2022-07-16 06:29:19 -05:00
|
|
|
name: Pen Tests
|
|
|
|
|
|
|
|
on:
|
|
|
|
# Be careful when using the workflow_run trigger
|
2022-07-21 01:39:53 -05:00
|
|
|
# https://github.community/t/workflow-run-completed-event-triggered-by-failed-workflow/128001/7
|
2022-07-16 06:29:19 -05:00
|
|
|
workflow_run:
|
2023-08-02 21:17:14 -05:00
|
|
|
workflows: ["Release"]
|
2022-07-16 06:29:19 -05:00
|
|
|
branches:
|
|
|
|
- master
|
2023-08-02 21:17:14 -05:00
|
|
|
types:
|
2022-07-16 06:29:19 -05:00
|
|
|
- completed
|
|
|
|
|
|
|
|
concurrency:
|
2023-01-18 22:22:17 -05:00
|
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
2022-07-16 06:29:19 -05:00
|
|
|
cancel-in-progress: true
|
|
|
|
|
|
|
|
jobs:
|
2022-07-21 01:39:53 -05:00
|
|
|
zap-scan:
|
2022-07-16 06:29:19 -05:00
|
|
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
|
|
|
steps:
|
2023-08-02 21:17:14 -05:00
|
|
|
- name: Checkout repository
|
2023-09-05 03:13:24 -05:00
|
|
|
uses: actions/checkout@v4
|
2023-08-02 21:17:14 -05:00
|
|
|
|
2022-07-16 06:29:19 -05:00
|
|
|
- name: Docker Compose up
|
|
|
|
run: |
|
|
|
|
curl -fsSL https://raw.githubusercontent.com/logto-io/logto/HEAD/docker-compose.yml |\
|
2022-07-16 06:41:29 -05:00
|
|
|
TAG=edge docker compose -p logto -f - up -d
|
2022-07-16 06:29:19 -05:00
|
|
|
|
|
|
|
- name: Sleep for 30 seconds
|
|
|
|
run: sleep 30s
|
|
|
|
|
|
|
|
- name: ZAP Scan
|
2024-04-11 09:10:27 -05:00
|
|
|
uses: zaproxy/action-full-scan@v0.10.0
|
2022-07-16 06:29:19 -05:00
|
|
|
with:
|
|
|
|
target: http://localhost:3001
|
2023-08-02 21:17:14 -05:00
|
|
|
cmd_options: "-a"
|
2022-07-16 06:29:19 -05:00
|
|
|
fail_action: true
|
2023-01-03 02:40:21 -05:00
|
|
|
allow_issue_writing: false
|
2023-08-02 21:17:14 -05:00
|
|
|
rules_file_name: ".zap/rules.conf"
|
2023-01-03 02:40:21 -05:00
|
|
|
|
|
|
|
# TODO: send slack message on failure
|