From 41584bdd82c76f293f1f0ac071d001b3c0cc2a1e Mon Sep 17 00:00:00 2001 From: "J. David Lowe" Date: Wed, 11 May 2022 10:12:26 -0700 Subject: [PATCH] add Mayhem for API as a github workflow --- .github/workflows/mapi.yml | 52 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/mapi.yml diff --git a/.github/workflows/mapi.yml b/.github/workflows/mapi.yml new file mode 100644 index 0000000..1229173 --- /dev/null +++ b/.github/workflows/mapi.yml @@ -0,0 +1,52 @@ +name: 'Mayhem for API' + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + test: + runs-on: ubuntu-latest + strategy: + fail-fast: true + steps: + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: ^1.18 + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + - name: Get dependencies + run: go get + + - name: Build + run: GO111MODULE=on go build -v . + + - name: start wakapi + run: ./wakapi --config config.default.yml & + + - name: create a trivial testing user + run: sqlite3 wakapi_db.db "insert into users (id, api_key) values ('mapi', 'test-api-key')" + + - name: Run Mayhem for API + uses: ForAllSecure/mapi-action@v1 + continue-on-error: true + with: + mapi-token: ${{ secrets.MAPI_TOKEN }} + api-url: http://localhost:3000/api/ + api-spec: static/docs/swagger.yaml + target: mayhemheroes/wakapi + duration: 1min + sarif-report: mapi.sarif + run-args: | + --header-auth + Authorization: Basic dGVzdC1hcGkta2V5 + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: mapi.sarif