mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
name: Pen Tests
|
|
|
|
on:
|
|
# Be careful when using the workflow_run trigger
|
|
# https://github.community/t/workflow-run-completed-event-triggered-by-failed-workflow/128001/7
|
|
workflow_run:
|
|
workflows: ["Release"]
|
|
branches:
|
|
- master
|
|
types:
|
|
- completed
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
zap-scan:
|
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Docker Compose up
|
|
run: |
|
|
curl -fsSL https://raw.githubusercontent.com/logto-io/logto/HEAD/docker-compose.yml |\
|
|
TAG=edge docker compose -p logto -f - up -d
|
|
|
|
- name: Sleep for 30 seconds
|
|
run: sleep 30s
|
|
|
|
- name: ZAP Scan
|
|
uses: zaproxy/action-full-scan@v0.10.0
|
|
with:
|
|
target: http://localhost:3001
|
|
cmd_options: "-a"
|
|
fail_action: true
|
|
allow_issue_writing: false
|
|
rules_file_name: ".zap/rules.conf"
|
|
|
|
# TODO: send slack message on failure
|