ZAP vs Crawl Maze #560
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ZAP vs Crawl Maze | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone zap-mgmt-scripts and zaproxy-website | |
| run: | | |
| # Setup git details | |
| export GITHUB_USER=zapbot | |
| export GITHUB_TOKEN=${{ secrets.ZAPBOT_TOKEN }} | |
| git config --global user.email "12745184+zapbot@users.noreply.github.com" | |
| git config --global user.name $GITHUB_USER | |
| git clone https://github.com/$GITHUB_USER/zap-mgmt-scripts.git | |
| git clone https://github.com/$GITHUB_USER/zaproxy-website.git | |
| # Update to the latest upstream | |
| cd zaproxy-website | |
| git remote set-url origin https://$GITHUB_USER:$GITHUB_TOKEN@github.com/$GITHUB_USER/zaproxy-website.git | |
| git remote add upstream https://github.com/zaproxy/zaproxy-website.git | |
| git checkout -B crawlmaze | |
| git pull upstream main | |
| git reset --hard upstream/main | |
| git push --set-upstream origin crawlmaze --force | |
| - name: Scan Crawl Maze | |
| run: | | |
| cd zap-mgmt-scripts/scans/crawlmaze | |
| # Need to do this so the zap user in docker can write to the files | |
| touch all.yml zap.log | |
| chmod a+w all.yml zap.log | |
| # The first set of commands are a hack to create the zap-client-profile | |
| # as Selenium doesnt seem to allow us to do this in the ZAP Docker containers :/ | |
| docker run -v $(pwd):/zap/wrk/:rw \ | |
| -t ghcr.io/zaproxy/zaproxy:nightly sh -c \ | |
| "./zap.sh -cmd -silent -addoninstall client -autorun /zap/wrk/crawl-maze.yaml; \ | |
| cp /home/zap/.ZAP_D/zap.log /zap/wrk; \ | |
| ls -l /zap/wrk;" | |
| cp all.yml ../../../zaproxy-website/site/data/scans/crawlmaze/ | |
| ls -l | |
| - name: 'Upload zap.log' | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: zap.log | |
| path: ./zap.log | |
| - name: Raise a PR on the website | |
| run: | | |
| cd zaproxy-website | |
| # Update the index to be sure git is aware of changes | |
| git update-index -q --refresh | |
| ## If there are changes: comment, commit, PR | |
| if ! git diff-index --quiet HEAD --; then | |
| git add site/data/scans/crawlmaze/* | |
| git commit -s -m "Updated Crawl Maze Results" | |
| git push origin | |
| echo ${{ secrets.ZAPBOT_TOKEN }} | gh auth login --with-token | |
| gh pr create --fill | |
| fi |