Pen Tests #3561
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pen Tests | |
on: | |
# Be careful when using the workflow_run trigger | |
# https://github.community/t/workflow-run-completed-event-triggered-by-failed-workflow/128001/7 | |
workflow_run: | |
workflows: ["Release"] | |
branches: | |
- master | |
types: | |
- completed | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
zap-scan: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Docker Compose up | |
run: | | |
curl -fsSL https://raw.githubusercontent.com/logto-io/logto/HEAD/docker-compose.yml |\ | |
TAG=edge docker compose -p logto -f - up -d | |
- name: Sleep for 30 seconds | |
run: sleep 30s | |
- name: ZAP Scan | |
uses: zaproxy/[email protected] | |
with: | |
target: http://localhost:3001 | |
cmd_options: "-a" | |
fail_action: true | |
allow_issue_writing: false | |
rules_file_name: ".zap/rules.conf" | |
# TODO: send slack message on failure |