fix: add REUSE metadata

.github/workflows/weekly_vuln_scan.yml

@@ -1,10 +1,18 @@
+# SPDX-FileCopyrightText: 2024 PNED G.I.E.
+#
+# SPDX-License-Identifier: Apache-2.0
+
 name: Scan Latest Two Semantically Versioned Docker Image Tags with ORT
 
 on:
   schedule:
     - cron: "0 14 * * 1" # Every Monday at 14:00 UTC
   workflow_dispatch:
 
+env:
+  IMAGE_NAME: ghcr.io/genomicdatainfrastructure/gdi-userportal-frontend
+  LATEST_PATCHES: ""
+
 jobs:
   fetch-and-scan:
     runs-on: ubuntu-latest
@@ -19,8 +27,7 @@ jobs:
 
       - name: List Docker Image Tags and Fetch Latest Two
         run: |
-          IMAGE="ghcr.io/genomicdatainfrastructure/gdi-userportal-frontend"
-          TAGS=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://ghcr.io/v2/${IMAGE}/tags/list" | jq -r '.tags[]' | sort -Vr)
+          TAGS=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://ghcr.io/v2/${IMAGE_NAME}/tags/list" | jq -r '.tags[]' | sort -Vr)
           echo "Tags fetched: $TAGS"
           # Filtering for the last patch of each of the latest two minor versions
           LATEST_PATCHES=$(echo $TAGS | tr ' ' '\n' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -Vr | awk -F '.' '{key=$1"."$2; if(!a[key] || $3 > a[key]) {a[key]=$0}} END {for (i in a) print a[i]}' | head -n 2)
@@ -32,7 +39,7 @@ jobs:
           IFS=' ' read -ra TAGS <<< "${{ env.LATEST_PATCHES }}"
           for TAG in "${TAGS[@]}"
           do
-            IMAGE_TAG="ghcr.io/genomicdatainfrastructure/gdi-userportal-frontend:$TAG"
+            IMAGE_TAG="$IMAGE_NAME:$TAG"
             echo "Pulling and scanning $IMAGE_TAG"
             docker pull $IMAGE_TAG
             docker run --rm aquasec/trivy:latest image --severity CRITICAL,HIGH --exit-code 1 "$IMAGE_TAG"