remnantchat/.github/workflows/security.yml

name: Perform Security Audit with ZAProxy
# Use ZAP Proxy to perform a full scan of the production site.

on:
  # manually trigger workflow
  workflow_dispatch:

  # Listen for Production deployments
  workflow_run:
    workflows: [pages-build-deployment]
    types:
      - completed

jobs:
  zap_scan:
    runs-on: ubuntu-latest
    name: Scan Production Site
    steps:
      - name: Set Date (NOW) as Variable
        id: set-now
        run: |
          echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"          

      - name: Checkout Repo for .zap/rules.tsv
        uses: actions/checkout@v4

      - name: ZAP Full Scan
        # https://github.com/zaproxy/action-full-scan
        uses: zaproxy/action-full-scan@v0.7.0
        with:
          target: 'https://chitchatter.im/'
          rules_file_name: '.zap/rules.tsv'
          artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
          allow_issue_writing: false