Optimize Docker Security Scanning using matrix strategy

- Refactor Docker security scanning workflow to use matrix strategy for multiple images
- Remove duplicate build and scan steps for different Docker images
- Use dynamic service names and paths in workflow steps
- Remove ENV file containing SSH key

Author: killev

.github/workflows/code-quality.yml

@@ -45,51 +45,40 @@ jobs:
     name: Docker Security Scanning
     runs-on: ubuntu-latest
     needs: hadolint
+    strategy:
+      matrix:
+        service:
+          - name: n8n
+            dockerfile: Dockerfile.n8n
+            tag: n8n-test:latest
+          - name: temporal
+            dockerfile: Dockerfile.temporal
+            tag: temporal-test:latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build n8n image
+      - name: Build ${{ matrix.service.name }} image
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: Dockerfile.n8n
+          file: ${{ matrix.service.dockerfile }}
           push: false
-          tags: n8n-test:latest
+          tags: ${{ matrix.service.tag }}
           load: true
-      - name: Build temporal image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.temporal
-          push: false
-          tags: temporal-test:latest
-          load: true
-      - name: Scan n8n image
+      - name: Scan ${{ matrix.service.name }} image
         uses: docker/scout-action@v1
         with:
           command: cves
-          image: n8n-test:latest
-          sarif-file: n8n-scan.sarif
+          image: ${{ matrix.service.tag }}
+          sarif-file: ${{ matrix.service.name }}-scan.sarif
           github-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Scan temporal image
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: temporal-test:latest
-          sarif-file: temporal-scan.sarif
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Upload n8n scan results
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: n8n-scan.sarif
-          category: n8n
-      - name: Upload temporal scan results
+      - name: Upload ${{ matrix.service.name }} scan results
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: temporal-scan.sarif
-          category: temporal
+          sarif_file: ${{ matrix.service.name }}-scan.sarif
+          category: ${{ matrix.service.name }}
 
   service-check:
     name: Service Availability Check