From ec5ab2ec27fcb52d0c82c71d2b62d1e1aa4f098e Mon Sep 17 00:00:00 2001
From: ychung-mot <young-jin.chung@dxcas.com>
Date: Mon, 25 Nov 2024 08:48:07 -0800
Subject: [PATCH] chore: zap api

---
 .github/workflows/deploy-dev.yml   |  1 +
 .github/workflows/zap-api-scan.yml | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index f3940548..78e503c5 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -18,6 +18,7 @@ on:
       - crunchydb/**
       - backup-container/**
       - gateway/**
+      - .github/**
 
 jobs:
   test-backend:
diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml
index bf5ae3f9..efc8e313 100644
--- a/.github/workflows/zap-api-scan.yml
+++ b/.github/workflows/zap-api-scan.yml
@@ -7,6 +7,14 @@ on:
         type: string
         description: The URL of the OpenAPI/GraphQL spec
         default: https://dev.strdata.gov.bc.ca/api/swagger/strdata/swagger.json
+      auth_header_name:
+        type: string
+        description: The name of the authentication header
+        default: Authorization
+      auth_header_value:
+        type: string
+        description: The value of the authentication header
+        default: Bearer your_token
 
 jobs:
   zap-api-scan:
@@ -15,6 +23,9 @@ jobs:
     permissions:
       contents: read
       issues: write
+    env:
+      ZAP_AUTH_HEADER_NAME: ${{ github.event.inputs.auth_header_name }}
+      ZAP_AUTH_HEADER_VALUE: ${{ github.event.inputs.auth_header_value }}
 
     steps:
       - name: Checkout