Fix: GHA and push

.github/workflows/build-scan-push.yml

@@ -11,6 +11,9 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
 
     steps:
       - name: Checkout code
@@ -45,11 +48,20 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Log in to Docker Hub
+        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Log into registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v4
         with:
@@ -61,7 +73,7 @@ jobs:
             ghcr.io/${{ github.repository_owner }}/docker-bitlbee:latest
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
 
       - name: Scan Docker Image for Vulnerabilities with Trivy
         uses: aquasecurity/trivy-action@master