separate functional and security test

.github/workflows/API-Provider-CI.yaml

@@ -30,7 +30,7 @@ jobs:
           file_glob: 'apis/*.yaml'
           spectral_ruleset: '.spectral.yaml'
 
-  test-api:
+  functional-test-api:
     needs: lint-api
     runs-on: ubuntu-latest
     steps:
@@ -54,4 +54,29 @@ jobs:
           PROJECT_FOLDER: ReadyAPI-Tests
           PROJECT_FILE: 'secure-by-design-readyapi-project.xml'
           SLM_API_KEY: ${{ secrets.SLM_API_KEY }} 
-          ENDPOINT: http://0.0.0.0:8000
+          ENDPOINT: http://0.0.0.0:8000
+
+  security-test-api:
+    needs: [lint-api, functional-test-api]
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@main
+      - name: Setup the stack
+        run: docker-compose up -d
+      - name: Get Container Name
+        id: get-container
+        run: |
+          CONTAINER_ID=$(docker ps -aqf "name=webinar-security-by-design_web_1")
+          echo "::set-output name=container_id::$CONTAINER_ID"
+      - name: Migrate DB and Seed within ${{ steps.get-container.outputs.container_id }}
+        run: |
+          docker exec -t ${{ steps.get-container.outputs.container_id }} alembic upgrade heads
+          docker exec ${{ steps.get-container.outputs.container_id }} python src/fixtures.py
+      - name: Test local
+        run: chmod ugo+rwx ReadyAPI-Tests && ./launchReadyAPISecurityRunner.sh
+        env:
+          PROJECT_FOLDER: ReadyAPI-Tests
+          PROJECT_FILE: 'secure-by-design-readyapi-project.xml'
+          SLM_API_KEY: ${{ secrets.SLM_API_KEY }} 
+          ENDPOINT: http://0.0.0.0:8000          

launchReadyAPISecurityRunner.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+## ACC
+# ENDPOINT=https://sbdevrel-fua-smartbearcoin-acc.azurewebsites.net/api/payees
+## PROD
+# ENDPOINT=https://sbdevrel-fua-smartbearcoin-prd.azurewebsites.net/api/payees
+
+ENDPOINT=${ENDPOINT:-'http://0.0.0.0:8000'}
+PROJECT_FOLDER=${PROJECT_FOLDER:-'ReadyAPI-Tests'}
+PROJECT_FILE=${PROJECT_FILE:-'secure-by-design-readyapi-project.xml'}
+
+MISSING=()
+[ ! "$PROJECT_FOLDER" ] && MISSING+=("PROJECT_FOLDER")
+[ ! "$PROJECT_FILE" ] && MISSING+=("PROJECT_FILE")
+[ ! "$ENDPOINT" ] && MISSING+=("ENDPOINT")
+[ ! "$SLM_API_KEY" ] && MISSING+=("SLM_API_KEY")
+
+case $(uname -sm) in
+'Darwin x86' | 'Darwin x86_64' | 'Darwin arm64' | 'Windows')
+    ENDPOINT=${ENDPOINT/localhost/host.docker.internal}
+    ;;
+esac
+if [ ${#MISSING[@]} -gt 0 ]; then
+    echo "ERROR: The following environment variables are not set:"
+    printf '\t%s\n' "${MISSING[@]}"
+    exit 1
+fi
+
+echo "executing security tests for ${PROJECT_FILE}"
+docker run --rm --network="host" \
+    -v=${PWD}/${PROJECT_FOLDER}:/project \
+    -e SLM_LICENSE_SERVER="https://api.slm.manage.smartbear.com:443" \
+    -e API_KEY=${SLM_API_KEY} \
+    -e ENDPOINT=${ENDPOINT} \
+    -e PROJECT_FILE=${PROJECT_FILE} \
+    -e COMMAND_LINE="'-f/project' '-RSecurity Issues Report' -FPDF '-Elocal' /project/${PROJECT_FILE}" \
+    smartbear/readyapi-security-testrunner:latest

launchReadyAPITestRunner.sh

@@ -35,13 +35,3 @@ docker run --rm --network="host" \
     -e PROJECT_FILE=${PROJECT_FILE} \
     -e COMMAND_LINE="'-e${ENDPOINT}' '-f/project' '-RJUnit-Style HTML Report' /project/${PROJECT_FILE}" \
     smartbear/ready-api-soapui-testrunner:latest
-
-echo "executing security tests for ${PROJECT_FILE}"
-docker run --rm --network="host" \
-    -v=${PWD}/${PROJECT_FOLDER}:/project \
-    -e SLM_LICENSE_SERVER="https://api.slm.manage.smartbear.com:443" \
-    -e API_KEY=${SLM_API_KEY} \
-    -e ENDPOINT=${ENDPOINT} \
-    -e PROJECT_FILE=${PROJECT_FILE} \
-    -e COMMAND_LINE="'-f/project' '-RSecurity Issues Report' -FPDF '-Elocal' /project/${PROJECT_FILE}" \
-    smartbear/readyapi-security-testrunner:latest