From 7887eed89112ff4bd1465cc56719acef8a683bb4 Mon Sep 17 00:00:00 2001
From: Carlo Costino <carlo.costino@gsa.gov>
Date: Tue, 26 Sep 2023 11:35:19 -0400
Subject: [PATCH 1/3] Fix the dynamic-scan job

This PR fixes the dynamic-scan job, which is now failing in our PR checks due to missing environment variables.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
---
 .github/workflows/checks.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index dfa48c934..05db0ed10 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -123,6 +123,10 @@ jobs:
         run: make bootstrap
         env:
           SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
+          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
       - name: Run server
         run: make run-flask &
         env:

From 455b6071ba41f2317c306a1e74e969e3d1e0b7f1 Mon Sep 17 00:00:00 2001
From: Carlo Costino <carlo.costino@gsa.gov>
Date: Tue, 26 Sep 2023 12:09:03 -0400
Subject: [PATCH 2/3] Updated ZAP Action config to match recent changes

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
---
 .github/workflows/checks.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 05db0ed10..109991619 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -132,9 +132,9 @@ jobs:
         env:
           SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
       - name: Run OWASP Baseline Scan
-        uses: zaproxy/action-api-scan@v0.4.0
+        uses: zaproxy/action-api-scan@v0.5.0
         with:
-          docker_name: 'owasp/zap2docker-stable'
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
           target: 'http://localhost:6011/docs/openapi.yml'
           fail_action: true
           allow_issue_writing: false

From 5e0ba6a672334581d0ec41b28d44c72888a9e58a Mon Sep 17 00:00:00 2001
From: Carlo Costino <carlo.costino@gsa.gov>
Date: Tue, 26 Sep 2023 15:47:37 -0400
Subject: [PATCH 3/3] Trying ZAP weekly release instead of stable

I noticed that a previous scan yesterday had referenced the weekly releases under the hood despite being configured for stable.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
---
 .github/workflows/checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 109991619..08634f6e3 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -134,7 +134,7 @@ jobs:
       - name: Run OWASP Baseline Scan
         uses: zaproxy/action-api-scan@v0.5.0
         with:
-          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          docker_name: 'ghcr.io/zaproxy/zaproxy:weekly'
           target: 'http://localhost:6011/docs/openapi.yml'
           fail_action: true
           allow_issue_writing: false