From 7b7ad932160df1f516933a79145dbcbfd5529337 Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 25 Sep 2023 11:08:26 -0700
Subject: [PATCH 1/6] Move penetration tests to a weekly cronjob

---
 .github/workflows/pentests.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/pentests.yml

diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
new file mode 100644
index 000000000..521ed7a61
--- /dev/null
+++ b/.github/workflows/pentests.yml
@@ -0,0 +1,29 @@
+name: Penetration Tests
+
+on:
+  schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  zap_scan:
+    name: Penetration Tests
+    env:
+      DOMAIN: apps.silver.devops.gov.bc.ca
+      PREFIX: ${{ github.event.repository.name }}-test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        name: [backend-dops, backend-vehicles, frontend]
+    steps:
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.7.0
+        with:
+          allow_issue_writing: true
+          artifact_name: "zap_${{ matrix.name }}"
+          cmd_options: "-a"
+          issue_title: "ZAP: ${{ matrix.name }}"
+          target: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }}

From b646b17bc443a1e10dc57166ee2a9f7e8f37dff8 Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 25 Sep 2023 11:09:30 -0700
Subject: [PATCH 2/6] Remove other references to penetration tests

---
 .github/workflows/deploy.yml     | 12 ------------
 .github/workflows/merge-main.yml |  2 --
 .github/workflows/pr-open.yml    |  2 +-
 3 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 1bbf12331..1a26c5036 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -14,11 +14,6 @@ on:
         default: 'test'
         required: true
         type: string
-      penetration_test:
-        description: 'If penetration test is required'
-        default: false
-        required: true
-        type: boolean
       vault_zone:
         description: 'Which vault zone to use'
         default: 'dev'
@@ -46,11 +41,6 @@ on:
         default: 'test'
         required: true
         type: string
-      penetration_test:
-        description: 'If penetration test is required'
-        default: false
-        required: true
-        type: boolean
       vault_zone:
         description: 'Which vault zone to use'
         default: 'dev'
@@ -168,5 +158,3 @@ jobs:
             -p MOTIPAY_MERCHANT_ID=${{steps.vault.outputs.VAULT_MOTIPAY_MERCHANT_ID}}
             -p MOTIPAY_BASE_URL=${{steps.vault.outputs.VAULT_MOTIPAY_BASE_URL}}
             ${{ matrix.parameters }}
-          penetration_test: ${{ github.event_name != 'pull_request'}}
-          penetration_test_issue: ${{ matrix.name }}
diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
index 837405abc..53f65afc9 100644
--- a/.github/workflows/merge-main.yml
+++ b/.github/workflows/merge-main.yml
@@ -69,7 +69,6 @@ jobs:
     with:
       environment: 'test'
       imagetag: 'latest'  # we promote AFTER successful deploy of candidate
-      penetration_test: true
       vault_zone: 'test'
       zone: 'test'
     secrets: inherit
@@ -192,7 +191,6 @@ jobs:
     with:
       environment: 'prod'
       imagetag: 'test'
-      penetration_test: false
       vault_zone: 'prod'
       zone: 'prod'
     secrets: inherit
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index 657c5e604..8ce9f1aeb 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -33,6 +33,7 @@ jobs:
 
             Once merged, code will be promoted and handed off to following workflow run.
             [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)
+
   builds:
     name: Builds
     runs-on: ubuntu-22.04
@@ -66,7 +67,6 @@ jobs:
     with:
       environment: 'dev'
       imagetag: ${{ github.event.number }}
-      penetration_test: false
       vault_zone: 'dev'
       zone: ${{ github.event.number }}
     secrets: inherit

From 7735d659cb84b1cb33e5d42ff0f106dde28c879e Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 25 Sep 2023 11:10:37 -0700
Subject: [PATCH 3/6] Test

---
 .github/workflows/pentests.yml | 1 +
 .github/workflows/pr-open.yml  | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
index 521ed7a61..8ba41c96a 100644
--- a/.github/workflows/pentests.yml
+++ b/.github/workflows/pentests.yml
@@ -1,6 +1,7 @@
 name: Penetration Tests
 
 on:
+  pull_request:
   schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays
   workflow_dispatch:
 
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index 8ce9f1aeb..b94b578a8 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -1,7 +1,8 @@
 name: Pull Request
 
 on:
-  pull_request:
+  workflow_dispatch:
+  # pull_request:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

From 4b574990828b19a24b24314583d29d5b95fa2f18 Mon Sep 17 00:00:00 2001
From: Chris Berg <chris.berg@aot-technologies.com>
Date: Wed, 27 Sep 2023 15:54:21 -0700
Subject: [PATCH 4/6] changed path name

---
 .github/workflows/pentests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
index 8ba41c96a..04281992f 100644
--- a/.github/workflows/pentests.yml
+++ b/.github/workflows/pentests.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        name: [backend-dops, backend-vehicles, frontend]
+        name: [backend/dops, backend/vehicles, frontend]
     steps:
       - name: ZAP Scan
         uses: zaproxy/action-full-scan@v0.7.0

From b111067d960f2436877d10789920a0a74c68a76f Mon Sep 17 00:00:00 2001
From: Chris Berg <chris.berg@aot-technologies.com>
Date: Wed, 27 Sep 2023 16:08:59 -0700
Subject: [PATCH 5/6] changed path name

---
 .github/workflows/pentests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
index 04281992f..8ba41c96a 100644
--- a/.github/workflows/pentests.yml
+++ b/.github/workflows/pentests.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        name: [backend/dops, backend/vehicles, frontend]
+        name: [backend-dops, backend-vehicles, frontend]
     steps:
       - name: ZAP Scan
         uses: zaproxy/action-full-scan@v0.7.0

From 5db4d4debcaaa47711c3c45b3193ea1dedf6b922 Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Thu, 28 Sep 2023 15:24:53 -0700
Subject: [PATCH 6/6] Restore workflows

---
 .github/workflows/pentests.yml | 1 -
 .github/workflows/pr-open.yml  | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
index 8ba41c96a..521ed7a61 100644
--- a/.github/workflows/pentests.yml
+++ b/.github/workflows/pentests.yml
@@ -1,7 +1,6 @@
 name: Penetration Tests
 
 on:
-  pull_request:
   schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays
   workflow_dispatch:
 
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index b94b578a8..8ce9f1aeb 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -1,8 +1,7 @@
 name: Pull Request
 
 on:
-  workflow_dispatch:
-  # pull_request:
+  pull_request:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}