Merge remote-tracking branch 'origin/next' into chore-zms-3235-replac…

…e-json-guard-dependency
it-at-m · Feb 17, 2025 · 85556f7 · 85556f7
2 parents cec7ed6 + 4f6155a
commit 85556f7
Show file tree

Hide file tree

Showing 53 changed files with 1,335 additions and 291 deletions.
diff --git a/.github/workflows/build-api-docs.yaml b/.github/workflows/build-api-docs.yaml
@@ -37,7 +37,7 @@ jobs:
           cd zmscitizenapi && bin/configure && composer run-script post-install-cmd && cd ..
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '16'
 
@@ -67,6 +67,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: api-docs
+          retention-days: 7
           path: |
             zmsapi/public/doc/
             zmscitizenapi/public/doc/

diff --git a/.github/workflows/combined-workflow-with-docs.yaml b/.github/workflows/combined-workflow-with-docs.yaml
@@ -17,34 +17,85 @@ jobs:
   call-php-unit-tests:
     uses: ./.github/workflows/php-unit-tests.yaml
 
-  combine-php-test-coverage:
-    needs: [call-php-unit-tests]
+  call-owasp-security-checks:
+    uses: ./.github/workflows/owasp-security-checks.yaml
+
+  aggregate-reports:
+    needs: [call-php-unit-tests, call-owasp-security-checks]
     runs-on: ubuntu-latest
     steps:
-      - name: Download all coverage reports
+      - name: Create directories
+        run: |
+          mkdir -p public/coverage
+          mkdir -p public/security
+
+      - name: Download coverage reports
         uses: actions/download-artifact@v4
         with:
           pattern: 'coverage-*'
-          path: public/coverage
+          path: public/coverage-temp
+          merge-multiple: false
+
+      - name: Download security reports
+        uses: actions/download-artifact@v4
+        with:
+          pattern: 'security-report-*'
+          path: public/security-temp
           merge-multiple: false
 
-      - name: Upload coverage artifact
+      - name: Fix directory structure
+        run: |
+          # Fix coverage reports
+          for module in zmsadmin zmscalldisplay zmscitizenapi zmsdldb zmsentities zmsmessaging zmsslim zmsstatistic zmsticketprinter zmsapi zmsdb zmsclient; do
+            if [ -d "public/coverage-temp/coverage-$module" ]; then
+              mkdir -p "public/coverage/coverage-$module"
+              mv "public/coverage-temp/coverage-$module"/* "public/coverage/coverage-$module/"
+            fi
+          done
+          rm -rf public/coverage-temp
+
+          # Fix security reports
+          for module in zmsadmin zmscalldisplay zmscitizenapi zmsdldb zmsentities zmsmessaging zmsslim zmsstatistic zmsticketprinter zmsapi zmsdb zmsclient; do
+            if [ -f "public/security-temp/security-report-$module/dependency-check-report.html" ]; then
+              mkdir -p "public/security/security-report-$module"
+              mv "public/security-temp/security-report-$module/dependency-check-report.html" "public/security/security-report-$module/"
+            fi
+          done
+          rm -rf public/security-temp
+
+      - name: Debug - List final structure
+        run: |
+          echo "=== Final Coverage Structure ==="
+          ls -R public/coverage/
+          echo "=== Final Security Structure ==="
+          ls -R public/security/
+
+      - name: Upload aggregated reports
         uses: actions/upload-artifact@v4
         with:
-          name: coverage-reports
-          path: public/coverage/
+          name: aggregated-reports
+          path: public/
           retention-days: 7
 
   call-build-api-docs:
     uses: ./.github/workflows/build-api-docs.yaml
 
+  generate-schema-diagrams:
+    uses: ./.github/workflows/generate-schema-diagrams.yaml
+
   deploy-to-pages:
-    needs: [combine-php-test-coverage, call-build-api-docs]
-    if: needs.call-build-api-docs.result == 'success'
+    needs: [aggregate-reports, call-build-api-docs, generate-schema-diagrams]
+    if: |
+      needs.call-build-api-docs.result == 'success' &&
+      needs.aggregate-reports.result == 'success' &&
+      needs.generate-schema-diagrams.result == 'success'
     uses: ./.github/workflows/deploy-pages.yaml
     with:
-      coverage_artifact: coverage-reports
+      coverage_artifact: aggregated-reports
       api_docs_artifact: api-docs
+      security_artifact: aggregated-reports
+      git_commit: ${{ github.sha }}
+      git_branch: ${{ github.ref_name }}
 
   call-php-build-images:
     needs: [call-php-code-quality, call-php-unit-tests]

diff --git a/.github/workflows/combined-workflow.yaml b/.github/workflows/combined-workflow.yaml
@@ -16,6 +16,9 @@ jobs:
   call-php-unit-tests:
     uses: ./.github/workflows/php-unit-tests.yaml
 
+  call-owasp-security-checks:
+    uses: ./.github/workflows/owasp-security-checks.yaml
+
   call-php-build-images:
     needs: [call-php-code-quality, call-php-unit-tests]
     if: |

diff --git a/.github/workflows/deploy-pages.yaml b/.github/workflows/deploy-pages.yaml
@@ -13,10 +13,24 @@ on:
         required: true
         type: string
         default: 'api-docs'
+      security_artifact:
+        description: 'Name of the security reports artifact'
+        required: true
+        type: string
+        default: 'security-reports'
+      git_commit:
+        description: 'Git commit hash'
+        required: true
+        type: string
+      git_branch:
+        description: 'Git branch name'
+        required: true
+        type: string
 
 permissions:
   pages: write
   id-token: write
+  contents: read
 
 concurrency:
   group: "pages"
@@ -32,18 +46,30 @@ jobs:
       - name: Create public directory
         run: mkdir -p public
 
+      - name: Download schema diagrams
+        uses: actions/download-artifact@v4
+        with:
+          name: schema-diagrams
+          path: public/diagrams
+
       - name: Download coverage reports
         uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.coverage_artifact }}
-          path: public/coverage
+          path: public
 
       - name: Download API docs
         uses: actions/download-artifact@v4
         with:
           name: ${{ inputs.api_docs_artifact }}
           path: public
 
+      - name: Download security reports
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.security_artifact }}
+          path: public
+
       - name: Create index page
         run: |
           cat > public/index.html <<'EOL'
@@ -98,6 +124,13 @@ jobs:
                 a:hover {
                   text-decoration: underline;
                 }
+                .footer {
+                  margin-top: 2rem;
+                  padding-top: 1rem;
+                  border-top: 1px solid #eaecef;
+                  color: #586069;
+                  font-size: 12px;
+                }
               </style>
             </head>
             <body>
@@ -107,8 +140,10 @@ jobs:
                 <div class="card">
                   <h2>API Documentation</h2>
                   <ul>
-                    <li><a href="https://it-at-m.github.io/eappointment/zmscitizenapi/public/doc/index.html">Zmscitizenapi API Documentation</a></li>
+                    <li><a href="https://it-at-m.github.io/eappointment/zmscitizenapi/public/doc/index.html">Zmscitizenapi Documentation</a></li>
                     <li><a href="https://it-at-m.github.io/eappointment/zmsapi/public/doc/index.html">Zmsapi Documentation</a></li>
+                    <li><a href="diagrams/zmscitizenapi.html">Zmscitizenapi Schema</a></li>
+                    <li><a href="diagrams/zmsapi.html">Zmsapi Schema</a></li>
                   </ul>
                 </div>
 
@@ -129,13 +164,58 @@ jobs:
                     <li><a href="coverage/coverage-zmsclient/html/">Zmsclient Coverage</a></li>
                   </ul>
                 </div>
+
+                <div class="card">
+                  <h2>OWASP Security Reports</h2>
+                  <ul>
+                    <li><a href="security/security-report-zmsadmin/dependency-check-report.html">Zmsadmin Security Report</a></li>
+                    <li><a href="security/security-report-zmscalldisplay/dependency-check-report.html">Zmscalldisplay Security Report</a></li>
+                    <li><a href="security/security-report-zmscitizenapi/dependency-check-report.html">Zmscitizenapi Security Report</a></li>
+                    <li><a href="security/security-report-zmsdldb/dependency-check-report.html">Zmsdldb Security Report</a></li>
+                    <li><a href="security/security-report-zmsentities/dependency-check-report.html">Zmsentities Security Report</a></li>
+                    <li><a href="security/security-report-zmsmessaging/dependency-check-report.html">Zmsmessaging Security Report</a></li>
+                    <li><a href="security/security-report-zmsslim/dependency-check-report.html">Zmsslim Security Report</a></li>
+                    <li><a href="security/security-report-zmsstatistic/dependency-check-report.html">Zmsstatistic Security Report</a></li>
+                    <li><a href="security/security-report-zmsticketprinter/dependency-check-report.html">Zmsticketprinter Security Report</a></li>
+                    <li><a href="security/security-report-zmsapi/dependency-check-report.html">Zmsapi Security Report</a></li>
+                    <li><a href="security/security-report-zmsdb/dependency-check-report.html">Zmsdb Security Report</a></li>
+                    <li><a href="security/security-report-zmsclient/dependency-check-report.html">Zmsclient Security Report</a></li>
+                    <li><a href="security/zap/zap-scan-report.html">ZAP Scan Reports</a></li>
+                  </ul>
+                </div>
+              </div>
+              <div class="footer">
+                Generated from branch <a href="https://github.com/it-at-m/eappointment/tree/${{ inputs.git_branch }}">${{ inputs.git_branch }}</a> at commit <a href="https://github.com/it-at-m/eappointment/commit/${{ inputs.git_commit }}">${{ inputs.git_commit }}</a>
               </div>
             </body>
           </html>
           EOL
 
+      - name: Download coverage reports
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.coverage_artifact }}
+          path: public
+
+      - name: Download API docs
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.api_docs_artifact }}
+          path: public
+
+      - name: Download security reports
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.security_artifact }}
+          path: public
+
+      - name: Debug - List directory structure
+        run: |
+          echo "=== Directory Structure ==="
+          ls -R public/
+
       - name: Setup Pages
-        uses: actions/configure-pages@v4
+        uses: actions/configure-pages@v5
 
       - name: Upload Pages artifact
         uses: actions/upload-pages-artifact@v3