Skip to content
Create and publish a package

Download directory changes #231

Sign in to view logs

Download directory changes

Download directory changes #231

Workflow file for this run

.github/workflows/zap-publish-image-rdb.yml at ca89aaf
name: Create and publish a package
on:
push:
branches:
- "release-**"
- "automated_tests"
env:
IMAGE_NAME: ooicgsn-roundabout
jobs:
# OWASP Dependency Check & ZAP Scan
depchecktest:
runs-on: ubuntu-latest
name: OWASP
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build RDB project
run: |
- name: OWASP Dependency Check
uses: dependency-check/Dependency-Check_Action@main
id: Depcheck
with:
project: "ooicgsn-roundabout"
path: "."
format: "HTML"
args: >
--failOnCVSS 7
--enableRetired
--enableExperimental
- name: Upload Test results
uses: actions/upload-artifact@master
with:
name: Dependency Check Report
path: ${{github.workspace}}/reports
- name: OWASP ZAP Scan
# Full scan runs spider and then performs attacks on target website
# uses: zaproxy/[email protected]
run: |
# Build and Run RDB
mv .envs.example .envs
docker compose -f docker-compose-testing.yml build
docker compose -f docker-compose-testing.yml up --detach
sh -c "until curl -Is http://localhost:8000; do echo 'waiting for http://localhost:8000'; sleep 10; done"
# Pull the OWASP ZAP Docker Image
docker pull zaproxy/zap-stable
# Run OWASP ZAP Scan
pwd
cp .github/zap/rdb.context .
ls
# Needed for Zap
chmod a+rw $(pwd)
docker run --network roundabout-network \
-v "/$(pwd):/zap/wrk/:rw" \
-t zaproxy/zap-stable zap-baseline.py -j \
-t http://django:8000 \
-I \
-d \
-r rdb-zap-baseline-scan.html \
-n rdb.context \
-U admin
# -t zaproxy/zap-stable zap-baseline.py -j \ no high alerts
# -t zaproxy/zap-stable zap-full-scan.py \ runs 6+ hrs and timesout, includes high alerts
# -t zaproxy/zap-weekly zap-full-scan.py -j \ runs for 6+ hours - times out
- name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: Zap Report
path: |
./rdb-zap-baseline-scan.html
- name: Stopping RDB application
run: docker compose --file docker-compose-testing.yml down
# RDB Automated Testing and Tagging
setup-build-publish:
name: RDB Setup, Build, and Publish
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Running Automated tests
run: |
# Build and run development version of Django
mv .envs.example .envs
docker compose -f docker-compose-testing.yml build
docker compose -f docker-compose-testing.yml up --detach
#sleep 60
sh -c "until curl -Is http://localhost:8000; do echo 'waiting for http://localhost:8000'; sleep 10; done"
# Run automated tests
docker compose -f docker-compose-testing.yml run tests ./RunAllTests-Chrome-Linux.bat
- name: Build, Tag & Push Production Image
if: contains(github.ref, 'release')
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
IMAGE_ID=ghcr.io/${{ github.repository }}
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
# Strip git ref prefix from branch
BRANCH=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "release-" prefix from version
VERSION=$(echo $BRANCH | sed -e 's/.*-//')
echo "IMAGE_ID:"
echo $IMAGE_ID
echo "VERSION:"
echo $VERSION
# Build Production Django Container
docker build -f compose/production/django/Dockerfile -t $IMAGE_ID .
docker image ls
docker tag $IMAGE_ID $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
- name: Stopping RDB application
run: docker compose --file docker-compose-testing.yml down