Merge branch 'feat-map' into default-value-bug

RyanBirtch-aot · Jul 24, 2024 · f824346 · f824346
2 parents ba671ba + 3402359
commit f824346
Show file tree

Hide file tree

Showing 21 changed files with 537 additions and 312 deletions.
diff --git a/.github/workflows/.deploy.yaml b/.github/workflows/.deploy.yaml
@@ -1,4 +1,5 @@
-name: Deploy
+name: Deploy PR
+run-name: Deploy PR-${{ github.event.inputs.pr-number }}
 
 env:
   ACRONYM: chefs
@@ -84,7 +85,7 @@ jobs:
           pr_number: ${{ github.event.inputs.pr-number }}
 
   deploy:
-    name: Deploys to selected environment
+    name: Deploy
     environment:
       name: pr
       url: ${{ needs.set-vars.outputs.URL }}
@@ -123,3 +124,10 @@ jobs:
           message: |
             Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev.apps.silver.devops.gov.bc.ca/pr-${{ github.event.inputs.pr-number }}>
           number: ${{ github.event.inputs.pr-number }}
+
+  scan:
+    name: Scan
+    needs: [deploy, set-vars]
+    uses: ./.github/workflows/reusable-owasp-zap.yaml
+    with:
+      url: ${{ needs.set-vars.outputs.URL }}
diff --git a/.github/workflows/on_push.yaml b/.github/workflows/on_push.yaml
@@ -21,7 +21,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Build & Push
         uses: ./.github/actions/build-push-container
         with:
@@ -38,10 +38,12 @@ jobs:
       url: https://${{ env.ACRONYM }}-dev.apps.silver.devops.gov.bc.ca/app
     runs-on: ubuntu-latest
     needs: build
+    outputs:
+      url: https://${{ env.ACRONYM }}-dev.apps.silver.devops.gov.bc.ca/app
     timeout-minutes: 12
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Deploy to Dev
         uses: ./.github/actions/deploy-to-environment
         with:
@@ -57,6 +59,13 @@ jobs:
           route_path: /app
           route_prefix: ${{ vars.ROUTE_PREFIX }}
 
+  scan-dev:
+    name: Scan Dev
+    needs: deploy-dev
+    uses: ./.github/workflows/reusable-owasp-zap.yaml
+    with:
+      url: ${{ needs.deploy-dev.outputs.url }}
+
   deploy-test:
     name: Deploy to Test
     environment:
@@ -69,7 +78,7 @@ jobs:
     timeout-minutes: 12
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Deploy to Test
         uses: ./.github/actions/deploy-to-environment
         with:
@@ -98,7 +107,7 @@ jobs:
     timeout-minutes: 12
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Deploy to Prod
         uses: ./.github/actions/deploy-to-environment
         with:

diff --git a/.github/workflows/owasp-zap-scan.yaml b/.github/workflows/owasp-zap-scan.yaml
diff --git a/.github/workflows/reusable-owasp-zap.yaml b/.github/workflows/reusable-owasp-zap.yaml
@@ -0,0 +1,31 @@
+#
+# Reusable workflow to run the OWASP ZAP (Open Worldwide Application Security
+# Project - Zed Attack Proxy) Scan against a deployed application.
+#
+name: OWASP ZAP Scan
+on:
+  workflow_call:
+    inputs:
+      url:
+        required: true
+        type: string
+
+jobs:
+  owasp-zap:
+    name: OWASP ZAP Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run Scan
+        uses: zaproxy/[email protected]
+        with:
+          # Do not create GitHub Issues
+          allow_issue_writing: false
+
+          artifact_name: OWASP ZAP Scan
+
+          # -a: include the alpha passive scan rules as well
+          # -d: show debug messages
+          cmd_options: "-a -d"
+
+          target: ${{ inputs.url }}
diff --git a/app/app.js b/app/app.js
@@ -32,6 +32,8 @@ app.use(express.urlencoded({ extended: true }));
 // See https://express-rate-limit.github.io/ERR_ERL_UNEXPECTED_X_FORWARDED_FOR
 app.set('trust proxy', 1);
 
+app.set('x-powered-by', false);
+
 // Skip if running tests
 if (process.env.NODE_ENV !== 'test') {
   // Initialize connections and exit if unsuccessful