Add the ability to manually launch the zap scanner (#691)
* Add zap scanning for DocumentServer * Set branch name as ref for manual trigger * Use master as default zap action branch * Move zap action to master branch * Fix token variable name * Small cosmetic fix * Modify zap action trigger condition Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/`
This commit is contained in:
parent
6fc2b27fcf
commit
276c5da9f5
1 changed files with 26 additions and 0 deletions
26
.github/workflows/4testing-build.yml
vendored
26
.github/workflows/4testing-build.yml
vendored
|
@ -101,6 +101,7 @@ jobs:
|
||||||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||||
|
|
||||||
- name: Build 4testing
|
- name: Build 4testing
|
||||||
|
id: build-ds
|
||||||
run: |
|
run: |
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
|
@ -145,4 +146,29 @@ jobs:
|
||||||
|
|
||||||
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
|
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
|
||||||
echo "DONE: Build success"
|
echo "DONE: Build success"
|
||||||
|
|
||||||
|
### Set output for Zap scanner
|
||||||
|
### NOTE: Output will be used only in release/hotfix branches
|
||||||
|
|
||||||
|
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
|
||||||
|
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
# Run scanner only when edition is community
|
||||||
|
# and branch hit release/ or hotfix/
|
||||||
|
- name: Trigger zap manualy
|
||||||
|
if: >-
|
||||||
|
matrix.edition == '' &&
|
||||||
|
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
|
||||||
|
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
|
||||||
|
env:
|
||||||
|
VERSION: ${{ steps.build-ds.outputs.version }}
|
||||||
|
BRANCH: ${{ steps.build-ds.outputs.branch }}
|
||||||
|
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
||||||
|
run: |
|
||||||
|
gh workflow run zap-ds.yaml \
|
||||||
|
--repo ${{ github.repository }} \
|
||||||
|
-f branch=${BRANCH} \
|
||||||
|
-f version=${VERSION}
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue