Sprint 24 #38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Compact Connect - Web Frontend Deployment - Development | |
| name: ZAP-Scan-Test | |
| # Controls when the action will run. | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| ZapScan: | |
| # Runner OS | |
| runs-on: ubuntu-latest | |
| # Job needs id-token access to work with GitHub OIDC to AWS IAM Role | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." | |
| - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" | |
| - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." | |
| - run: echo "🖥️ The workflow is now ready to test your code on the runner." | |
| - name: Setup Node | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: '22.1.0' | |
| # Use any cached yarn dependencies (saves build time) | |
| - uses: actions/cache@v4 | |
| with: | |
| path: '**/node_modules' | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install JS dependencies | |
| run: yarn install --ignore-engines | |
| working-directory: 'owasp-zap/authenticator' | |
| - name: Authenticate ZAP User | |
| env: | |
| COGNITO_USER_POOL_ID: ${{ secrets.TEST_COGNITO_USER_POOL_ID_STAFF }} | |
| COGNITO_USER_POOL_CLIENT_ID: ${{ secrets.TEST_WEBROOT_COGNITO_CLIENT_ID_STAFF }} | |
| COGNITO_USERNAME: ${{ secrets.TEST_ZAP_USERNAME_STAFF }} | |
| COGNITO_PASSWORD: ${{ secrets.TEST_ZAP_PASSWORD_STAFF }} | |
| run: | | |
| token=$(node main.js | jq -r '.accessToken') | |
| [[ -z "$token" ]] && exit 1 | |
| echo "ZAP_AUTH_HEADER_VALUE=$token" >> "$GITHUB_ENV" | |
| working-directory: 'owasp-zap/authenticator' | |
| - name: ZAP Scan | |
| uses: zaproxy/[email protected] | |
| with: | |
| plan: 'owasp-zap/data/test-automation.yml' | |
| - name: Upload Report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ZAP Report | |
| path: report | |
| retention-days: 30 | |
| overwrite: true | |
| include-hidden-files: false |