From 6f18695a5b5319b2007da8836c25a74d25bfc263 Mon Sep 17 00:00:00 2001 From: Francesco Bartoli Date: Mon, 26 Feb 2024 12:14:49 +0000 Subject: [PATCH] Split validation steps for openapi Split validation steps for openapi Split validation steps for openapi Split validation steps for openapi --- .github/workflows/openapi.yml | 48 +++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml index f45a708..874278c 100644 --- a/.github/workflows/openapi.yml +++ b/.github/workflows/openapi.yml @@ -5,9 +5,10 @@ on: - pull_request jobs: - build: - name: Run Spectral + spectral-oas: + name: Lint and validate OpenAPI document for pygeoapi configuration runs-on: ubuntu-latest + needs: build steps: # Check out the repository - name: Check out the repository @@ -32,25 +33,52 @@ jobs: run: | poetry install poetry run fastgeoapi openapi - # Create OAS3 ruleset - name: Create OAS 3 run: | echo 'extends: ["spectral:oas"]' > .spectral.oas3.yaml - # Create OWASP API Security 10 ruleset - - name: Create OWASP API Security 10 - run: | - npm install -g @stoplight/spectral-owasp-ruleset@latest - echo 'extends: ["https://unpkg.com/@stoplight/spectral-owasp-ruleset/dist/ruleset.mjs"]' > .spectral.owasp-top-10.yaml - - # Run Spectral for OWASP Top 10 + # Run Spectral for OAS3 - name: Run Spectral for OAS3 uses: stoplightio/spectral-action@latest with: file_glob: "pygeoapi-openapi.json" spectral_ruleset: ".spectral.oas3.yaml" + spectral-owasp: + name: Validate OpenAPI document against OWASP Top 10 API security rules + runs-on: ubuntu-latest + needs: build + steps: + # Check out the repository + - name: Check out the repository + uses: actions/checkout@v4.1.1 + + - name: Set up Python 3.10 + uses: actions/setup-python@v5.0.0 + with: + python-version: "3.10" + + - name: Upgrade pip + run: | + pip install --constraint=.github/workflows/constraints.txt pip + pip --version + + - name: Install Poetry + run: | + pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry + poetry --version + + - name: Install fastgeoapi CLI + run: | + poetry install + poetry run fastgeoapi openapi + # Create OWASP API Security 10 ruleset + - name: Create OWASP API Security 10 + run: | + npm install -g @stoplight/spectral-owasp-ruleset@latest + echo 'extends: ["https://unpkg.com/@stoplight/spectral-owasp-ruleset/dist/ruleset.mjs"]' > .spectral.owasp-top-10.yaml + # Run Spectral for OWASP Top 10 - name: Run Spectral for OWASP top 10 uses: stoplightio/spectral-action@latest