fix the runner label for security scan

Author: zodilib

.github/workflows/aqua-security.yaml

@@ -62,15 +62,10 @@ on:
         type: boolean
         default: false
         required: false
-      default_runner_override_label:
-        description: "Change this to 'self-hosted' or 'ubuntu-latest'"
-        type: string
-        default: "ubuntu-latest"
-        required: false
       runner_label:
         description: "Runner label to point to self hosted runners"
         type: string
-        default: "ubuntu-latest"
+        default: "platform-eng-ent-v2-dual"
         required: false
       scan_type:
         description: "Scan Type to be scanned"
@@ -95,7 +90,6 @@ on:
 jobs:
   trivy-scan:
     runs-on:
-    - ${{ inputs.default_runner_override_label }}
     - ${{ inputs.runner_label }}
     permissions:
       contents: read

.github/workflows/ubuntu-label-check.yaml

@@ -0,0 +1,23 @@
+name: Ubuntu Label Check
+on: [pull_request]
+
+permissions:
+    contents: read
+    pull-requests: write
+
+
+jobs:
+    ubuntu-label-check:
+        runs-on:
+        -  platform-eng-ent-v2-dual
+        continue-on-error: false
+        steps:
+        - name: 'Checkout Repository'
+          uses: actions/checkout@v2
+        - name: 'Check Ubuntu Label'
+          id: ubuntu-label-check
+          run: |
+            if {{ git grep -q 'ubuntu-latest' .github }}; then
+              echo "ubuntu-latest is not allowed in this repository"
+              exit 1
+            fi