.github/workflows/run_security_checks.yml

name: Run security tests
on:
  schedule:
    - cron: "0 0 * * 1" # Joka maanantai kello 00:00
  workflow_dispatch:
env:
  DOCKER_BUILDKIT: 1
jobs:
  run_owasp_and_snyk:
    name: Run owasp and snyk checks
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v4

      - name: Set up Java 8
        uses: actions/setup-java@v4
        with:
          java-version: '8'
          architecture: 'x64'
          distribution: 'zulu'

      - name: Setup Node 20
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Cache Maven packages
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Cache Node modules
        uses: actions/cache@v4
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-

      - name: Run owasp
        run: |
          cd parser
          make owasp

      - name: Archive OWASP results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: owasp-report
          path: parser/target/dependency-check-report.html

      - name: Run snyk
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        run: |
          make snyk

      - name: Report failure
        uses: ravsamhq/notify-slack-action@95a35215cdf7ab510d2cdd20ae94f342d212a1a1
        if: ${{ failure() }}
        with:
          status: ${{ job.status }}
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}