-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #96 from mercedes-benz/features/merge_main_to_develop
chore: merge main to develop
- Loading branch information
Showing
45 changed files
with
1,264 additions
and
739 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
# Disabled until is is runnable on github | ||
|
||
## /******************************************************************************** | ||
## * Copyright (c) 2023 Contributors to the Eclipse Foundation | ||
## * | ||
## * See the NOTICE file(s) distributed with this work for additional | ||
## * information regarding copyright ownership. | ||
## * | ||
## * This program and the accompanying materials are made available under the | ||
## * terms of the Apache License, Version 2.0 which is available at | ||
## * https://www.apache.org/licenses/LICENSE-2.0. | ||
## * | ||
## * Unless required by applicable law or agreed to in writing, software | ||
## * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
## * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
## * License for the specific language governing permissions and limitations | ||
## * under the License. | ||
## * | ||
## * SPDX-License-Identifier: Apache-2.0 | ||
## ********************************************************************************/ | ||
# | ||
#name: Test application (test + coverage) | ||
# | ||
#on: | ||
# workflow_dispatch: | ||
# pull_request: | ||
# paths: | ||
# - 'src/**' | ||
# | ||
#permissions: | ||
# id-token: write | ||
# statuses: write | ||
# checks: write | ||
# # may also be read | ||
# contents: write | ||
# pull-requests: write | ||
# actions: write | ||
# | ||
#jobs: | ||
# test-app: | ||
# runs-on: ubuntu-latest | ||
# | ||
# steps: | ||
# - name: Checkout | ||
# uses: actions/checkout@v3 | ||
# with: | ||
# fetch-depth: 0 | ||
# | ||
# - name: Set up Java 17 | ||
# uses: actions/setup-java@v3 | ||
# with: | ||
# distribution: 'temurin' | ||
# java-version: '17' | ||
# | ||
# - name: Setup .NET Core # Required to execute ReportGenerator | ||
# uses: actions/setup-dotnet@v3 | ||
# if: success() || failure() | ||
# with: | ||
# dotnet-version: 6.x | ||
# dotnet-quality: 'ga' | ||
# | ||
# - name: Test app | ||
# run: ORG_GRADLE_PROJECT_githubToken=${{ secrets.GITHUB_TOKEN }} ./gradlew test | ||
# | ||
# - name: Get coverage | ||
# if: success() || failure() | ||
# run: ORG_GRADLE_PROJECT_githubToken=${{ secrets.GITHUB_TOKEN }} ./gradlew jacocoTestReport | ||
# | ||
# - name: Generate test report | ||
# uses: dorny/test-reporter@v1.6.0 | ||
# if: success() || failure() | ||
# with: | ||
# name: Test results | ||
# path: 'build/test-results/test/*.xml' | ||
# reporter: java-junit | ||
# fail-on-error: false | ||
# | ||
# - name: Generate code coverage report | ||
# uses: danielpalme/ReportGenerator-GitHub-Action@5.1.25 | ||
# if: success() || failure() | ||
# with: | ||
# reports: build/reports/xml/jacoco | ||
# targetdir: coveragereport | ||
# reporttypes: MarkdownSummaryGithub | ||
# sourcedirs: src/main/java | ||
# title: 'Code Coverage' | ||
# | ||
# - name: Publish code coverage report as job summary | ||
# if: success() || failure() | ||
# run: cat coveragereport/SummaryGithub.md >> $GITHUB_STEP_SUMMARY | ||
# | ||
# - name: Publish code coverage report as PR comment | ||
# uses: madrapps/jacoco-report@v1.6.1 | ||
# if: github.event_name == 'pull_request' && (success() || failure()) | ||
# with: | ||
# paths: | | ||
# ${{ github.workspace }}/build/reports/xml/jacoco | ||
# token: ${{ secrets.GITHUB_TOKEN }} | ||
# min-coverage-overall: 80 | ||
# min-coverage-changed-files: 80 | ||
# title: Coverage Report |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
# /******************************************************************************** | ||
# * Copyright (c) 2023 Contributors to the Eclipse Foundation | ||
# * | ||
# * See the NOTICE file(s) distributed with this work for additional | ||
# * information regarding copyright ownership. | ||
# * | ||
# * This program and the accompanying materials are made available under the | ||
# * terms of the Apache License, Version 2.0 which is available at | ||
# * https://www.apache.org/licenses/LICENSE-2.0. | ||
# * | ||
# * Unless required by applicable law or agreed to in writing, software | ||
# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# * License for the specific language governing permissions and limitations | ||
# * under the License. | ||
# * | ||
# * SPDX-License-Identifier: Apache-2.0 | ||
# ********************************************************************************/ | ||
|
||
name: DAST scan (OWASP ZAP) | ||
|
||
on: | ||
workflow_dispatch: | ||
pull_request: | ||
paths: | ||
- 'src/main/**' | ||
push: | ||
paths: | ||
- 'src/main/**' | ||
|
||
jobs: | ||
dast-scan: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Set up Helm | ||
uses: azure/setup-helm@v3 | ||
with: | ||
version: v3.12.3 | ||
|
||
- name: Set up Taskfile | ||
uses: arduino/setup-task@v1 | ||
|
||
- uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'temurin' | ||
java-version: '17' | ||
|
||
- name: Add bitnami repo | ||
run: | | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo update | ||
- name: Update Helm dependencies | ||
run: | | ||
cd charts/managed-identity-wallet | ||
helm dependency build | ||
- name: Build app | ||
run: SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} task app:build | ||
|
||
- name: Kubernetes KinD Cluster | ||
uses: container-tools/kind-action@v2 | ||
with: | ||
node_image: 'kindest/node:v1.27.3' | ||
version: v0.20.0 | ||
|
||
- name: Build image | ||
uses: docker/build-push-action@v4 | ||
with: | ||
context: . | ||
push: true | ||
tags: kind-registry:5000/miw:testing | ||
|
||
- name: Install the chart on KinD cluster | ||
run: helm install -n apps --create-namespace --wait --set image.tag=testing --set=image.repository=kind-registry:5000/miw testing charts/managed-identity-wallet | ||
|
||
- name: Configure port forward to app in KinD | ||
run: | | ||
echo "Getting Agent IP..." | ||
IP_ADDR=$(hostname -i) | ||
echo "-> IP: $IP_ADDR" | ||
echo "IP_ADDR=$IP_ADDR" >> $GITHUB_ENV | ||
POD_NAME=$(kubectl get pods --namespace apps -l "app.kubernetes.io/name=managed-identity-wallet,app.kubernetes.io/instance=testing" -o jsonpath="{.items[0].metadata.name}") | ||
CONTAINER_PORT=$(kubectl get pod --namespace apps $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") | ||
echo "Port-forwarding 0.0.0.0:8080 to $POD_NAME:$CONTAINER_PORT..." | ||
kubectl --namespace apps port-forward $POD_NAME 8080:$CONTAINER_PORT --address 0.0.0.0 & | ||
# Sleep for 4 seconds to ensure, that the port-forward is established | ||
- name: Sleep for 4s | ||
uses: juliangruber/sleep-action@v1 | ||
with: | ||
time: 4s | ||
|
||
- name: Generating report skeletons | ||
if: success() || failure() | ||
run: | | ||
touch report_md.md report_html.html | ||
chmod a+w report_md.md report_html.html | ||
ls -lrt | ||
- name: Run ZAP scan | ||
run: | | ||
set +e | ||
echo "Pulling ZAP image..." | ||
docker pull ghcr.io/zaproxy/zaproxy:stable -q | ||
echo "Starting ZAP Docker container..." | ||
docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://$IP_ADDR:8080/docs/api-docs/docs -f openapi -w report_md.md -r report_html.html -T 1 | ||
echo "... done." | ||
- name: Add Summary | ||
if: success() || failure() | ||
run: | | ||
echo "Publishing Job summary... " | ||
cat report_md.md >> $GITHUB_STEP_SUMMARY | ||
- name: Upload HTML report | ||
if: success() || failure() | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: ZAP scan report | ||
path: ./report_html.html |
Oops, something went wrong.