Fix YAML syntax error in workflow file #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenMRS O3 Security Tests - CVSS 4.0 | ||
| on: | ||
| push: | ||
| branches: [ main, cvss-4.0-* ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| schedule: | ||
| # Run daily at 2 AM UTC | ||
| - cron: '0 2 * * *' | ||
| workflow_dispatch: | ||
| jobs: | ||
| security-tests: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.10' | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install -r requirements.txt | ||
| playwright install chromium | ||
| - name: Start OpenMRS O3 with Docker | ||
| run: | | ||
| docker-compose up -d | ||
| echo "Waiting for OpenMRS to be ready..." | ||
| sleep 120 | ||
| - name: Download Previous Database | ||
| continue-on-error: true | ||
| run: | | ||
| gh run download --name test-database --dir . || echo "No previous database found (this is OK for first run)" | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| - name: Run CVSS 4.0 Security Tests | ||
| run: | | ||
| pytest tests/authentication/test_01_brute_force_password.py -v --tb=short | ||
| env: | ||
| GITHUB_SHA: ${{ github.sha }} | ||
| - name: Upload Database Artifact | ||
| if: always() | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: test-database | ||
| path: test_results.db | ||
| retention-days: 90 | ||
| - name: Generate Security Dashboard | ||
| if: always() | ||
| run: | | ||
| python scripts/generate_security_dashboard.py | ||
| - name: Deploy Dashboard to GitHub Pages | ||
| if: always() | ||
| uses: peaceiris/actions-gh-pages@v3 | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| publish_dir: ./scripts | ||
| publish_branch: gh-pages | ||
| enable_jekyll: false | ||
| - name: Display Test Summary | ||
| if: always() | ||
| run: | | ||
| echo "===================================================================" | ||
| echo "CVSS 4.0 Security Test Results" | ||
| echo "===================================================================" | ||
| if [ -f test_results.db ]; then | ||
| python3 << 'EOF' | ||
| from scripts.database import SecurityTestDatabase | ||
| db = SecurityTestDatabase() | ||
| scores = db.get_all_current_scores() | ||
| for score in scores: | ||
| print(f"Test: {score['test_name']}") | ||
| print(f" Baseline: {score['baseline_score']:.1f}") | ||
| print(f" Current: {score['current_score']:.1f}") | ||
| print(f" Improvement: {score['relative_score']:+.1f}") | ||
| print() | ||
| db.close() | ||
| EOF | ||
| else | ||
| echo "No database found" | ||
| fi | ||
| echo "===================================================================" | ||
| echo "Dashboard URL: https://cvss-report.openmrs.org" | ||
| echo "===================================================================" | ||