Add the ability to manually launch the zap scanner (#691)
* Add zap scanning for DocumentServer * Set branch name as ref for manual trigger * Use master as default zap action branch * Move zap action to master branch * Fix token variable name * Small cosmetic fix * Modify zap action trigger condition Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/`
This commit is contained in:
parent
6fc2b27fcf
commit
276c5da9f5
1 changed files with 26 additions and 0 deletions
26
.github/workflows/4testing-build.yml
vendored
26
.github/workflows/4testing-build.yml
vendored
|
@ -101,6 +101,7 @@ jobs:
|
|||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||
|
||||
- name: Build 4testing
|
||||
id: build-ds
|
||||
run: |
|
||||
set -eux
|
||||
|
||||
|
@ -145,4 +146,29 @@ jobs:
|
|||
|
||||
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
|
||||
echo "DONE: Build success"
|
||||
|
||||
### Set output for Zap scanner
|
||||
### NOTE: Output will be used only in release/hotfix branches
|
||||
|
||||
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
|
||||
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
|
||||
shell: bash
|
||||
|
||||
# Run scanner only when edition is community
|
||||
# and branch hit release/ or hotfix/
|
||||
- name: Trigger zap manualy
|
||||
if: >-
|
||||
matrix.edition == '' &&
|
||||
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
|
||||
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
|
||||
env:
|
||||
VERSION: ${{ steps.build-ds.outputs.version }}
|
||||
BRANCH: ${{ steps.build-ds.outputs.branch }}
|
||||
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
||||
run: |
|
||||
gh workflow run zap-ds.yaml \
|
||||
--repo ${{ github.repository }} \
|
||||
-f branch=${BRANCH} \
|
||||
-f version=${VERSION}
|
||||
shell: bash
|
||||
|
||||
|
|
Loading…
Reference in a new issue