|
1 | | -name: Sysdig Image Scan |
| 1 | +name: Voting App Build & Scan |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | push: |
5 | 5 | branches: |
6 | 6 | - main |
| 7 | + pull_request: |
7 | 8 | workflow_dispatch: |
8 | 9 |
|
9 | 10 | jobs: |
10 | | - image-scan: |
| 11 | + build-and-scan: |
11 | 12 | runs-on: ubuntu-latest |
12 | 13 |
|
13 | 14 | env: |
14 | 15 | SYS_DIG_SECURE_URL: https://app.au1.sysdig.com |
15 | 16 |
|
16 | 17 | steps: |
17 | | - - name: Checkout code |
| 18 | + - name: Checkout source |
18 | 19 | uses: actions/checkout@v3 |
19 | 20 |
|
20 | | - - name: Build Docker images |
| 21 | + - name: Set up Docker Buildx |
| 22 | + uses: docker/setup-buildx-action@v2 |
| 23 | + |
| 24 | + - name: Log in to DockerHub (optional) |
| 25 | + if: secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN |
| 26 | + uses: docker/login-action@v2 |
| 27 | + with: |
| 28 | + username: ${{ secrets.DOCKERHUB_USERNAME }} |
| 29 | + password: ${{ secrets.DOCKERHUB_TOKEN }} |
| 30 | + |
| 31 | + - name: Build Voting App images |
21 | 32 | run: | |
22 | 33 | docker build -t voting-app ./vote |
23 | 34 | docker build -t worker ./worker |
24 | 35 | docker build -t result ./result |
25 | 36 |
|
26 | | - - name: Debug |
| 37 | + - name: Scan image with Sysdig CLI Scanner |
27 | 38 | env: |
28 | 39 | SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }} |
29 | | - run: | |
30 | | - echo "🔍 Token Length: ${#SECURE_API_TOKEN}" |
31 | | - echo "🔍 Token Head: ${SECURE_API_TOKEN:0:5}" |
32 | | - if [ -z "$SECURE_API_TOKEN" ]; then |
33 | | - echo "❌ SECURE_API_TOKEN is NOT set!" |
34 | | - exit 1 |
35 | | - else |
36 | | - echo "✅ SECURE_API_TOKEN is available." |
37 | | - fi |
38 | | -
|
39 | | - - name: Run Sysdig Scan (voting-app) |
40 | 40 | run: | |
41 | 41 | docker run --rm \ |
42 | 42 | --platform linux/amd64 \ |
|
46 | 46 | -e SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}" \ |
47 | 47 | quay.io/sysdig/sysdig-cli-scanner:1.22.4 \ |
48 | 48 | --apiurl "$SYS_DIG_SECURE_URL" \ |
49 | | - --loglevel debug \ |
| 49 | + --loglevel info \ |
50 | 50 | --skiptlsverify \ |
51 | 51 | docker://voting-app |
52 | 52 |
|
0 commit comments