- move everything back to yaml

raft-tech · Apr 15, 2024 · 351b706 · 351b706
1 parent 9d47eb6
commit 351b706
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 23 deletions.
diff --git a/.circleci/owasp/jobs.yml b/.circleci/owasp/jobs.yml
@@ -84,4 +84,23 @@
           command: |
             # Construct the project slug from the current branch name and user
             PROJECT_SLUG=$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME
-            ./scripts/cf-runtask.sh "$PROJECT_SLUG" << parameters.target_env >> "$CIRCLE_BUILD_NUM" "${ZAP_BACKEND_PASS_COUNT:-0}" "${ZAP_BACKEND_WARN_COUNT:-0}" "${ZAP_BACKEND_FAIL_COUNT:-0}" "${ZAP_FRONTEND_PASS_COUNT:-0}" "${ZAP_FRONTEND_WARN_COUNT:-0}" "${ZAP_FRONTEND_FAIL_COUNT:-0}"
+            # These environment variables are exported to Circle CI's BASH_ENV
+            # by the zap-scanner.sh script for each respective app target.
+            CMD_ARGS=(
+              "$CIRCLE_BUILD_NUM"
+              --backend-pass-count "${ZAP_BACKEND_PASS_COUNT:-0}"
+              --backend-warn-count "${ZAP_BACKEND_WARN_COUNT:-0}"
+              --backend-fail-count "${ZAP_BACKEND_FAIL_COUNT:-0}"
+              --frontend-pass-count "${ZAP_FRONTEND_PASS_COUNT:-0}"
+              --frontend-warn-count "${ZAP_FRONTEND_WARN_COUNT:-0}"
+              --frontend-fail-count "${ZAP_FRONTEND_FAIL_COUNT:-0}"
+              --project-slug "$PROJECT_SLUG"
+            )
+            # Evaluate the full command before passing it in so it doesn't
+            # get improperly interpolated by Cloud.gov.
+            CMD="python manage.py process_owasp_scan ${CMD_ARGS[*]}"
+            # Submit a CF Task for execution that will run the necessary command
+            sleep 300
+            cf run-task tdp-backend-<< parameters.target_env >> \
+              --command "$CMD" \
+              --name nightly-owasp-scan
diff --git a/scripts/cf-runtask.sh b/scripts/cf-runtask.sh