Added pipeline image scan

.gitea/workflows/image-scan.yaml

@@ -0,0 +1,30 @@
+name: Scan Image for CVEs
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+
+env: # global: unkritische, strukturgebende Variablen
+  TARGET_HOST: host.containers.internal
+  TARGET_USER: traefik
+  CONTAINER_NAME: localhost/valtrix-website
+
+jobs:
+  build_and_deploy:
+    runs-on: ubuntu-latest
+    env: # Job-spezifisch: Secrets und sensible Werte
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
+
+    steps:
+      - name: Build container on target host
+        shell: bash
+        run: |
+          ssh -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "
+            set -euo pipefail
+            export CONTAINER_NAME='$CONTAINER_NAME'
+            echo 'Start Trivy Scan: '\$CONTAINER_NAME '
+            trivy image \$CONTAINER_NAME:latest
+          "