diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml
index 85fc0a1..85b7aa5 100644
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@@ -12,18 +12,11 @@ env:
 jobs:
   lint:
     runs-on: self-hosted
-    container:
-      image: node:20-alpine  # oder node:20-slim
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-
-
-
       - name: Install dependencies
         run: npm ci
-
       - name: Run ESLint
         run: npm run lint
 
@@ -35,10 +28,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
+      - name: Install Node.js
+        run: |
+          apt-get update
+          apt-get install -y curl
+          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+          apt-get install -y nodejs
       - name: Install Sonar Scanner (npm)
         run: npm install -g sonarqube-scanner
       - name: SonarQube Scan
@@ -101,4 +96,63 @@ jobs:
       - name: Push image
         run: |
           docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"
+        run: |
 
+
+
+
+          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
+          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
+          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
+            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
+          fi
+          if [ -z "$PROJECT_KEY" ]; then
+            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
+            exit 1
+          fi
+          echo "Sonar project key: $PROJECT_KEY"
+          echo "Listing workspace:"
+          ls -la
+          echo "Sample files:"
+          find . -maxdepth 2 -type f | head -n 20
+          echo "Running local sonar-scanner..."
+          set -- \
+            -Dsonar.host.url="$HOST_URL" \
+            -Dsonar.token="$SONAR_TOKEN" \
+            -Dsonar.projectKey="$PROJECT_KEY" \
+            -Dsonar.sources=. \
+            -Dsonar.scm.disabled=true \
+            -Dsonar.projectBaseDir="$WORKDIR"
+
+          if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then
+            set -- "$@" -Dsonar.branch.name="$BRANCH_NAME"
+          else
+            echo "Branch analysis disabled (requires SonarQube Developer Edition)"
+          fi
+
+          sonar-scanner "$@"
+
+  docker:
+    needs: [lint, sonar]
+    runs-on: self-hosted
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to registry
+        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
+      - name: Build image
+        run: |
+
+          docker buildx build --load \
+            -t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" .
+
+
+      - name: Push image
+        run: |
+          docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"