test: resuable actions

bcgov · Jul 25, 2023 · 03ed08d · 03ed08d
1 parent fe45659
commit 03ed08d
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 26 deletions.
diff --git a/.github/workflows/test-code.yaml b/.github/workflows/test-code.yaml
@@ -26,24 +26,28 @@ jobs:
         working-directory: ./app
 
   trivy-scan-code:
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: fs
-          format: sarif
-          output: trivy-results.sarif
-          exit-code: '0'
-          ignore-unfixed: false
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results.sarif'
+      - name: scan
+        uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-trivy.yml@develop
+
+    # runs-on: ubuntu-latest
+    # timeout-minutes: 60
+    # steps:
+    #   - name: Checkout code
+    #     uses: actions/checkout@v3
+    #   - name: Run Trivy vulnerability scanner in repo mode
+    #     uses: aquasecurity/trivy-action@master
+    #     with:
+    #       scan-type: fs
+    #       format: sarif
+    #       output: trivy-results.sarif
+    #       exit-code: '0'
+    #       ignore-unfixed: false
+    #       severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+    #   - name: Upload Trivy scan results to GitHub Security tab
+    #     uses: github/codeql-action/upload-sarif@v2
+    #     with:
+    #       sarif_file: 'trivy-results.sarif'
 
   codeql-scan:
     name: codeql-scan
@@ -111,7 +115,8 @@ jobs:
         working-directory: ./app
         run: yarn test --coverage
       - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
+        # uses: sonarsource/sonarcloud-github-action@master
+        uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-sonarcloud.yml@develop
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml
@@ -43,15 +43,18 @@ jobs:
       - name: run app locally
         uses: ./.github/actions/local-app-run
       - name: ZAP Full Scan
-        uses: zaproxy/action-full-scan@v0.4.0
+        uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-owasp-zap.yml@develop
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'owasp/zap2docker-stable'
-          target: 'http://localhost:3000/applicantportal'
-          rules_file_name: '.zap/rules.tsv'
-          cmd_options: '-a -d -T 5 -m 2'
-          issue_title: OWASP Full Scan
-          fail_action: true
+          target-url: 'http://localhost:3000/applicantportal'
+        # uses: zaproxy/[email protected]
+        # with:
+        #   token: ${{ secrets.GITHUB_TOKEN }}
+        #   docker_name: 'owasp/zap2docker-stable'
+        #   target: 'http://localhost:3000/applicantportal'
+        #   rules_file_name: '.zap/rules.tsv'
+        #   cmd_options: '-a -d -T 5 -m 2'
+        #   issue_title: OWASP Full Scan
+        #   fail_action: true
 
   trivy-scan-app:
     runs-on: ubuntu-latest