Merge pull request #51 from devopsabcs-engineering/feature/2139-use-app-url-secret-for-scan-target

emmanuelknafo · web-flow · commit 939e2c422a39 · 2026-03-29T19:17:17.000-04:00
fix(workflows): use APP_URL secret for scan target and auto-update on deploy AB#2139
diff --git a/a11y-demo-app-001/.github/workflows/a11y-scan.yml b/a11y-demo-app-001/.github/workflows/a11y-scan.yml
@@ -28,7 +28,7 @@ jobs:
             HTTP_STATUS=$(curl -s -o results/a11y-demo-app-001.sarif -w "%{http_code}" \
               -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
               -H "Content-Type: application/json" \
-              -d '{"url": "https://a11y-demo-app-001-app.azurewebsites.net/", "format": "sarif"}' \
+              -d '{"url": "${{ secrets.APP_URL }}", "format": "sarif"}' \
               --max-time 120)
 
             echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
diff --git a/a11y-demo-app-001/.github/workflows/ci-cd.yml b/a11y-demo-app-001/.github/workflows/ci-cd.yml
@@ -103,6 +103,13 @@ jobs:
           echo "Deployed to: $SITE_URL"
           echo "site_url=$SITE_URL" >> "$GITHUB_OUTPUT"
 
+      - name: Update APP_URL secret
+        env:
+          GH_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
+        run: |
+          gh secret set APP_URL --repo "${{ github.repository }}" --body "${{ steps.deploy-container.outputs.site_url }}"
+          echo "APP_URL secret updated"
+
       - name: Capture deployment screenshot
         run: |
           echo "Waiting for app to warm up..."
diff --git a/a11y-demo-app-002/.github/workflows/a11y-scan.yml b/a11y-demo-app-002/.github/workflows/a11y-scan.yml
@@ -28,7 +28,7 @@ jobs:
             HTTP_STATUS=$(curl -s -o results/a11y-demo-app-002.sarif -w "%{http_code}" \
               -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
               -H "Content-Type: application/json" \
-              -d '{"url": "https://a11y-demo-app-002-app.azurewebsites.net/", "format": "sarif"}' \
+              -d '{"url": "${{ secrets.APP_URL }}", "format": "sarif"}' \
               --max-time 120)
 
             echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
diff --git a/a11y-demo-app-002/.github/workflows/ci-cd.yml b/a11y-demo-app-002/.github/workflows/ci-cd.yml
@@ -103,6 +103,13 @@ jobs:
           echo "Deployed to: $SITE_URL"
           echo "site_url=$SITE_URL" >> "$GITHUB_OUTPUT"
 
+      - name: Update APP_URL secret
+        env:
+          GH_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
+        run: |
+          gh secret set APP_URL --repo "${{ github.repository }}" --body "${{ steps.deploy-container.outputs.site_url }}"
+          echo "APP_URL secret updated"
+
       - name: Capture deployment screenshot
         run: |
           echo "Waiting for app to warm up..."
diff --git a/a11y-demo-app-003/.github/workflows/a11y-scan.yml b/a11y-demo-app-003/.github/workflows/a11y-scan.yml
@@ -28,7 +28,7 @@ jobs:
             HTTP_STATUS=$(curl -s -o results/a11y-demo-app-003.sarif -w "%{http_code}" \
               -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
               -H "Content-Type: application/json" \
-              -d '{"url": "https://a11y-demo-app-003-app.azurewebsites.net/", "format": "sarif"}' \
+              -d '{"url": "${{ secrets.APP_URL }}", "format": "sarif"}' \
               --max-time 120)
 
             echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
diff --git a/a11y-demo-app-003/.github/workflows/ci-cd.yml b/a11y-demo-app-003/.github/workflows/ci-cd.yml
@@ -103,6 +103,13 @@ jobs:
           echo "Deployed to: $SITE_URL"
           echo "site_url=$SITE_URL" >> "$GITHUB_OUTPUT"
 
+      - name: Update APP_URL secret
+        env:
+          GH_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
+        run: |
+          gh secret set APP_URL --repo "${{ github.repository }}" --body "${{ steps.deploy-container.outputs.site_url }}"
+          echo "APP_URL secret updated"
+
       - name: Capture deployment screenshot
         run: |
           echo "Waiting for app to warm up..."
diff --git a/a11y-demo-app-004/.github/workflows/a11y-scan.yml b/a11y-demo-app-004/.github/workflows/a11y-scan.yml
@@ -28,7 +28,7 @@ jobs:
             HTTP_STATUS=$(curl -s -o results/a11y-demo-app-004.sarif -w "%{http_code}" \
               -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
               -H "Content-Type: application/json" \
-              -d '{"url": "https://a11y-demo-app-004-app.azurewebsites.net/", "format": "sarif"}' \
+              -d '{"url": "${{ secrets.APP_URL }}", "format": "sarif"}' \
               --max-time 120)
 
             echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
diff --git a/a11y-demo-app-004/.github/workflows/ci-cd.yml b/a11y-demo-app-004/.github/workflows/ci-cd.yml
@@ -103,6 +103,13 @@ jobs:
           echo "Deployed to: $SITE_URL"
           echo "site_url=$SITE_URL" >> "$GITHUB_OUTPUT"
 
+      - name: Update APP_URL secret
+        env:
+          GH_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
+        run: |
+          gh secret set APP_URL --repo "${{ github.repository }}" --body "${{ steps.deploy-container.outputs.site_url }}"
+          echo "APP_URL secret updated"
+
       - name: Capture deployment screenshot
         run: |
           echo "Waiting for app to warm up..."
diff --git a/a11y-demo-app-005/.github/workflows/a11y-scan.yml b/a11y-demo-app-005/.github/workflows/a11y-scan.yml
@@ -28,7 +28,7 @@ jobs:
             HTTP_STATUS=$(curl -s -o results/a11y-demo-app-005.sarif -w "%{http_code}" \
               -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
               -H "Content-Type: application/json" \
-              -d '{"url": "https://a11y-demo-app-005-app.azurewebsites.net/", "format": "sarif"}' \
+              -d '{"url": "${{ secrets.APP_URL }}", "format": "sarif"}' \
               --max-time 120)
 
             echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
diff --git a/a11y-demo-app-005/.github/workflows/ci-cd.yml b/a11y-demo-app-005/.github/workflows/ci-cd.yml
@@ -103,6 +103,13 @@ jobs:
           echo "Deployed to: $SITE_URL"
           echo "site_url=$SITE_URL" >> "$GITHUB_OUTPUT"
 
+      - name: Update APP_URL secret
+        env:
+          GH_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
+        run: |
+          gh secret set APP_URL --repo "${{ github.repository }}" --body "${{ steps.deploy-container.outputs.site_url }}"
+          echo "APP_URL secret updated"
+
       - name: Capture deployment screenshot
         run: |
           echo "Waiting for app to warm up..."
diff --git a/scripts/bootstrap-demo-apps.ps1 b/scripts/bootstrap-demo-apps.ps1
@@ -236,6 +236,22 @@ foreach ($app in $DemoApps) {
         }
     }
 
+    # Resolve and set APP_URL from Azure deployment (if deployed)
+    $rg = "rg-$($app.Name)"
+    $appUrl = az deployment group show --resource-group $rg --name infra-deploy --query 'properties.outputs.webAppUrl.value' -o tsv 2>$null
+    if ($appUrl) {
+        Write-Host "  Configuring APP_URL ($appUrl)..." -ForegroundColor Gray
+        try {
+            gh secret set APP_URL --repo $fullRepo --body $appUrl
+            Write-Host "  APP_URL configured." -ForegroundColor Green
+        }
+        catch {
+            Write-Host "  Warning: Could not configure APP_URL: $_" -ForegroundColor Yellow
+        }
+    } else {
+        Write-Host "  APP_URL: app not deployed yet, skipping." -ForegroundColor Gray
+    }
+
     # Initialize wiki (required before workflows can push to it)
     if ($OrgAdminToken) {
         Write-Host "  Initializing wiki..." -ForegroundColor Gray
