From 0584190306c8a1562be05269ef0a55dc684d8cc9 Mon Sep 17 00:00:00 2001 From: Marcus Aspin Date: Thu, 21 Mar 2024 09:16:42 +0000 Subject: [PATCH] Add Slack notification --- .github/workflows/security.yml | 69 ++++++++++++++++++++++++++++++++-- .zap/autorun.yml | 5 +++ 2 files changed, 70 insertions(+), 4 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 643c4b85..3aa5b119 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -25,6 +25,7 @@ jobs: run: envsubst < "$CONFIG_FILE" > "$CONFIG_FILE.tmp" && mv "$CONFIG_FILE.tmp" "$CONFIG_FILE" && cat "$CONFIG_FILE" env: CONFIG_FILE: ${{ github.workspace }}/.zap/autorun.yml + SUMMARY_FILE: ${{ github.workspace }}/.zap/summary.json ZAP_USERNAME: ${{ secrets.ZAP_USERNAME }} ZAP_PASSWORD: ${{ secrets.ZAP_PASSWORD }} shell: bash @@ -36,6 +37,12 @@ jobs: CONFIG_FILE: ${{ github.workspace }}/.zap/autorun.yml shell: bash + - name: Upload report + uses: actions/upload-artifact@v4 + with: + name: zap-report + path: ${{ github.workspace }}/.zap/zap-report + - name: Publish HTML report uses: JamesIves/github-pages-deploy-action@65b5dfd4f5bcd3a7403bbc2959c144256167464e # v4.5.0 with: @@ -45,8 +52,62 @@ jobs: - name: Add HTML report URL to the job summary run: echo '[🛡️ OWASP ZAP Report](https://ministryofjustice.github.io/hmpps-manage-a-supervision-ui/zap-report)' | tee -a "$GITHUB_STEP_SUMMARY" - - name: Upload report - uses: actions/upload-artifact@v4 + - name: Parse summary + id: summary + run: | + echo "pass=$(jq '.pass // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT" + echo "fail=$(jq '.fail // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT" + echo "warn=$(jq '.warn // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT" + env: + SUMMARY_FILE: ${{ github.workspace }}/.zap/summary.json + shell: bash + + - name: Send message to Slack + uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 + if: steps.summary.outputs.failed != '0' with: - name: zap-report - path: ${{ github.workspace }}/.zap/zap-report + channel-id: probation-integration-notifications + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "🛡️ *Manage a Supervision* ZAP report" + } + }, + { + "type": "context", + "elements": [ + { + "type": "mrkdwn", + "text": ">${{ steps.summary.outputs.pass }} tests passed, ${{ steps.summary.outputs.fail }} failed, and there were ${{ steps.summary.outputs.warn }} warnings." + } + ] + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "📈 Report" + }, + "url": "https://ministryofjustice.github.io/hmpps-manage-a-supervision-ui/zap-report" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "📝 Logs" + }, + "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.zap/autorun.yml b/.zap/autorun.yml index 10c3d67a..713db1d3 100644 --- a/.zap/autorun.yml +++ b/.zap/autorun.yml @@ -58,6 +58,11 @@ jobs: parameters: context: "HMPPSAuth" user: "TestUser" + maxScanDurationInMins: 5 # minutes + - type: outputSummary + parameters: + format: "Short" + summaryFile: "$SUMMARY_FILE" - type: report parameters: reportDir: "zap-report"