Merge pull request #5 from thc202/base-func

Add base functionality

.github/workflows/check-dist.yml

@@ -9,11 +9,7 @@ on:
   push:
     branches:
       - main
-    paths-ignore:
-      - '**.md'
   pull_request:
-    paths-ignore:
-      - '**.md'
   workflow_dispatch:
 
 jobs:
@@ -28,3 +24,24 @@ jobs:
         with:
           node-version: 20.x
 
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Rebuild the dist/ directory
+        run: npm run package
+
+      - name: Compare the expected and actual dist/ directories
+        run: |
+          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after build.  See status below:"
+            git diff
+            exit 1
+          fi
+        id: diff
+
+      # If index.js was different than expected, upload the expected version as an artifact
+      - uses: actions/upload-artifact@v4
+        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
+        with:
+          name: dist
+          path: dist/

.github/workflows/check-run.yml

@@ -4,11 +4,7 @@ on:
   push:
     branches:
       - main
-    paths-ignore:
-      - '**.md'
   pull_request:
-    paths-ignore:
-      - '**.md'
   workflow_dispatch:
 
 jobs:
@@ -18,3 +14,22 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v4
+
+    - run: sudo systemctl start nginx
+
+    - name: ZAP Plan
+      uses: ./
+      id: af-plan
+      with:
+        plan: '.github/workflows/zap/af-plan.yml'
+
+    - name: ZAP Plan with Error
+      continue-on-error: true
+      uses: ./
+      id: af-plan-error
+      with:
+        plan: '.github/workflows/zap/af-plan-error.yml'
+
+    - name: Check ZAP Plan with Error Failed
+      run: exit 1
+      if: ${{ !cancelled() && steps.af-plan-error.outcome == 'success' }}

.github/workflows/zap/af-plan-error.yml

@@ -0,0 +1,15 @@
+---
+env:
+  contexts:
+  - name: "Context"
+    urls:
+    - "http://localhost/"
+  parameters:
+    failOnError: true
+    failOnWarning: true
+    progressToStdout: true
+jobs:
+- requests:
+  # Should cause a warning
+  - url: "http://localhost:1234/"
+  type: "requestor"

.github/workflows/zap/af-plan.yml

@@ -0,0 +1,14 @@
+---
+env:
+  contexts:
+  - name: "Context"
+    urls:
+    - "http://localhost/"
+  parameters:
+    failOnError: true
+    failOnWarning: true
+    progressToStdout: true
+jobs:
+- requests:
+  - url: "http://localhost/"
+  type: "requestor"

.gitignore

@@ -0,0 +1 @@
+node_modules/

README.md

@@ -1,2 +1,35 @@
 # action-af
-A GitHub Action for running ZAP Automation Framework plans.
+A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/docs/automate/automation-framework/) plans.
+
+## Inputs
+
+### `plan`
+
+**Required** The file system path to the Automation Framework plan to run.
+
+### `docker_name`
+
+**Optional** if specified must not be empty. The name of the [ZAP Docker image](https://www.zaproxy.org/docs/docker/about/#install-instructions) to be used. By default the action runs the stable image.
+
+### `cmd_options`
+
+**Optional** Additional [command line options](https://www.zaproxy.org/docs/desktop/cmdline/) for ZAP.
+
+## Environment variables
+
+If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)
+will be copied into the docker container:
+
+- `ZAP_AUTH_HEADER_VALUE`
+- `ZAP_AUTH_HEADER`
+- `ZAP_AUTH_HEADER_SITE`
+
+## Example usage
+
+```
+steps:
+  - name: ZAP Scan
+    uses: zaproxy/[email protected]
+    with:
+      plan: '.github/workflows/zap/plan.yml'
+```

action.yml

@@ -0,0 +1,19 @@
+name: 'ZAP Automation Framework'
+description: 'Runs an Automation Framework plan'
+branding:
+  icon: 'zap'
+  color: 'blue'
+inputs:
+  plan:
+    description: 'The file system path to the Automation Framework plan to run.'
+    required: true
+  docker_name:
+    description: 'The Docker image to be used.'
+    required: true
+    default: 'ghcr.io/zaproxy/zaproxy:stable'
+  cmd_options:
+    description: 'Additional command line options to start ZAP with.'
+    required: false
+runs:
+  using: 'node20'
+  main: 'dist/index.js'