From 7afeffdf3c9fdfeed10e5c17a12e35b0524f71d6 Mon Sep 17 00:00:00 2001
From: jjfwang <jjfwang@outlook.com>
Date: Sat, 30 Mar 2024 17:01:15 +0800
Subject: [PATCH 1/3] add github actions

---
 .github/workflows/build.yml | 69 +++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..4b86e6eba
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,69 @@
+name: Bitcoin order App
+on:
+  push:
+    branches:
+      - githubcicd
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: browser-actions/setup-chrome@latest
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Cache node modules
+        id: cache-nodemodules
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-node-modules
+        with:
+          # caching node_modules
+          path: node_modules
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: |
+          npm ci --force
+      - name: Build
+        run: |
+          npm run build --force
+      - name: Lint
+        run: |
+          npm run lint
+      - name: Update types to latest
+        run: |
+          npm install --save-dev @types/node@latest --force
+      #- name: Test
+      #  run: |
+      #    npm run test --watch=false --browsers=ChromeHeadless
+      - name: Conventional Changelog Action
+        id: changelog
+        uses: TriPSs/conventional-changelog-action@v3
+        with:
+          github-token: ${{ secrets.WORKSHOP6_GITHUB_TOKEN }}
+          output-file: "false"
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        if: ${{ steps.changelog.outputs.skipped == 'false' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.WORKSHOP6_GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.changelog.outputs.tag }}
+          release_name: ${{ steps.changelog.outputs.tag }}
+          body: ${{ steps.changelog.outputs.clean_changelog }}
+      - name: Deploy
+        run: |
+          npm run deploy

From 09dfa5eeca75d3a5de465f0ed9d6464f20d5580f Mon Sep 17 00:00:00 2001
From: jjfwang <jjfwang@outlook.com>
Date: Sat, 6 Apr 2024 14:46:27 +0800
Subject: [PATCH 2/3] lint, dast,sast

---
 scripts/jshint-script.sh | 5 +++++
 scripts/zap-script.sh    | 6 ++++++
 2 files changed, 11 insertions(+)
 create mode 100644 scripts/jshint-script.sh
 create mode 100644 scripts/zap-script.sh

diff --git a/scripts/jshint-script.sh b/scripts/jshint-script.sh
new file mode 100644
index 000000000..d5eb9c01b
--- /dev/null
+++ b/scripts/jshint-script.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+jshint --exclude="node_modules/" --reporter=unix . > JSHint-report
+
+echo $? > /dev/null
diff --git a/scripts/zap-script.sh b/scripts/zap-script.sh
new file mode 100644
index 000000000..032ed20d1
--- /dev/null
+++ b/scripts/zap-script.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+docker pull owasp/zap2docker-stable
+docker run -i owasp/zap2docker-stable zap-baseline.py -t "https://kenken64.github.io/bitcoin-order-app/" -l PASS > zap_baseline_report.html
+
+echo $? > /dev/null

From 7b807088a4eddf2f7db6f942eda7cd0d84d1674e Mon Sep 17 00:00:00 2001
From: jjfwang <jjfwang@outlook.com>
Date: Sat, 6 Apr 2024 15:09:41 +0800
Subject: [PATCH 3/3] Lint, Dast, Sast

---
 .github/workflows/lint.yml      | 40 +++++++++++++++++++++++++++++++++
 .github/workflows/sast-scan.yml | 38 +++++++++++++++++++++++++++++++
 .github/workflows/zap-scan.yml  | 32 ++++++++++++++++++++++++++
 3 files changed, 110 insertions(+)
 create mode 100644 .github/workflows/lint.yml
 create mode 100644 .github/workflows/sast-scan.yml
 create mode 100644 .github/workflows/zap-scan.yml

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 000000000..e46267809
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,40 @@
+name: "linting-tool-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: |
+          npm ci --force
+
+      - name: Installing JSHint
+        run: |
+          sudo npm install -g jshint
+
+      - name: Change script permission
+        run: |
+          chmod +x scripts/jshint-script.sh
+
+      - name: Run scan with JSHint
+        run: scripts/jshint-script.sh
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: linting tool report
+          path: |
+            ./JSHint-report
+
diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
new file mode 100644
index 000000000..285c238bd
--- /dev/null
+++ b/.github/workflows/sast-scan.yml
@@ -0,0 +1,38 @@
+name: "sast-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: |
+          npm ci --force
+
+      - name: OWASP Dependency Check
+        run: |
+          wget https://github.com/jeremylong/DependencyCheck/releases/download/v7.2.0/dependency-check-7.2.0-release.zip
+          unzip dependency-check-7.2.0-release.zip
+
+      - name: Run scan with ODC
+        run: |
+          dependency-check/bin/dependency-check.sh --project "bitcoin" --scan . > ODC-report
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: sast report
+          path: |
+            ./ODC-report
+
diff --git a/.github/workflows/zap-scan.yml b/.github/workflows/zap-scan.yml
new file mode 100644
index 000000000..5d6cc33a6
--- /dev/null
+++ b/.github/workflows/zap-scan.yml
@@ -0,0 +1,32 @@
+name: "owasp-scan"
+
+on:
+  push:
+    branches: [githubcicd]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Change script permission
+        run: |
+          chmod +x scripts/zap-script.sh
+
+      - name: ZAP scan
+        run: scripts/zap-script.sh
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: zap report
+          path: |
+            ./zap_baseline_report.html
+
+