Add ctrl+s to save graph #462

Workflow file for this run

.github/workflows/pull_request.yaml at d31ae83

	name: PR pipeline
	on:
	pull_request:
	branches:
	- main
	workflow_dispatch:

	env:
	# threatdragon is the working area on docker hub so use this area
	# owasp/threat-dragon is the final release area so DO NOT use that
	IMAGE_NAME: "pr-${{ github.event.number }}"
	ZAP_FILE: "zap-scan-pr-${{ github.event.number }}"

	# for security reasons the github actions are pinned to specific release versions
	jobs:
	server_unit_tests:
	name: Server unit tests
	runs-on: ubuntu-24.04
	defaults:
	run:
	working-directory: td.server

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Use node LTS 20.14.0
	uses: actions/[email protected]
	with:
	node-version: '20.14.0'

	- name: Cache NPM dir
	uses: actions/[email protected]
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	${{ runner.os }}-

	- name: Install packages
	run: npm clean-install

	- name: lint
	run: npm run lint

	- name: Unit test
	run: npm run test:unit

	site_unit_tests:
	name: Site unit tests
	runs-on: ubuntu-24.04
	defaults:
	run:
	working-directory: td.vue

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Use node LTS 20.14.0
	uses: actions/[email protected]
	with:
	node-version: '20.14.0'

	- name: Cache NPM dir
	uses: actions/[email protected]
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	${{ runner.os }}-

	- name: Install packages
	run: npm clean-install

	- name: Site lint
	run: npm run lint

	- name: Run unit tests
	run: npm run test:unit

	desktop_unit_tests:
	name: Desktop unit tests
	runs-on: ubuntu-24.04
	defaults:
	run:
	working-directory: td.vue

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Use node LTS 20.14.0
	uses: actions/[email protected]
	with:
	node-version: '20.14.0'

	- name: Cache NPM dir
	uses: actions/[email protected]
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	${{ runner.os }}-

	- name: Install packages
	run: npm clean-install

	- name: Desktop lint
	run: npm run lint:desktop

	- name: Run unit tests
	run: npm run test:desktop

	codeql:
	name: Analyze with codeql
	runs-on: ubuntu-24.04
	needs: [server_unit_tests, site_unit_tests]
	permissions:
	security-events: write

	strategy:
	fail-fast: false

	steps:
	- name: Checkout repository
	uses: actions/[email protected]

	- name: Initialize CodeQL
	uses: github/codeql-action/[email protected]
	with:
	languages: 'javascript'
	config-file: ./.github/codeql/codeql-config.yml
	# If you wish to specify custom queries, you can do so here or in a config file.
	# By default, queries listed here will override any specified in a config file.
	# Prefix the list here with "+" to use these queries and those in the config file.

	- name: CodeQL autobuild
	uses: github/codeql-action/[email protected]

	- name: Perform vulnerability analysis
	uses: github/codeql-action/[email protected]

	build_docker_image:
	name: Build docker image
	runs-on: ubuntu-24.04
	needs: [site_unit_tests, server_unit_tests]
	if: github.repository == 'OWASP/threat-dragon'

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/[email protected]
	with:
	install: true

	- name: Cache Docker layers
	uses: actions/[email protected]
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}
	restore-keys: \|
	${{ runner.os }}-buildx-
	${{ runner.os }}-

	- name: Build for amd64
	id: docker_build
	uses: docker/[email protected]
	with:
	context: ./
	file: ./Dockerfile
	builder: ${{ steps.buildx.outputs.name }}
	tags: ${{ env.IMAGE_NAME }}
	outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
	platforms: linux/amd64
	load: true

	- name: Upload docker local image
	uses: actions/[email protected]
	with:
	name: ${{ env.IMAGE_NAME }}
	path: /tmp/${{ env.IMAGE_NAME }}.tar

	- name: Check docker local image
	run: \|
	docker load --input /tmp/${{ env.IMAGE_NAME }}.tar
	docker image ls -a

	- # Temp fix for large cache bug
	# https://github.com/docker/build-push-action/issues/252
	name: Move cache
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache

	e2e_smokes:
	name: Site e2e smokes
	runs-on: ubuntu-24.04
	needs: build_docker_image
	defaults:
	run:
	working-directory: td.vue

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Download docker local image
	uses: actions/[email protected]
	with:
	name: ${{ env.IMAGE_NAME }}
	path: /tmp

	- name: Load docker local image
	run: \|
	docker load --input /tmp/${{ env.IMAGE_NAME }}.tar

	- name: Run Threat Dragon
	run: \|
	docker run -d \
	-p 3000:3000 \
	-e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \
	-e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \
	-e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \
	-e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \
	-e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \
	-e NODE_ENV='development' \
	-e SERVER_API_PROTOCOL='http' \
	${{ env.IMAGE_NAME }}

	- name: Use node LTS 20.14.0
	uses: actions/[email protected]
	with:
	node-version: '20.14.0'

	- name: Cache NPM dir
	uses: actions/[email protected]
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	${{ runner.os }}-

	- name: Install packages
	run: npm clean-install

	- name: Run e2e tests
	run: npm run test:e2e-ci-smokes

	- name: Upload e2e videos
	uses: actions/[email protected]
	with:
	name: e2e_vids.zip
	path: td.vue/tests/e2e/videos
	if: ${{ failure() && hashFiles('td.vue/tests/e2e/videos/') != '' }}

	e2e_tests:
	name: Site e2e tests
	runs-on: ubuntu-24.04
	needs: e2e_smokes
	defaults:
	run:
	working-directory: td.vue

	steps:
	- name: Checkout
	uses: actions/[email protected]

	- name: Download docker local image
	uses: actions/[email protected]
	with:
	name: ${{ env.IMAGE_NAME }}
	path: /tmp

	- name: Load docker local image
	run: \|
	docker load --input /tmp/${{ env.IMAGE_NAME }}.tar

	- name: Run Threat Dragon
	run: \|
	docker run -d \
	-p 3000:3000 \
	-e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \
	-e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \
	-e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \
	-e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \
	-e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \
	-e NODE_ENV='development' \
	-e SERVER_API_PROTOCOL='http' \
	${{ env.IMAGE_NAME }}

	- name: Use node LTS 20.14.0
	uses: actions/[email protected]
	with:
	node-version: '20.14.0'

	- name: Cache NPM dir
	uses: actions/[email protected]
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-

	- name: Install packages
	run: npm clean-install

	- name: Run e2e tests
	run: npm run test:e2e-ci

	- name: Upload e2e videos
	uses: actions/[email protected]
	with:
	name: e2e_vids.zip
	path: td.vue/tests/e2e/videos
	if: ${{ failure() && hashFiles('td.vue/tests/e2e/videos/') != '' }}

	zap_scan_web_app:
	name: Local site zap scan
	runs-on: ubuntu-24.04
	needs: build_docker_image

	steps:
	- name: Download docker local image
	uses: actions/[email protected]
	with:
	name: ${{ env.IMAGE_NAME }}
	path: /tmp

	- name: Load docker local image
	run: \|
	docker load --input /tmp/${{ env.IMAGE_NAME }}.tar

	- name: Run Threat Dragon
	run: \|
	docker run -d \
	-p 3000:3000 \
	-e GITHUB_CLIENT_ID='${{ secrets.CI_GITHUB_CLIENT_ID }}' \
	-e GITHUB_CLIENT_SECRET='${{ secrets.CI_GITHUB_CLIENT_SECRET }}' \
	-e ENCRYPTION_JWT_REFRESH_SIGNING_KEY='${{ secrets.CI_JWT_REFRESH_SIGNING_KEY }}' \
	-e ENCRYPTION_JWT_SIGNING_KEY='${{ secrets.CI_JWT_SIGNING_KEY }}' \
	-e ENCRYPTION_KEYS='${{ secrets.CI_SESSION_ENCRYPTION_KEYS }}' \
	-e NODE_ENV='development' \
	-e SERVER_API_PROTOCOL='http' \
	${{ env.IMAGE_NAME }}

	- name: Checkout
	uses: actions/[email protected]

	- name: ZAP Scan
	uses: zaproxy/[email protected]
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	target: 'http://localhost:3000'
	rules_file_name: '.github/workflows/.zap-rules-web.tsv'
	allow_issue_writing: false
	fail_action: true
	artifact_name: ${{ env.ZAP_FILE }}
	cmd_options: '-a'

	scan_image_with_trivy:
	name: Scan with trivy
	runs-on: ubuntu-24.04
	needs: build_docker_image
	permissions:
	contents: write

	steps:
	# Need .trivyignore
	- name: Checkout
	uses: actions/[email protected]

	- name: Download docker local image
	uses: actions/[email protected]
	with:
	name: ${{ env.IMAGE_NAME }}
	path: /tmp

	- name: Load docker local image
	run: \|
	docker load --input /tmp/${{ env.IMAGE_NAME }}.tar

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: '${{ env.IMAGE_NAME }}'
	format: 'table'
	exit-code: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ctrl+s to save graph #462

Workflow file

Add ctrl+s to save graph #462

Jobs

Run details

Workflow file for this run