Skip to content

Commit

Permalink
chore: debug testing
Browse files Browse the repository at this point in the history
  • Loading branch information
@JoshLarouche
JoshLarouche committed Sep 7, 2023
1 parent b854525 commit 90ee2e0
Show file tree
Hide file tree
Showing 7 changed files with 349 additions and 349 deletions.
142 changes: 71 additions & 71 deletions .github/workflows/build-push.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,72 +1,72 @@
name: docker-build-push
# name: docker-build-push

on:
workflow_call:
inputs:
IMAGE:
required: true
type: string
IMAGE_REGISTRY:
required: true
type: string
WORKDIR:
required: true
type: string
secrets:
IMAGE_REGISTRY_USER:
required: true
IMAGE_REGISTRY_PASSWORD:
required: true
jobs:
build:
name: Docker Build
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Inject slug/short variables
uses: rlespinasse/[email protected]
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.IMAGE_REGISTRY_USER }}
password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
- name: Build
working-directory: ${{ inputs.WORKDIR }}
run: >
docker buildx build
--platform=linux/amd64
-t ${{ inputs.IMAGE_REGISTRY }}/${{ inputs.IMAGE }}:${{ env.GITHUB_SHA_SHORT }}
--output=type=image,push=true
${GITHUB_WORKSPACE}/${{ inputs.WORKDIR }}
push:
name: Docker Push
needs: build
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Inject slug/short variables
uses: rlespinasse/[email protected]
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.IMAGE_REGISTRY_USER }}
password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
- name: Tag Push Latest
working-directory: ${{ inputs.WORKDIR }}
run: >
docker buildx build
--platform=linux/amd64
-t ${{ inputs.IMAGE }}:${{ env.GITHUB_SHA_SHORT }}
-t ${{ inputs.IMAGE }}:latest
--output=type=image,push=true
${GITHUB_WORKSPACE}/${{ inputs.WORKDIR }}
# on:
# workflow_call:
# inputs:
# IMAGE:
# required: true
# type: string
# IMAGE_REGISTRY:
# required: true
# type: string
# WORKDIR:
# required: true
# type: string
# secrets:
# IMAGE_REGISTRY_USER:
# required: true
# IMAGE_REGISTRY_PASSWORD:
# required: true
# jobs:
# build:
# name: Docker Build
# runs-on: ubuntu-latest
# timeout-minutes: 60
# steps:
# - name: Inject slug/short variables
# uses: rlespinasse/[email protected]
# - uses: actions/checkout@v2
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v1
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v1
# - name: Login to DockerHub
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.IMAGE_REGISTRY_USER }}
# password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
# - name: Build
# working-directory: ${{ inputs.WORKDIR }}
# run: >
# docker buildx build
# --platform=linux/amd64
# -t ${{ inputs.IMAGE_REGISTRY }}/${{ inputs.IMAGE }}:${{ env.GITHUB_SHA_SHORT }}
# --output=type=image,push=true
# ${GITHUB_WORKSPACE}/${{ inputs.WORKDIR }}
# push:
# name: Docker Push
# needs: build
# runs-on: ubuntu-latest
# timeout-minutes: 60
# steps:
# - name: Inject slug/short variables
# uses: rlespinasse/[email protected]
# - uses: actions/checkout@v2
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v1
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v1
# - name: Login to DockerHub
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.IMAGE_REGISTRY_USER }}
# password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
# - name: Tag Push Latest
# working-directory: ${{ inputs.WORKDIR }}
# run: >
# docker buildx build
# --platform=linux/amd64
# -t ${{ inputs.IMAGE }}:${{ env.GITHUB_SHA_SHORT }}
# -t ${{ inputs.IMAGE }}:latest
# --output=type=image,push=true
# ${GITHUB_WORKSPACE}/${{ inputs.WORKDIR }}
22 changes: 11 additions & 11 deletions .github/workflows/codeql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,18 @@
#
name: "CodeQL"

# on:
# push:
# branches: [main]
# pull_request:
# # The branches below must be a subset of the branches above
# branches: [main]
# schedule:
# - cron: "19 23 * * 5"

on:
workflow_dispatch:
workflow_call:
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
schedule:
- cron: "19 23 * * 5"

# on:
# workflow_dispatch:
# workflow_call:

jobs:
analyze:
Expand Down
186 changes: 93 additions & 93 deletions .github/workflows/owasp-zap-scan.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,93 +1,93 @@
name: owasp-scan
on:
workflow_call:
inputs:
ZAP_SCAN_TYPE:
required: true
type: string
ZAP_TARGET_URL:
required: true
type: string
ZAP_DURATION:
required: true
type: string
ZAP_MAX_DURATION:
required: true
type: string
ZAP_GCP_PUBLISH:
required: true
type: boolean
ZAP_GCP_PROJECT:
required: false
type: string
ZAP_GCP_BUCKET:
required: false
type: string
secrets:
GCP_SA_KEY:
required: false
jobs:
owasp-scan:
runs-on: ubuntu-latest
name: owasp-scan
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Set up Cloud SDK
if: ${{ inputs.ZAP_GCP_PUBLISH }}
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ inputs.ZAP_GCP_PROJECT }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: ZAP Base Scan
if: ${{ inputs.ZAP_SCAN_TYPE == 'base' }}
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'owasp/zap2docker-stable'
target: ${{ inputs.ZAP_TARGET_URL }}
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
issue_title: OWAP Baseline
- name: ZAP Full Scan
if: ${{ inputs.ZAP_SCAN_TYPE == 'full' }}
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'owasp/zap2docker-stable'
target: ${{ inputs.ZAP_TARGET_URL }}
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
- name: Create Artifact Directory
if: ${{ inputs.ZAP_GCP_PUBLISH }}
run: |
mkdir -p public/zap
- name: Publish Reports to Github
uses: actions/download-artifact@v2
with:
name: zap_scan
path: public/zap
- name: Rename Markdown
if: ${{ inputs.ZAP_GCP_PUBLISH }}
run: |
mv public/zap/report_md.md public/zap/README.md
- name: ZAP Results
uses: JamesIves/[email protected]
with:
branch: zap-scan
folder: public/zap
- name: GCP Publish Results URL
if: ${{ inputs.ZAP_GCP_PUBLISH }}
run: |
echo "$GCP_SA_KEY" > gcp-sa-key.json
gsutil mb gs://${{ inputs.ZAP_GCP_BUCKET }} || echo "Bucket already exists..."
gsutil cp public/zap/report_html.html gs://${{ inputs.ZAP_GCP_BUCKET }}
echo "URL expires in 10 minutes..."
gsutil signurl -d 10m gcp-sa-key.json gs://${{ inputs.ZAP_GCP_BUCKET }}/report_html.html
env:
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
# name: owasp-scan
# on:
# workflow_call:
# inputs:
# ZAP_SCAN_TYPE:
# required: true
# type: string
# ZAP_TARGET_URL:
# required: true
# type: string
# ZAP_DURATION:
# required: true
# type: string
# ZAP_MAX_DURATION:
# required: true
# type: string
# ZAP_GCP_PUBLISH:
# required: true
# type: boolean
# ZAP_GCP_PROJECT:
# required: false
# type: string
# ZAP_GCP_BUCKET:
# required: false
# type: string
# secrets:
# GCP_SA_KEY:
# required: false
# jobs:
# owasp-scan:
# runs-on: ubuntu-latest
# name: owasp-scan
# steps:
# - name: Checkout repository
# uses: actions/checkout@v2
# - name: Set up Python
# uses: actions/setup-python@v4
# with:
# python-version: '3.9'
# - name: Set up Cloud SDK
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# uses: google-github-actions/setup-gcloud@v1
# with:
# project_id: ${{ inputs.ZAP_GCP_PROJECT }}
# service_account_key: ${{ secrets.GCP_SA_KEY }}
# export_default_credentials: true
# - name: ZAP Base Scan
# if: ${{ inputs.ZAP_SCAN_TYPE == 'base' }}
# uses: zaproxy/[email protected]
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# docker_name: 'owasp/zap2docker-stable'
# target: ${{ inputs.ZAP_TARGET_URL }}
# rules_file_name: '.zap/rules.tsv'
# cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
# issue_title: OWAP Baseline
# - name: ZAP Full Scan
# if: ${{ inputs.ZAP_SCAN_TYPE == 'full' }}
# uses: zaproxy/[email protected]
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# docker_name: 'owasp/zap2docker-stable'
# target: ${{ inputs.ZAP_TARGET_URL }}
# rules_file_name: '.zap/rules.tsv'
# cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
# - name: Create Artifact Directory
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# mkdir -p public/zap
# - name: Publish Reports to Github
# uses: actions/download-artifact@v2
# with:
# name: zap_scan
# path: public/zap
# - name: Rename Markdown
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# mv public/zap/report_md.md public/zap/README.md
# - name: ZAP Results
# uses: JamesIves/[email protected]
# with:
# branch: zap-scan
# folder: public/zap
# - name: GCP Publish Results URL
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# echo "$GCP_SA_KEY" > gcp-sa-key.json
# gsutil mb gs://${{ inputs.ZAP_GCP_BUCKET }} || echo "Bucket already exists..."
# gsutil cp public/zap/report_html.html gs://${{ inputs.ZAP_GCP_BUCKET }}
# echo "URL expires in 10 minutes..."
# gsutil signurl -d 10m gcp-sa-key.json gs://${{ inputs.ZAP_GCP_BUCKET }}/report_html.html
# env:
# GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
Loading

0 comments on commit 90ee2e0

Please sign in to comment.