saving work #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Mayhem for API' | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 2 * * *' # run at 2 AM UTC | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Create environment to run API | |
| - name: Set up Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: Install dependencies | |
| run: npm install | |
| # Run API in test mode. We configured test mode to output stacktraces in | |
| # the error responses to improve the output of Mayhem for API. | |
| - name: Run API | |
| env: | |
| FASTAPI_ENV: test | |
| run: node app.js & | |
| # Run Mayhem for API | |
| - name: Run Mayhem for API to check for vulnerabilities | |
| uses: ForAllSecure/mapi-action@v2 | |
| continue-on-error: true | |
| with: | |
| mayhem-url: https://app.mayhem.security | |
| mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | |
| api-url: http://localhost:3000 | |
| api-spec: openapi.yaml | |
| sarif-report: mapi.sarif | |
| html-report: mapi.html | |
| target: forallsecure-demo/mapi-node-example/node | |
| # Kill python if it's still running, ignoring any errors | |
| - name: Shut down API | |
| run: | | |
| echo "pgrep node $(pgrep node)" | |
| pgrep node | xargs kill || true; sleep 5 | |
| # Archive HTML report | |
| - name: Archive Mayhem for API report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: mapi-report | |
| path: mapi.html | |
| # Upload SARIF file (only available on public repos or github enterprise) | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: mapi.sarif |