-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathazure-pipelines.yml
More file actions
89 lines (74 loc) · 2.72 KB
/
azure-pipelines.yml
File metadata and controls
89 lines (74 loc) · 2.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# You had to add a Library called "Mayhem for API Token" with a secret called 'MAPI_TOKEN' and secret called 'MAYHEM_URL' (or an environment variable) for this pipeline to work.
variables:
- group: "Mayhem for API Token"
trigger:
branches:
include:
- main
pr:
branches:
include:
- main
pool:
vmImage: ubuntu-latest
steps:
- checkout: self
# Create environment to run API
- task: UsePythonVersion@0
inputs:
versionSpec: '3.8'
displayName: 'Set up and use Python 3.8'
- script: |
python -m pip install --upgrade pip
pip install -r requirements.txt
displayName: 'Install dependencies'
# Run unit tests
- script: |
pip install pytest pytest-azurepipelines
pytest
displayName: 'pytest'
# Run API in test mode. We configured test mode to output stacktraces in the error responses to improve the output of Mayhem for API.
- script: coverage run -m uvicorn src.main:app &
env:
FASTAPI_ENV: test
displayName: 'Start API'
# Run Mayhem for API
- script: |
curl -Lo mapi $MAYHEM_URL/cli/mapi/linux-musl/latest/mapi && chmod +x mapi
./mapi run forallsecure-demo/mapi-action-examples/fastapi auto http://localhost:8000/openapi.json \
--url 'http://localhost:8000' \
--sarif $(Build.ArtifactStagingDirectory)/mapi.sarif \
--junit $(Build.ArtifactStagingDirectory)/junit.xml \
--html $(Build.ArtifactStagingDirectory)/mapi.html
env:
MAPI_TOKEN: $(MAPI_TOKEN)
MAYHEM_URL: $(MAYHEM_URL)
continueOnError: "true"
displayName: Run Mayhem for API to check for vulnerabilities
- script: pgrep coverage | xargs kill || true; sleep 1
condition: always()
displayName: 'Stop API'
# Requires installation of SARIF SAST Scans Tab (https://marketplace.visualstudio.com/items?itemName=sariftools.scans)
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'CodeAnalysisLogs'
publishLocation: 'Container'
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: '$(Build.ArtifactStagingDirectory)/junit.xml'
# codecov action requires a coverage.xml file
- script: coverage xml -o $(Build.ArtifactStagingDirectory)/fuzz-coverage.xml
displayName: Generate coverage.xml
# Required for PublishCodeCoverageResults
- task: UseDotNet@2
inputs:
version: 3.1.x
# Publish code coverage results v2 has problems: https://github.com/microsoft/azure-pipelines-tasks/issues/17756
# Publish any of the code coverage results from a build.
- task: PublishCodeCoverageResults@1
inputs:
codeCoverageTool: Cobertura
summaryFileLocation: $(Build.ArtifactStagingDirectory)/*-coverage.xml # string. Required. Path to summary files.
pathToSources: src/ # string. Path to Source files.