@@ -10,40 +10,48 @@ jobs:
1010 image-scan :
1111 runs-on : ubuntu-latest
1212
13+ # 🧪 環境変数の注入(ここが非常に重要)
1314 env :
14- SYSDIG_SECURE_URL : https://app.au1.sysdig.com
15+ SECURE_API_TOKEN : ${{ secrets.SECURE_API_TOKEN }}
16+ SYS_DIG_SECURE_URL : https://app.au1.sysdig.com
1517
1618 steps :
17- - name : Checkout code
19+ - name : 🛎️ Checkout code
1820 uses : actions/checkout@v3
1921
20- - name : Build Docker images
22+ - name : 🏗️ Build Docker images
2123 run : |
2224 docker build -t voting-app ./vote
2325 docker build -t worker ./worker
2426 docker build -t result ./result
2527
26- name : Scan voting-app image with Sysdig CLI
28+ name : 🔍 Run Sysdig Scan ( voting-app)
2729 run : |
2830 docker run --rm \
2931 -v /var/run/docker.sock:/var/run/docker.sock \
30- -e SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}" \
3132 quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
32- scan --apiurl "${SYSDIG_SECURE_URL}" docker://voting-app
33+ scan \
34+ --apiurl $SYS_DIG_SECURE_URL \
35+ --token $SECURE_API_TOKEN \
36+ docker://voting-app
3337
34- name : Scan worker image with Sysdig CLI
38+ name : 🔍 Run Sysdig Scan (worker)
3539 run : |
3640 docker run --rm \
3741 -v /var/run/docker.sock:/var/run/docker.sock \
38- -e SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}" \
3942 quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
40- scan --apiurl "${SYSDIG_SECURE_URL}" docker://worker
43+ scan \
44+ --apiurl $SYS_DIG_SECURE_URL \
45+ --token $SECURE_API_TOKEN \
46+ docker://worker
4147
42- name : Scan result image with Sysdig CLI
48+ name : 🔍 Run Sysdig Scan (result)
4349 run : |
4450 docker run --rm \
4551 -v /var/run/docker.sock:/var/run/docker.sock \
46- -e SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}" \
4752 quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
48- scan --apiurl "${SYSDIG_SECURE_URL}" docker://result
53+ scan \
54+ --apiurl $SYS_DIG_SECURE_URL \
55+ --token $SECURE_API_TOKEN \
56+ docker://result
4957
0 commit comments