Support writing files from the plan

.github/workflows/check-run.yml

@@ -33,3 +33,12 @@ jobs:
     - name: Check ZAP Plan with Error Failed
       run: exit 1
       if: ${{ !cancelled() && steps.af-plan-error.outcome == 'success' }}
+
+    - name: ZAP Plan with File Creation
+      uses: ./
+      id: af-plan-files
+      with:
+        plan: '.github/workflows/zap/af-plan-files.yml'
+
+    - name: Check ZAP Plan with File Creation
+      run: "[ -f sarif.json ]"

.github/workflows/zap/af-plan-files.yml

@@ -0,0 +1,20 @@
+---
+env:
+  contexts:
+  - name: "Context"
+    urls:
+    - "http://localhost/"
+  parameters:
+    failOnError: true
+    failOnWarning: true
+    progressToStdout: true
+jobs:
+- requests:
+  - url: "http://localhost/"
+  type: "requestor"
+- parameters:
+    template: "sarif-json"
+    reportDir: "/zap/wrk/"
+    reportFile: "sarif.json"
+  name: "sarif-report"
+  type: "report"

README.md

@@ -5,7 +5,7 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 ### `plan`
 
-**Required** The file system path to the Automation Framework plan to run.
+**Required** The file system path or URL to the Automation Framework plan to run.
 
 ### `docker_name`
 
@@ -15,6 +15,10 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 **Optional** Additional [command line options](https://www.zaproxy.org/docs/desktop/cmdline/) for ZAP.
 
+## Files
+
+Files created with the plan that need to be used after the plan has finished should be saved to the `/zap/wrk/` directory, which is mapped to the [GITHUB_WORKSPACE](https://docs.github.com/en/actions/learn-github-actions/variables) directory.
+
 ## Environment variables
 
 If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)

action.yml

@@ -5,7 +5,7 @@ branding:
   color: 'blue'
 inputs:
   plan:
-    description: 'The file system path to the Automation Framework plan to run.'
+    description: 'The file system path or URL to the Automation Framework plan to run.'
     required: true
   docker_name:
     description: 'The Docker image to be used.'

dist/index.js

@@ -28064,6 +28064,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);
 

index.js

@@ -9,6 +9,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);