Feature: Unique triggers #355
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OWASP ZAP Scanning | |
on: | |
push: | |
branches: | |
- 'feature/owasp-scanning' | |
- 'dev/*' | |
- 'release/*' | |
pull_request: | |
branches: | |
- 'dev/*' | |
- 'release/*' | |
jobs: | |
zap_scan: | |
name: Scan the WEB Application | |
runs-on: ubuntu-latest | |
env: | |
python_version: '3.9.x' | |
postgis_version: '3.1' | |
pg_version: '12' | |
redis_version: '5' | |
node_version: '10' | |
elastic_version: '7.10.1' | |
rpindexer_version: '6.4.0' | |
mailroom_version: '6.5.36' | |
DJANGO_SETTINGS_MODULE: temba.settings_ci | |
email_url: ${{secrets.MAIL_SERVER_ADDRESS}} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Install PostgreSQL and PostGIS | |
uses: nyaruka/[email protected] | |
with: | |
postgresql version: ${{ env.pg_version }} | |
postgis version: ${{ env.postgis_version }} | |
postgresql db: temba | |
postgresql user: temba | |
postgresql password: temba | |
postgresql arguments: '--jit=off' | |
- name: Install Linux packages | |
run: | | |
sudo apt update | |
sudo apt install -y --no-install-recommends libgdal-dev gettext | |
- name: Install Python | |
uses: actions/setup-python@v1 | |
with: | |
python-version: ${{ env.python_version }} | |
- name: Install Redis | |
uses: zhulik/[email protected] | |
with: | |
redis version: ${{ env.redis_version }} | |
- name: Install ElasticSearch | |
uses: nyaruka/elasticsearch-action@master | |
with: | |
elastic version: ${{ env.elastic_version }} | |
- name: Install Node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ env.node_version }} | |
- name: Initialize environment | |
run: | | |
python -m pip install -U pip poetry | |
poetry install | |
npm install | |
sudo npm install -g less | |
ln -s ${{ github.workspace }}/temba/settings.py.dev ${{ github.workspace }}/temba/settings.py | |
poetry run python manage.py migrate | |
- name: Run RP-Indexer | |
run: | | |
# fetch and extract rp-indexer | |
wget https://github.com/nyaruka/rp-indexer/releases/download/v${{ env.rpindexer_version }}/rp-indexer_${{ env.rpindexer_version }}_linux_amd64.tar.gz | |
tar -xvf rp-indexer_${{ env.rpindexer_version }}_linux_amd64.tar.gz rp-indexer | |
- name: Run Mailroom | |
run: | | |
# fetch, extract and start mailroom | |
wget https://github.com/rapidpro/mailroom/releases/download/v${{ env.mailroom_version }}/mailroom_${{ env.mailroom_version }}_linux_amd64.tar.gz | |
tar -xvf mailroom_${{ env.mailroom_version }}_linux_amd64.tar.gz mailroom | |
./mailroom -db=postgres://temba:temba@localhost:5432/temba?sslmode=disable -redis=redis://localhost:6379/10 -log-level=info > mailroom.log & | |
- name: Run RapidPro | |
run: | | |
poetry run python manage.py runserver > rapidpro.log & | |
- name: ZAP Scan | |
uses: zaproxy/[email protected] | |
with: | |
target: 'http://127.0.0.1:8000' | |
rules_file_name: '.zap/rules.tsv' | |
cmd_options: '-a' | |
allow_issue_writing: false | |
- name: Send mail | |
if: ${{ env.email_url }} | |
uses: dawidd6/action-send-mail@v3 | |
with: | |
server_address: ${{secrets.MAIL_SERVER_ADDRESS}} | |
server_port: ${{secrets.MAIL_SERVER_PORT}} | |
username: ${{secrets.MAIL_USERNAME}} | |
password: ${{secrets.MAIL_PASSWORD}} | |
subject: Github OWASP Scanning Action job result | |
from: ${{secrets.MAIL_DEFAULT_FROM}} | |
to: ${{secrets.MAIL_SEND_OWASP_RESULT_TO}} | |
body: Scanning job of ${{github.repository}} completed successfully! | |
attachments: report_html.html |