Add scanning DocSpace with zap (#66)
* Add scanning DocSpace with zap * Remove `set -e` cos it already have * Refactoring: Zap as separate action * Refactoring: remove useless output * Cosmetic changes * Remove zap and change repo name for manual run
This commit is contained in:
parent
8d7072bc00
commit
666b710ce6
22
.github/workflows/main-build.yml
vendored
22
.github/workflows/main-build.yml
vendored
@ -2,6 +2,11 @@ name: 4testing multiarch-build
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
zap:
|
||||
description: 'Run ZAP scanning after build?'
|
||||
type: boolean
|
||||
|
||||
repository_dispatch:
|
||||
types:
|
||||
- cron-trigger-action
|
||||
@ -46,6 +51,7 @@ jobs:
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Build 4testing
|
||||
id: build
|
||||
run: |
|
||||
cd .${DOCKER_PATH}
|
||||
if [ "${{ matrix.branch }}" = "develop" ]; then
|
||||
@ -58,4 +64,20 @@ jobs:
|
||||
--set *.args.GIT_BRANCH=${{ matrix.branch }} \
|
||||
--set *.platform=linux/amd64 \
|
||||
--push
|
||||
|
||||
echo "version=${DOCKER_TAG}" >> "$GITHUB_OUTPUT"
|
||||
shell: bash
|
||||
|
||||
- name: Run zap action if needed
|
||||
env:
|
||||
RUN_ZAP: ${{ github.event.inputs.zap || 'true' }}
|
||||
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
||||
VERSION: ${{ steps.build.outputs.version }}
|
||||
shell: bash
|
||||
run: |
|
||||
if [[ ${{ matrix.branch }} =~ release || ${{ matrix.branch }} =~ hotfix && ${RUN_ZAP} == true ]]; then
|
||||
gh workflow run zap-scan.yaml \
|
||||
--repo ONLYOFFICE/DocSpace \
|
||||
-f branch=${{ matrix.branch }} \
|
||||
-f version=${VERSION}
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user