.github/workflows/test-zap.yml

---
name: Test Zap
on:
  push:
    branches:
    - main
  workflow_dispatch:

jobs:
  scan:

    permissions:
      security-events: write
      contents: read

    runs-on: ubuntu-latest

    steps:
      - name: checkout
        uses: actions/checkout@v4
    
      - name: ZAP Scan
        uses: pritchyspritch/action-af@v0.1.1
        with:
          plan: 'https://raw.githubusercontent.com/pritchyspritch/dast-automation/main/testplan.yml'
          cmd_options: '-addoninstall kotlin -loglevel debug'
          docker_env_vars: |
            $USER
            $PASSWORD
        env:
          USER: ${{ secrets.USERNAME }}
          PASSWORD: ${{ secrets.PASSWORD }}

      - name: Upload logs artifact
        uses: actions/upload-artifact@v4
        with:
          name: "logs"
          path: "${{ github.workspace }}/home/.ZAP/zap.log"
          retention-days: 1
        if: ${{ always() }}
            

      - uses: actions/upload-artifact@v4
        with:
          name: "logs2"
          path: "${{ github.workspace }}/req-resp-log.txt"
          retention-days: 1
        if: ${{ always() }}