fix(ci): correct Dockerfile path and skip SonarCloud when token missing

.github/workflows/sonarcloud.yml

@@ -21,12 +21,24 @@ jobs:
   analyze:
     runs-on: ubuntu-latest
     steps:
+      - name: Check for SONAR_TOKEN
+        id: check-secret
+        run: |
+          if [ -n "${{ secrets.SONAR_TOKEN }}" ]; then
+            echo "available=true" >> $GITHUB_OUTPUT
+          else
+            echo "available=false" >> $GITHUB_OUTPUT
+            echo "::warning::SONAR_TOKEN not configured - skipping SonarCloud scan"
+          fi
+
       - name: Checkout
+        if: steps.check-secret.outputs.available == 'true'
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: SonarCloud Scan
+        if: steps.check-secret.outputs.available == 'true'
         uses: SonarSource/sonarcloud-github-action@v2
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/trivy.yml

@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Build Docker image
-        run: docker build -t ghcr.io/cheir-mneme/aletheia:${{ github.sha }} .
+        run: docker build -t ghcr.io/cheir-mneme/aletheia:${{ github.sha }} -f docker/Dockerfile .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master