    runs-on: build-ubuntu-latest
 
     steps:
       - name: Checkout

.gitea/workflows/trivy_scan_image.yml

@@ -1,4 +1,5 @@
-name: release-tag
+name: trivy-scan-image
+run-name: Trivy - Scan Docker Image
 
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -7,9 +8,12 @@ on:
         description: 'Tag für das zu scannende Docker-Image z.B. latest'
         required: true
         default: 'latest'
+  schedule:
+    - cron: '15 1 * * 5'
 
 env:
   image_name: 404_games
+  image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
   registry: gitea.tebarius.duckdns.org
   user: tebarius
 
@@ -27,4 +31,4 @@ jobs:
           --scanners vuln,misconfig,secret \
           --severity HIGH,CRITICAL \
           --ignore-unfixed \
-          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}
+          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}

Dockerfile

@@ -1,5 +1,7 @@
-FROM nginx:stable-alpine-slim
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 LABEL authors="tebarius"
 LABEL description="nginx_with_404_and_502_games"
 
 COPY ./games /usr/share/nginx/html
+
+USER nginx

docker-compose.yml

@@ -0,0 +1,8 @@
+services:
+  404-dev:
+    image: nginxinc/nginx-unprivileged:stable-alpine-slim
+    volumes:
+      - ./games:/usr/share/nginx/html
+    restart: unless-stopped
+    ports:
+      - "8080:8080"