Add the ability to manually launch the zap scanner (#691)

* Add zap scanning for DocumentServer

* Set branch name as ref for manual trigger

* Use master as default zap action branch

* Move zap action to master branch

* Fix token variable name

* Small cosmetic fix

* Modify zap action trigger condition

Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/`
This commit is contained in:
Danil Titarenko 2023-12-19 11:45:12 +03:00 committed by GitHub
parent 6fc2b27fcf
commit 276c5da9f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -101,6 +101,7 @@ jobs:
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Build 4testing
id: build-ds
run: |
set -eux
@ -145,4 +146,29 @@ jobs:
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
echo "DONE: Build success"
### Set output for Zap scanner
### NOTE: Output will be used only in release/hotfix branches
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
shell: bash
# Run scanner only when edition is community
# and branch hit release/ or hotfix/
- name: Trigger zap manualy
if: >-
matrix.edition == '' &&
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
env:
VERSION: ${{ steps.build-ds.outputs.version }}
BRANCH: ${{ steps.build-ds.outputs.branch }}
GITHUB_TOKEN: ${{ secrets.TOKEN }}
run: |
gh workflow run zap-ds.yaml \
--repo ${{ github.repository }} \
-f branch=${BRANCH} \
-f version=${VERSION}
shell: bash