Test for failure and more complex vulnapi arguments #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-javascript: | |
| name: JavaScript Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| id: setup-node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: npm | |
| - name: Install Dependencies | |
| id: npm-ci | |
| run: npm ci | |
| - name: Check Format | |
| id: npm-format-check | |
| run: npm run format:check | |
| - name: Lint | |
| id: npm-lint | |
| run: npm run lint | |
| - name: Test | |
| id: npm-ci-test | |
| run: npm run ci-test | |
| test-failed-scans: | |
| name: GitHub Actions Test Failed Scans | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get JWT | |
| id: get-jwt | |
| run: | | |
| echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
| - name: Run Server | |
| run: | | |
| docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
| sleep 5 | |
| curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test CURL Local Action | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scans: jwt.* | |
| curl: | | |
| curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Check for vulnerabilities | |
| if: ${{ success() }} | |
| run: | | |
| echo "No vulnerabilities found" | |
| exit 1 | |
| # - name: Test OpenAPI Local Action | |
| # uses: ./ | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # scans: jwt.* | |
| # openapi: ./__tests__/openapi.yaml | |
| - name: Stop Server | |
| if: ${{ always() }} | |
| run: | |
| docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) | |
| test-scans: | |
| name: GitHub Actions Test Scans | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest | |
| DOCKER_JWT_NONE_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get JWT | |
| id: get-jwt | |
| run: | | |
| echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
| - name: Run Server | |
| run: | | |
| docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
| sleep 5 | |
| curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test CURL Local Action | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scans: jwt.* | |
| curl: | | |
| curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| # - name: Test OpenAPI Local Action | |
| # uses: ./ | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # scans: jwt.* | |
| # openapi: ./__tests__/openapi.yaml | |
| - name: Stop Server | |
| if: ${{ always() }} | |
| run: | |
| docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) |