pipeline {
  agent any
  environment {
    TARGET_URL = 'https://staging.example.internal'
    OPENAPI_URL = 'https://staging.example.internal/openapi.json'
    AUTH_TOKEN = credentials('zap-api-token')
  }
  stages {
    stage('ZAP AF API Scan') {
      steps {
        sh '''
          mkdir -p reports/zap
          docker run --rm \
            -e TARGET_URL="$TARGET_URL" \
            -e OPENAPI_URL="$OPENAPI_URL" \
            -e AUTH_TOKEN="$AUTH_TOKEN" \
            -v "$PWD/reports/zap:/zap/wrk/reports" \
            -v "$PWD/snippets/zap:/zap/wrk/plans" \
            ghcr.io/zaproxy/zaproxy:stable \
            zap.sh -cmd -autorun /zap/wrk/plans/zap-api-oast-automation-framework.yaml
        '''
      }
      post {
        always {
          archiveArtifacts artifacts: 'reports/zap/**', fingerprint: true
        }
      }
    }
  }
}