[CCFPCM-0580] resolve ZAP scan warnings (#216) #210

	name: Deployment and ZAP scan - DEV
	on:
	workflow_dispatch:
	push:
	tags:
	- dev
	env:
	ENV_NAME: dev

	jobs:
	deploy:
	runs-on: ubuntu-latest
	timeout-minutes: 10
	concurrency: ci-${{ github.ref }}-dev
	environment:
	name: dev

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Cache yarn
	uses: actions/cache@v3
	with:
	path: ./.yarn/cache
	key: pcc-backend
	restore-keys: pcc-backend

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	role-skip-session-tagging: true
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_ID }}
	aws-region: ca-central-1
	role-to-assume: ${{ secrets.AWS_SA_ROLE_ARN }}
	role-duration-seconds: 900
	role-session-name: ci-dev-deployment

	- name: Install dependencies
	run: yarn

	- name: Setup ENV file
	run: cp ./.config/.env.example ./.env

	- name: Build
	run: make build-backend

	- name: Upload build artifacts
	run: make aws-upload-artifacts

	- name: Deploy migrations
	run: make aws-deploy-migrator

	- name: Run migrations
	run: make aws-run-migrator

	- name: Deploy All
	run: make aws-deploy-all

	zap_scan:
	name: ZAP baseline scan
	needs: deploy
	runs-on: ubuntu-latest
	timeout-minutes: 10
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: ZAP baseline scan
	uses: zaproxy/action-baseline@v0.4.0
	with:
	target: ${{ secrets.ZAP_API_URL }}
	cmd_options: '-I'

	- name: Upload ZAP report as artifact
	uses: actions/upload-artifact@v3
	with:
	name: OWASP ZAP CCFP Backend Report
	path: report_html.html

Provide feedback