updated the cli-scanner-url #4

Workflow file for this run

.github/workflows/build-scan.yaml at 972f90e

	name: Build & Scan with Sysdig (Docker Hub)

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	permissions:
	contents: read

	jobs:
	build-and-scan:
	runs-on: ubuntu-latest

	env:
	REGISTRY: docker.io
	REPO: ${{ secrets.REGISTRY_USER }}
	SYSDIG_SECURE_URL: ${{ secrets.SYSDIG_SECURE_URL }}
	SYSDIG_SECURE_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}

	steps:
	- name: Checkout source
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_TOKEN }}

	# --- Build Containers ---
	- name: Build vote image
	run: docker build -t $REGISTRY/$REPO/vote:latest ./vote

	- name: Build worker image
	run: docker build -t $REGISTRY/$REPO/worker:latest ./worker

	- name: Build result image
	run: docker build -t $REGISTRY/$REPO/result:latest ./result

	# --- Install Sysdig Scanner ---
	- name: Install Sysdig CLI Scanner
	run: \|
	curl -LO curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner"
	chmod +x sysdig-cli-scanner-linux-amd64
	sudo mv sysdig-cli-scanner-linux-amd64 /usr/local/bin/sysdig-cli-scanner
	sysdig-cli-scanner --version

	# --- Scan images ---
	- name: Scan vote image
	run: \|
	sysdig-cli-scanner --apiurl $SYSDIG_SECURE_URL --token $SYSDIG_SECURE_TOKEN $REGISTRY/$REPO/vote:latest

	- name: Scan worker image
	run: \|
	sysdig-cli-scanner --apiurl $SYSDIG_SECURE_URL --token $SYSDIG_SECURE_TOKEN $REGISTRY/$REPO/worker:latest

	- name: Scan result image
	run: \|
	sysdig-cli-scanner --apiurl $SYSDIG_SECURE_URL --token $SYSDIG_SECURE_TOKEN $REGISTRY/$REPO/result:latest

	# --- Optional: Push images to Docker Hub (only if scans passed) ---
	- name: Push vote image
	run: docker push $REGISTRY/$REPO/vote:latest

	- name: Push worker image
	run: docker push $REGISTRY/$REPO/worker:latest

	- name: Push result image
	run: docker push $REGISTRY/$REPO/result:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

updated the cli-scanner-url #4

Workflow file

updated the cli-scanner-url #4

Uh oh!

Jobs

Run details

Workflow file for this run