Fix: Ensure SECURE_API_TOKEN is injected properly

higakikeita · higakikeita · commit f0a0b2918248 · 2025-07-16T13:35:20.000+09:00
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -23,18 +23,17 @@ jobs:
           docker build -t worker ./worker
           docker build -t result ./result
 
-      - name: Debug: Check if SECURE_API_TOKEN is available
+      - name: Set SECURE_API_TOKEN env and debug
         run: |
-          echo "Token Length: ${#SECURE_API_TOKEN}"
-          echo "Token Head: ${SECURE_API_TOKEN:0:5}"
+          export SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}"
+          echo "🔍 Token Length: ${#SECURE_API_TOKEN}"
+          echo "🔍 Token Head: ${SECURE_API_TOKEN:0:5}"
           if [ -z "$SECURE_API_TOKEN" ]; then
-            echo "SECURE_API_TOKEN is NOT set!"
+            echo "❌ SECURE_API_TOKEN is NOT set!"
             exit 1
           else
-            echo "SECURE_API_TOKEN is available."
+            echo "✅ SECURE_API_TOKEN is available."
           fi
-        env:
-          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
 
       - name: Run Sysdig Scan (voting-app)
         run: |
@@ -43,9 +42,10 @@ jobs:
             --user 0 \
             -v "$(pwd)/scan-logs:/home/nonroot/scan-logs" \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -e SECURE_API_TOKEN=${{ secrets.SECURE_API_TOKEN }} \
+            -e SECURE_API_TOKEN="${{ secrets.SECURE_API_TOKEN }}" \
             quay.io/sysdig/sysdig-cli-scanner:1.22.4 \
-              --apiurl $SYS_DIG_SECURE_URL \
+              --apiurl "$SYS_DIG_SECURE_URL" \
               --loglevel debug \
               --skiptlsverify \
               docker://voting-app
+
