name: release-tag

on:
  workflow_dispatch: # Manuelles Auslösen des Workflows
    inputs:
      image_tag:
        description: 'Tag für das zu scannende Docker-Image z.B. latest'
        required: true
        default: 'latest'

env:
  image_name: 404_games
  registry: gitea.tebarius.duckdns.org
  user: tebarius

jobs:
  release-image:
    runs-on: ubuntu-latest
    container: aquasec/trivy:latest
    steps:
      - name: Scan image with trivy
        run: |
          trivy image --username ${{ env.user }} --password ${{ secrets.DOCKER_PULL_TOKEN }} --exit-code 1 \
          --scanners vuln,misconfig,secret \
          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}