Fix: Ensure SECURE_API_TOKEN is injected properly

higakikeita · higakikeita · commit 0c0c1742dde8 · 2025-07-16T12:35:41.000+09:00
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -10,58 +10,68 @@ jobs:
   image-scan:
     runs-on: ubuntu-latest
 
+    env:
+      SYS_DIG_SECURE_URL: https://app.au1.sysdig.com
+
     steps:
       - name: 🛎️ Checkout code
         uses: actions/checkout@v3
 
-      - name: 🏗️ Build Docker images
+      - name: 🐳 Build Docker images
         run: |
           docker build -t voting-app ./vote
           docker build -t worker ./worker
           docker build -t result ./result
 
-      - name: 🔍 Run Sysdig Scan (voting-app)
+      - name: 🔍 DEBUG: Check if SECURE_API_TOKEN is available
+        run: |
+          echo "🔍 Token Length: ${#SECURE_API_TOKEN}"
+          echo "🔍 Token Head: ${SECURE_API_TOKEN::5}"
+          if [ -z "$SECURE_API_TOKEN" ]; then
+            echo "❌ SECURE_API_TOKEN is NOT set!"
+            exit 1
+          else
+            echo "✅ SECURE_API_TOKEN is available."
+          fi
         env:
           SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
+
+      - name: 🔍 Run Sysdig Scan (voting-app)
         run: |
           docker run --rm \
             --platform linux/amd64 \
             --user 0 \
-            -e SECURE_API_TOKEN=$SECURE_API_TOKEN \
             -v /var/run/docker.sock:/var/run/docker.sock \
+            -e SECURE_API_TOKEN=${{ secrets.SECURE_API_TOKEN }} \
             quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
-              scan \
-              --apiurl https://app.au1.sysdig.com \
+              --apiurl $SYS_DIG_SECURE_URL \
               --skiptlsverify \
+              --loglevel debug \
               docker://voting-app
 
       - name: 🔍 Run Sysdig Scan (worker)
-        env:
-          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
         run: |
           docker run --rm \
             --platform linux/amd64 \
             --user 0 \
-            -e SECURE_API_TOKEN=$SECURE_API_TOKEN \
             -v /var/run/docker.sock:/var/run/docker.sock \
+            -e SECURE_API_TOKEN=${{ secrets.SECURE_API_TOKEN }} \
             quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
-              scan \
-              --apiurl https://app.au1.sysdig.com \
+              --apiurl $SYS_DIG_SECURE_URL \
               --skiptlsverify \
+              --loglevel debug \
               docker://worker
 
       - name: 🔍 Run Sysdig Scan (result)
-        env:
-          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
         run: |
           docker run --rm \
             --platform linux/amd64 \
             --user 0 \
-            -e SECURE_API_TOKEN=$SECURE_API_TOKEN \
             -v /var/run/docker.sock:/var/run/docker.sock \
+            -e SECURE_API_TOKEN=${{ secrets.SECURE_API_TOKEN }} \
             quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
-              scan \
-              --apiurl https://app.au1.sysdig.com \
+              --apiurl $SYS_DIG_SECURE_URL \
               --skiptlsverify \
+              --loglevel debug \
               docker://result
 
