From 276c5da9f5d0edeffeaca63a9e7dd4d810b92b74 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Tue, 19 Dec 2023 11:45:12 +0300 Subject: [PATCH] Add the ability to manually launch the zap scanner (#691) * Add zap scanning for DocumentServer * Set branch name as ref for manual trigger * Use master as default zap action branch * Move zap action to master branch * Fix token variable name * Small cosmetic fix * Modify zap action trigger condition Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/` --- .github/workflows/4testing-build.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml index 684f898..9f291ff 100644 --- a/.github/workflows/4testing-build.yml +++ b/.github/workflows/4testing-build.yml @@ -101,6 +101,7 @@ jobs: password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - name: Build 4testing + id: build-ds run: | set -eux @@ -145,4 +146,29 @@ jobs: docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push echo "DONE: Build success" + + ### Set output for Zap scanner + ### NOTE: Output will be used only in release/hotfix branches + + echo "version=${TAG}" >> "$GITHUB_OUTPUT" + echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT" shell: bash + + # Run scanner only when edition is community + # and branch hit release/ or hotfix/ + - name: Trigger zap manualy + if: >- + matrix.edition == '' && + (startsWith(steps.build-ds.outputs.branch, 'release/') || + startsWith(steps.build-ds.outputs.branch, 'hotfix/')) + env: + VERSION: ${{ steps.build-ds.outputs.version }} + BRANCH: ${{ steps.build-ds.outputs.branch }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + run: | + gh workflow run zap-ds.yaml \ + --repo ${{ github.repository }} \ + -f branch=${BRANCH} \ + -f version=${VERSION} + shell: bash +