SSL/TLS scans #1020

	name: SSL/TLS scans

	on:
	schedule:
	- cron: '34 2 * * *'
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	tls:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	tls-version:
	- "1.2"
	- "1.3"
	url:
	- michalspacek.cz
	steps:
	- name: Check TLS ${{ matrix.tls-version }} is available
	run: \|
	curl \
	--verbose \
	--silent \
	--output /dev/null \
	--user-agent "GitHub Actions TLS check" \
	--tls-max ${{ matrix.tls-version }} \
	--tlsv${{ matrix.tls-version }} \
	https://${{ matrix.url }}/

	testssl:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	url:
	- michalspacek.cz
	steps:
	- name: testssl.sh scan
	uses: mbogh/test-ssl-action@6bad4e83e29bca36d5570a00736a0b9d63e52643 # v3.0.2
	with:
	host: ${{ matrix.url }}
	- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
	if: always()
	with:
	name: testssl.sh reports
	path: 'output/*'

	certmonitor:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	php-version:
	- "8.3"
	steps:
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
	with:
	coverage: none
	php-version: ${{ matrix.php-version }}
	- run: php site/bin/certmonitor.php --colors --no-ipv6
	env:
	CERTMONITOR_USER: ${{ secrets.CERTMONITOR_USER }}
	CERTMONITOR_KEY: ${{ secrets.CERTMONITOR_KEY }}

	heartbeat:
	runs-on: ubuntu-latest
	if: always()
	needs:
	- tls
	- testssl
	- certmonitor
	steps:
	- run: curl --no-progress-meter ${{ secrets.SSLTLSSCANS_HEARTBEAT_URL }}

Provide feedback