ci: tests for scans failure

cerberauth · Jan 2, 2025 · e139efd · e139efd
1 parent 1ddc874
commit e139efd
Showing 1 changed file with 66 additions and 3 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,16 +44,16 @@ jobs:
         id: npm-ci-test
         run: npm run ci-test
 
-  test-action:
-    name: GitHub Actions Test
+  test-failed-scans:
+    name: GitHub Actions Test Failed Scans
     runs-on: ubuntu-latest
 
     permissions:
       contents: read
       packages: read
 
     env:
-      DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest
+      DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest
 
     steps:
       - name: Checkout
@@ -66,16 +66,79 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Get JWT
+        id: get-jwt
+        run: |
+          echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT
+
       - name: Run Server
         run: |
           docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }}
           sleep 5
+          curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
+
+      - name: Test CURL Local Action
+        uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          scans: jwt.*
+          curl: |
+            curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
+
+      - name: Check for vulnerabilities
+        if: ${{ success() }}
+        run: |
+          echo "No vulnerabilities found"
+          exit 1
+
+      # - name: Test OpenAPI Local Action
+      #   uses: ./
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   with:
+      #     scans: jwt.*
+      #     openapi: ./__tests__/openapi.yaml
+
+      - name: Stop Server
+        if: ${{ always() }}
+        run:
+          docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }})
+
+  test-scans:
+    name: GitHub Actions Test Scans
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+
+    env:
+      DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest
+      DOCKER_JWT_NONE_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Get JWT
         id: get-jwt
         run: |
           echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT
 
+      - name: Run Server
+        run: |
+          docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }}
+          sleep 5
+          curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
+
       - name: Test cURL Local Action
         uses: ./
         env: