Added some extra comments, Github Actions V2 and changed env vars

This commit is contained in:
manuelbcd
2021-09-20 11:52:53 +02:00
parent 5e116cb9e8
commit 38d4e3bfd2
+17 -6
View File
@@ -20,24 +20,35 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: Build the Docker image
run: docker build . --file Dockerfile --tag ${{ github.head_ref }}:latest
# Tag image to be built
# Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag below
run: docker build . --file Dockerfile --tag ${{ github.repository }}:latest
- name: Sysdig Secure Inline Scan
id: scan
uses: sysdiglabs/scan-action@v3
with:
# Tag of the image to analyse
image-tag: "${{ github.head_ref }}:latest"
# Tag of the image to analyse.
# Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag above
image-tag: ${{ github.repository }}:latest
# API token for Sysdig Scanning auth
sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN}}
# Sysdig secure endpoint. Please read: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/
# US-East https://secure.sysdig.com
# US-West https://us2.app.sysdig.com
# EU https://eu1.app.sysdig.com
sysdig-secure-url: https://us2.app.sysdig.com
dockerfile-path: ./Dockerfile
input-type: docker-daemon
ignore-failed-scan: true
# Sysdig inline scanner requires privileged rights
run-as-user: root
- uses: github/codeql-action/upload-sarif@v1
#Upload SARIF file
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarifReport }
sarif_file: ${{ steps.scan.outputs.sarifReport }}