Merge branch 'bcgov:main' into master

.github/actions/build-push-container/action.yaml

@@ -51,15 +51,11 @@ inputs:
   app_chefs_geo_address_apiurl:
     description: Proxy URL to BC Geo Address API URL
     required: true
-    default: "../api/v1/bcgeoaddress/address"
-  app_chefs_advance_geo_address_apiurl:
-    description: Proxy URL to BC Geo Address API URL for advance search
-    required: true
     default: "../api/v1/bcgeoaddress/advance/address"
   ref:
     description: The checkout ref id
     required: false
-    default: ''
+    default: ""
   pr_number:
     description: Pull request number
     required: false
@@ -98,7 +94,6 @@ runs:
         VITE_CHEFSTOURURL: ${{ inputs.app_chefstoururl }}
         VITE_FRONTEND_BASEPATH: ${{ inputs.route_path }}
         VITE_CHEFS_GEO_ADDRESS_APIURL: ${{ inputs.app_chefs_geo_address_apiurl }}
-        VITE_CHEFS_ADVANCE_GEO_ADDRESS_APIURL: ${{ inputs.app_chefs_advance_geo_address_apiurl }}
         VITE_BC_GEO_ADDRESS_APIURL: ${{ inputs.app_bc_geo_address_apiurl }}
         ENV_PATH: ./app/frontend/.env
       shell: bash
@@ -109,7 +104,6 @@ runs:
         echo VITE_HOWTOURL=$VITE_HOWTOURL >> $ENV_PATH
         echo VITE_CHEFSTOURURL=$VITE_CHEFSTOURURL >> $ENV_PATH
         echo VITE_CHEFS_GEO_ADDRESS_APIURL=$VITE_CHEFS_GEO_ADDRESS_APIURL >> $ENV_PATH
-        echo VITE_CHEFS_ADVANCE_GEO_ADDRESS_APIURL=$VITE_CHEFS_ADVANCE_GEO_ADDRESS_APIURL >> $ENV_PATH
         echo VITE_BC_GEO_ADDRESS_APIURL=$VITE_BC_GEO_ADDRESS_APIURL >> $ENV_PATH
         echo VITE_FRONTEND_BASEPATH=$VITE_FRONTEND_BASEPATH >> $ENV_PATH
 

.github/workflows/.deploy.yaml

@@ -1,4 +1,5 @@
-name: Deploy
+name: Deploy PR
+run-name: Deploy PR-${{ github.event.inputs.pr-number }}
 
 env:
   ACRONYM: chefs
@@ -123,3 +124,10 @@ jobs:
           message: |
             Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev.apps.silver.devops.gov.bc.ca/pr-${{ github.event.inputs.pr-number }}>
           number: ${{ github.event.inputs.pr-number }}
+
+  scan:
+    name: Scan
+    needs: [deploy, set-vars]
+    uses: ./.github/workflows/reusable-owasp-zap.yaml
+    with:
+      url: ${{ needs.set-vars.outputs.URL }}

.github/workflows/reusable-owasp-zap.yaml

@@ -0,0 +1,31 @@
+#
+# Reusable workflow to run the OWASP ZAP (Open Worldwide Application Security
+# Project - Zed Attack Proxy) Scan against a deployed application.
+#
+name: OWASP ZAP Scan
+on:
+  workflow_call:
+    inputs:
+      url:
+        required: true
+        type: string
+
+jobs:
+  owasp-zap:
+    name: OWASP ZAP Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run Scan
+        uses: zaproxy/action-full-scan@v0.10.0
+        with:
+          # Do not create GitHub Issues
+          allow_issue_writing: false
+
+          artifact_name: OWASP ZAP Scan
+
+          # -a: include the alpha passive scan rules as well
+          # -d: show debug messages
+          cmd_options: "-a -d"
+
+          target: ${{ inputs.url }}

.vscode/launch.json

@@ -21,7 +21,7 @@
     {
       "cwd": "${workspaceFolder}/app/frontend",
       "env": {
-        "VITE_CHEFS_ADVANCE_GEO_ADDRESS_APIURL": "http://localhost:8080/app/api/v1/bcgeoaddress/address",
+        "VITE_CHEFS_GEO_ADDRESS_APIURL": "http://localhost:8080/app/api/v1/bcgeoaddress/advance/address",
         "VITE_CHEFSTOURURL": "https://www.youtube.com/embed/obOhyYusMjM",
         "VITE_CONTACT": "submit.digital@gov.bc.ca",
         "VITE_FRONTEND_BASEPATH": "/app",

app/src/components/errorToProblem.js

@@ -2,28 +2,46 @@ const Problem = require('api-problem');
 
 const log = require('./log')(module.filename);
 
-module.exports = function (service, e) {
-  if (e.response) {
-    // Handle raw data
-    let data;
-    if (typeof e.response.data === 'string' || e.response.data instanceof String) {
-      data = JSON.parse(e.response.data);
-    } else {
-      data = e.response.data;
-    }
+/**
+ * Try to convert response data to JSON, but failing that just return it as-is.
+ *
+ * @param {*} data the data to attempt to parse into JSON.
+ * @returns an object if data is JSON, otherwise data itself
+ */
+const _parseResponseData = (data) => {
+  let parsedData;
+
+  try {
+    parsedData = JSON.parse(data);
+  } catch (error) {
+    // Syntax Error: It's not valid JSON.
+    parsedData = data;
+  }
+
+  return parsedData;
+};
+
+module.exports = function (service, error) {
+  if (error.response) {
+    const data = _parseResponseData(error.response.data);
+
+    log.error(`Error from ${service}: status = ${error.response.status}, data: ${JSON.stringify(data)}`, error);
 
-    log.error(`Error from ${service}: status = ${e.response.status}, data : ${JSON.stringify(data)}`, e);
     // Validation Error
-    if (e.response.status === 422) {
-      throw new Problem(e.response.status, {
+    if (error.response.status === 422) {
+      throw new Problem(error.response.status, {
         detail: data.detail,
         errors: data.errors,
       });
     }
+
     // Something else happened but there's a response
-    throw new Problem(e.response.status, { detail: e.response.data.toString() });
+    throw new Problem(error.response.status, { detail: error.response.data.toString() });
   } else {
-    log.error(`Unknown error calling ${service}: ${e.message}`, e);
-    throw new Problem(502, `Unknown ${service} Error`, { detail: e.message });
+    log.error(`Unknown error calling ${service}: ${error.message}`, error);
+
+    throw new Problem(502, `Unknown ${service} Error`, {
+      detail: error.message,
+    });
   }
 };

app/tests/unit/components/errorToProblem.spec.js

@@ -3,20 +3,33 @@ const errorToProblem = require('../../../src/components/errorToProblem');
 const SERVICE = 'TESTSERVICE';
 
 describe('errorToProblem', () => {
+  it('should throw a 404', () => {
+    const error = {
+      response: {
+        data: { detail: 'detail' },
+        status: 404,
+      },
+    };
+
+    expect(() => errorToProblem(SERVICE, error)).toThrow('404');
+  });
+
   it('should throw a 422', () => {
-    const e = {
+    const error = {
       response: {
         data: { detail: 'detail' },
         status: 422,
       },
     };
-    expect(() => errorToProblem(SERVICE, e)).toThrow('422');
+
+    expect(() => errorToProblem(SERVICE, error)).toThrow('422');
   });
 
   it('should throw a 502', () => {
-    const e = {
+    const error = {
       message: 'msg',
     };
-    expect(() => errorToProblem(SERVICE, e)).toThrow('502');
+
+    expect(() => errorToProblem(SERVICE, error)).toThrow('502');
   });
 });