rework build, requirements and pipline

.gitea/workflows/create_and_push_multiarch_container.yml

@@ -1,12 +1,13 @@
-name: release-tag
+name: build-image
+run-name: build and push Docker-Image
 
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
     inputs:
       image_tag:
-        description: 'Tag für das Docker-Image (z.B. latest oder v1.0.0)'
+        description: '2. Tag für das Docker-Image (z.B. 1.0.0)'
         required: true
-        default: 'latest'
+        default: '0.3.0'
 
 env:
   image_name: doc_rudi
@@ -31,12 +32,6 @@ jobs:
           username: ${{ env.user }}
           password: ${{ secrets.DOCKER_PULL_TOKEN }}
 
-      - name: Get Meta
-        id: meta
-        run: |
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT                
-          echo DOCKERFILE_VERSION=$(grep 'LABEL version=' Dockerfile | sed 's/.*LABEL version="\([^"]*\)".*/\1/') >> $GITHUB_OUTPUT
-
       - name: Build and push
         run: |
           # Stelle sicher, dass Buildx aktiviert ist
@@ -46,7 +41,6 @@ jobs:
           docker buildx build \
             --file ./Dockerfile \
             --platform linux/amd64,linux/386,linux/arm64,linux/arm/v7 \
-            --tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ steps.meta.outputs.REPO_VERSION }} \
-            --tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ steps.meta.outputs.DOCKERFILE_VERSION }} \
+            --tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:latest \
             --tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }} \
             --push ./

.gitea/workflows/demo.yml

@@ -1,53 +0,0 @@
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
-#on: [push]
-on: workflow_dispatch
-
-jobs:
-  Explore-Gitea-Actions:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Ick kiek ma welchet Linux dat is
-        run: |
-          echo "Det is $(grep ^PRETTY_NAME= /etc/os-release | cut -d= -f2 | tr -d '"') watt ick jetze nutze."
-      - name: Print runner variables
-        run: |
-          echo "runner.name: ${{ runner.name }}"
-          echo "runner.os: ${{ runner.os }}"
-          echo "runner.arch: ${{ runner.arch }}"
-          echo "runner.temp: ${{ runner.temp }}"
-          echo "runner.tool_cache: ${{ runner.tool_cache }}"
-          echo "runner.environment: ${{ runner.environment }}"
-      - name: Anzeigen von GitHub-spezifischen Variablen
-        run: |
-          echo "GITHUB_REPOSITORY: $GITHUB_REPOSITORY"
-          echo "GITHUB_REPOSITORY_OWNER: $GITHUB_REPOSITORY_OWNER"
-          echo "GITHUB_REF: $GITHUB_REF"
-          echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
-          echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
-          echo "GITHUB_JOB: $GITHUB_JOB"
-          echo "GITHUB_SHA: $GITHUB_SHA"
-          echo "GITHUB_ACTOR: $GITHUB_ACTOR"
-          echo "GITHUB_WORKFLOW: $GITHUB_WORKFLOW"
-          echo "GITHUB_RUN_ID: $GITHUB_RUN_ID"
-          echo "GITHUB_RUN_NUMBER: $GITHUB_RUN_NUMBER"
-          echo "GITHUB_EVENT_NAME: $GITHUB_EVENT_NAME"
-          echo "GITHUB_EVENT_PATH: $GITHUB_EVENT_PATH"
-          echo "GITHUB_WORKSPACE: $GITHUB_WORKSPACE"
-          echo "GITHUB_ENV: $GITHUB_ENV"
-          echo "GITHUB_ACTION: $GITHUB_ACTION"
-          echo "GITHUB_ACTION_REPOSITORY: $GITHUB_ACTION_REPOSITORY"
-          echo "GITHUB_SERVER_URL: $GITHUB_SERVER_URL"
-          echo "GITHUB_API_URL: $GITHUB_API_URL"
-
-      - run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
-      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
-      - run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
-      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - name: List files in the repository
-        run: |
-          ls ${{ gitea.workspace }}
-      - run: echo "🍏 This job's status is ${{ job.status }}."

.gitea/workflows/trivy_image_scan.yml

@@ -0,0 +1,34 @@
+name: trivy-scan-image
+run-name: Trivy - Scan Docker Image
+
+on:
+  workflow_dispatch: # Manuelles Auslösen des Workflows
+    inputs:
+      image_tag:
+        description: 'Tag für das zu scannende Docker-Image z.B. latest'
+        required: true
+        default: 'latest'
+  schedule:
+    - cron: '15 2 * * 5'
+
+env:
+  image_name: doc_rudi
+  image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
+  registry_gitea: gitea.tebarius.duckdns.org
+  user: tebarius
+
+jobs:
+  trivy_image_scan:
+    runs-on: ubuntu-latest
+    container: aquasec/trivy:latest
+    steps:
+      - name: Scan image with trivy
+        run: |
+          trivy image \
+          --username ${{ env.user }} \
+          --password ${{ secrets.DOCKER_PULL_TOKEN }} \
+          --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          --severity HIGH,CRITICAL \
+          --ignore-unfixed \
+          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}