Merge pull request #92 from arjundashrath/rcbranch

Add send-insights to Harden-Runner
2026-06-05 19:53:33 +00:00 · 2022-02-12 14:43:12 -08:00 · 2022-02-12 14:43:12 -08:00 · 0a09ef820e
commit 0a09ef820e
parent 532b51543e fd9d17c722
8 changed files with 1723 additions and 12 deletions
--- a/action.yml
+++ b/action.yml
@ -12,6 +12,10 @@ inputs:
  token:
    description: 'Used to avoid github rate limiting'
    default: ${{ github.token }}
+  disable-telemetry:
+    description: 'Disable sending insights to StepSecurity API, can be set to true or false'
+    required: false
+    default: 'false'
 branding:
  icon: 'check-square'  
  color: 'green'
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/pre/agent.service
+++ b/dist/pre/agent.service
@ -12,4 +12,4 @@ SyslogIdentifier=agentservice
 AmbientCapabilities=CAP_NET_BIND_SERVICE, CAP_NET_ADMIN

 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
--- a/dist/pre/index.js
+++ b/dist/pre/index.js
@ -6324,6 +6324,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
            api_url: api_url,
            allowed_endpoints: core.getInput("allowed-endpoints"),
            egress_policy: core.getInput("egress-policy"),
+            disable_telemetry: core.getBooleanInput("disable-telemetry"),
        };
        if (confg.egress_policy !== "audit" && confg.egress_policy !== "block") {
            core.setFailed("egress-policy must be either audit or block");
@ -6331,6 +6332,9 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
        if (confg.egress_policy === "block" && confg.allowed_endpoints === "") {
            core.warning("egress-policy is set to block (default) and allowed-endpoints is empty. No outbound traffic will be allowed for job steps.");
        }
+        if (confg.disable_telemetry !== true && confg.disable_telemetry !== false) {
+            core.setFailed("disable-telemetry must be a boolean value");
+        }
        const confgStr = JSON.stringify(confg);
        external_child_process_.execSync("sudo mkdir -p /home/agent");
        external_child_process_.execSync("sudo chown -R $USER /home/agent");
@ -6339,7 +6343,14 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
        verifyChecksum(downloadPath); // NOTE: verifying agent's checksum, before extracting
        const extractPath = yield tool_cache.extractTar(downloadPath);
        console.log(`Step Security Job Correlation ID: ${correlation_id}`);
-        printInfo(web_url);
+        if (confg.disable_telemetry === false) {
+            printInfo(web_url);
+        }
+        else {
+            if (confg.egress_policy === "audit") {
+                printInfo(web_url);
+            }
+        }
        let cmd = "cp", args = [external_path_.join(extractPath, "agent"), "/home/agent/agent"];
        external_child_process_.execFileSync(cmd, args);
        external_child_process_.execSync("chmod +x /home/agent/agent");
--- a/dist/pre/index.js.map
+++ b/dist/pre/index.js.map
--- a/src/index.ts
+++ b/src/index.ts
@ -1,4 +1,5 @@
 import { printInfo } from "./common";
+import * as core from "@actions/core";

 (async () => {
  if (process.platform !== "linux") {
@ -6,6 +7,11 @@ import { printInfo } from "./common";
    return;
  }

-  var web_url = "https://app.stepsecurity.io";
-  printInfo(web_url);
+  if (core.getBooleanInput("disable-telemetry") === true && core.getInput("egress-policy") === "block"){
+    core.warning("Insights will not be sent to StepSecurity API as disable-telemetry is set to true");
+  }
+  else{
+    var web_url = "https://app.stepsecurity.io";
+    printInfo(web_url);
+  }
 })();
--- a/src/setup.ts
+++ b/src/setup.ts
@ -39,6 +39,7 @@ import {verifyChecksum} from "./checksum"
      api_url: api_url,
      allowed_endpoints: core.getInput("allowed-endpoints"),
      egress_policy: core.getInput("egress-policy"),
+      disable_telemetry: core.getBooleanInput("disable-telemetry"),
    };

    if (confg.egress_policy !== "audit" && confg.egress_policy !== "block") {
@ -51,6 +52,10 @@ import {verifyChecksum} from "./checksum"
      );
    }

+    if (confg.disable_telemetry !== true && confg.disable_telemetry !== false) {
+      core.setFailed("disable-telemetry must be a boolean value");
+    }
+
    const confgStr = JSON.stringify(confg);
    cp.execSync("sudo mkdir -p /home/agent");
    cp.execSync("sudo chown -R $USER /home/agent");
@ -64,7 +69,15 @@ import {verifyChecksum} from "./checksum"
    const extractPath = await tc.extractTar(downloadPath);

    console.log(`Step Security Job Correlation ID: ${correlation_id}`);
-    printInfo(web_url);
+    
+    if (confg.disable_telemetry === false){
+      printInfo(web_url);
+    }
+    else{
+      if(confg.egress_policy === "audit"){
+        printInfo(web_url);
+      }
+    }

    let cmd = "cp",
      args = [path.join(extractPath, "agent"), "/home/agent/agent"];