rework workflows

.gitea/workflows/create_and_push_multiarch_container.yml

@@ -1,4 +1,5 @@
-name: release-tag
+name: build-image
+run-name: build and push Docker-Image
 
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -18,7 +19,7 @@ env:
 
 jobs:
   release-image:
-    runs-on: ubuntu-latest
+    runs-on: build-ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.gitea/workflows/trivy_image_scan.yml

@@ -1,4 +1,5 @@
-name: release-tag
+name: trivy-scan-image
+run-name: Trivy - Scan Docker Image
 
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -7,9 +8,12 @@ on:
         description: 'Tag für das zu scannende Docker-Image z.B. latest'
         required: true
         default: 'latest'
+  schedule:
+    - cron: '30 1 * * 5'
 
 env:
   image_name_gitea: flask-qr
+  image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
   registry_gitea: gitea.tebarius.duckdns.org
   user: tebarius
 
@@ -21,8 +25,10 @@ jobs:
       - name: Scan image with trivy
         run: |
           trivy image \
+          --username ${{ env.user }} \
+          --password ${{ secrets.DOCKER_PULL_TOKEN }} \
           --exit-code 1 \
           --scanners vuln,misconfig,secret \
           --severity MEDIUM,HIGH,CRITICAL \
           --ignore-unfixed \
-          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ github.event.inputs.image_tag }}
+          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}