Skip to content

Merge pull request #412 from communityconnectlabs/fix/multiple-params… #359

Merge pull request #412 from communityconnectlabs/fix/multiple-params…

Merge pull request #412 from communityconnectlabs/fix/multiple-params… #359

Workflow file for this run

name: OWASP ZAP Scanning
on:
push:
branches:
- 'feature/owasp-scanning'
- 'dev/*'
- 'release/*'
pull_request:
branches:
- 'dev/*'
- 'release/*'
jobs:
zap_scan:
name: Scan the WEB Application
runs-on: ubuntu-latest
env:
python_version: '3.9.x'
postgis_version: '3.1'
pg_version: '12'
redis_version: '5'
node_version: '10'
elastic_version: '7.10.1'
rpindexer_version: '6.4.0'
mailroom_version: '6.5.36'
DJANGO_SETTINGS_MODULE: temba.settings_ci
email_url: ${{secrets.MAIL_SERVER_ADDRESS}}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install PostgreSQL and PostGIS
uses: nyaruka/[email protected]
with:
postgresql version: ${{ env.pg_version }}
postgis version: ${{ env.postgis_version }}
postgresql db: temba
postgresql user: temba
postgresql password: temba
postgresql arguments: '--jit=off'
- name: Install Linux packages
run: |
sudo apt update
sudo apt install -y --no-install-recommends libgdal-dev gettext
- name: Install Python
uses: actions/setup-python@v1
with:
python-version: ${{ env.python_version }}
- name: Install Redis
uses: zhulik/[email protected]
with:
redis version: ${{ env.redis_version }}
- name: Install ElasticSearch
uses: nyaruka/elasticsearch-action@master
with:
elastic version: ${{ env.elastic_version }}
- name: Install Node
uses: actions/setup-node@v1
with:
node-version: ${{ env.node_version }}
- name: Initialize environment
run: |
python -m pip install -U pip poetry
poetry install
npm install
sudo npm install -g less
ln -s ${{ github.workspace }}/temba/settings.py.dev ${{ github.workspace }}/temba/settings.py
poetry run python manage.py migrate
- name: Run RP-Indexer
run: |
# fetch and extract rp-indexer
wget https://github.com/nyaruka/rp-indexer/releases/download/v${{ env.rpindexer_version }}/rp-indexer_${{ env.rpindexer_version }}_linux_amd64.tar.gz
tar -xvf rp-indexer_${{ env.rpindexer_version }}_linux_amd64.tar.gz rp-indexer
- name: Run Mailroom
run: |
# fetch, extract and start mailroom
wget https://github.com/rapidpro/mailroom/releases/download/v${{ env.mailroom_version }}/mailroom_${{ env.mailroom_version }}_linux_amd64.tar.gz
tar -xvf mailroom_${{ env.mailroom_version }}_linux_amd64.tar.gz mailroom
./mailroom -db=postgres://temba:temba@localhost:5432/temba?sslmode=disable -redis=redis://localhost:6379/10 -log-level=info > mailroom.log &
- name: Run RapidPro
run: |
poetry run python manage.py runserver > rapidpro.log &
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'http://127.0.0.1:8000'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'
allow_issue_writing: false
- name: Send mail
if: ${{ env.email_url }}
uses: dawidd6/action-send-mail@v3
with:
server_address: ${{secrets.MAIL_SERVER_ADDRESS}}
server_port: ${{secrets.MAIL_SERVER_PORT}}
username: ${{secrets.MAIL_USERNAME}}
password: ${{secrets.MAIL_PASSWORD}}
subject: Github OWASP Scanning Action job result
from: ${{secrets.MAIL_DEFAULT_FROM}}
to: ${{secrets.MAIL_SEND_OWASP_RESULT_TO}}
body: Scanning job of ${{github.repository}} completed successfully!
attachments: report_html.html