Skip to content

CCFPCM-0580 added CSP and anti-clickjack headers #203

CCFPCM-0580 added CSP and anti-clickjack headers

CCFPCM-0580 added CSP and anti-clickjack headers #203

Workflow file for this run

name: Deployment and ZAP scan - DEV
on:
workflow_dispatch:
push:
tags:
- dev
env:
ENV_NAME: dev
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 10
concurrency: ci-${{ github.ref }}-dev
environment:
name: dev
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Cache yarn
uses: actions/cache@v3
with:
path: ./.yarn/cache
key: pcc-backend
restore-keys: pcc-backend
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-skip-session-tagging: true
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_ID }}
aws-region: ca-central-1
role-to-assume: ${{ secrets.AWS_SA_ROLE_ARN }}
role-duration-seconds: 900
role-session-name: ci-dev-deployment
- name: Install dependencies
run: yarn
- name: Setup ENV file
run: cp ./.config/.env.example ./.env
- name: Build
run: make build-backend
- name: Upload build artifacts
run: make aws-upload-artifacts
- name: Deploy migrations
run: make aws-deploy-migrator
- name: Run migrations
run: make aws-run-migrator
- name: Deploy All
run: make aws-deploy-all
zap_scan:
name: ZAP baseline scan
needs: deploy
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v3
- name: ZAP baseline scan
uses: zaproxy/action-baseline@v0.4.0
with:
target: ${{ secrets.ZAP_API_URL }}
cmd_options: '-I'
- name: Upload ZAP report as artifact
uses: actions/upload-artifact@v3
with:
name: OWASP ZAP CCFP Backend Report
path: report_html.html