Skip to content

Add OWASP ZAP (Zed Attack Proxy) test #78

Add OWASP ZAP (Zed Attack Proxy) test

Add OWASP ZAP (Zed Attack Proxy) test #78

Workflow file for this run

name: Lint and test
on:
push:
branches:
- f24
pull_request:
branches:
- f24
workflow_call: # Usually called from deploy
defaults:
run:
shell: bash
permissions:
checks: write # for coverallsapp/github-action to create new checks
contents: read # for actions/checkout to fetch code
jobs:
test:
runs-on: ubuntu-latest
env:
TEST_ENV: 'production'
services:
redis:
image: 'redis:7.2.4'
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps port 6379 on service container to the host
- 6379:6379
steps:
- uses: actions/checkout@v4
- run: cp install/package.json package.json
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: 20
- name: NPM Install
uses: bahmutov/npm-install@v1
with:
useLockFile: false
- name: Setup for Redis
env:
SETUP: >-
{
"url": "http://127.0.0.1:4567/forum",
"secret": "abcdef",
"admin:username": "admin",
"admin:email": "[email protected]",
"admin:password": "hAN3Eg8W",
"admin:password:confirm": "hAN3Eg8W",
"database": "redis",
"redis:host": "127.0.0.1",
"redis:port": 6379,
"redis:password": "",
"redis:database": 0
}
CI: >-
{
"host": "127.0.0.1",
"database": 1,
"port": 6379
}
run: |
node app --setup="${SETUP}" --ci="${CI}"
- name: Run OWASP ZAP Docker Scan
run: |
docker run -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t http://localhost:4567 -r zap_report.html -a
env:
TARGET: 'http://localhost:4567'
- name: Run ESLint
run: npm run lint
- name: Node tests
run: npm test
- name: Extract coverage info
run: npm run coverage
- name: Test coverage
uses: coverallsapp/github-action@v2