Add scanning DocSpace with zap (#66)

* Add scanning DocSpace with zap

* Remove `set -e` cos it already have

* Refactoring: Zap as separate action

* Refactoring: remove useless output

* Cosmetic changes

* Remove zap and change repo name for manual run

.github/workflows/main-build.yml

@@ -2,6 +2,11 @@ name: 4testing multiarch-build
 
 on:
   workflow_dispatch:
+    inputs:
+      zap:
+        description: 'Run ZAP scanning after build?'
+        type: boolean
+
   repository_dispatch:
     types:
       - cron-trigger-action
@@ -46,6 +51,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
           
       - name: Build 4testing
+        id: build
         run: |
           cd .${DOCKER_PATH}
           if [ "${{ matrix.branch }}" = "develop" ]; then
@@ -58,4 +64,20 @@ jobs:
           --set *.args.GIT_BRANCH=${{ matrix.branch }} \
           --set *.platform=linux/amd64 \
           --push
+
+          echo "version=${DOCKER_TAG}" >> "$GITHUB_OUTPUT"
         shell: bash
+
+      - name: Run zap action if needed
+        env:
+          RUN_ZAP: ${{ github.event.inputs.zap || 'true' }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+          VERSION: ${{ steps.build.outputs.version }}
+        shell: bash
+        run: |
+           if [[ ${{ matrix.branch }} =~ release || ${{ matrix.branch }} =~ hotfix && ${RUN_ZAP} == true ]]; then
+              gh workflow run zap-scan.yaml \
+                 --repo ONLYOFFICE/DocSpace \
+                 -f branch=${{ matrix.branch }} \
+                 -f version=${VERSION}
+           fi