Updates

dist/post/index.js

@@ -2809,35 +2809,6 @@ module.exports = require("util");
 /******/ 	}
 /******/ 	
 /************************************************************************/
-/******/ 	/* webpack/runtime/compat get default export */
-/******/ 	(() => {
-/******/ 		// getDefaultExport function for compatibility with non-harmony modules
-/******/ 		__nccwpck_require__.n = (module) => {
-/******/ 			var getter = module && module.__esModule ?
-/******/ 				() => (module['default']) :
-/******/ 				() => (module);
-/******/ 			__nccwpck_require__.d(getter, { a: getter });
-/******/ 			return getter;
-/******/ 		};
-/******/ 	})();
-/******/ 	
-/******/ 	/* webpack/runtime/define property getters */
-/******/ 	(() => {
-/******/ 		// define getter functions for harmony exports
-/******/ 		__nccwpck_require__.d = (exports, definition) => {
-/******/ 			for(var key in definition) {
-/******/ 				if(__nccwpck_require__.o(definition, key) && !__nccwpck_require__.o(exports, key)) {
-/******/ 					Object.defineProperty(exports, key, { enumerable: true, get: definition[key] });
-/******/ 				}
-/******/ 			}
-/******/ 		};
-/******/ 	})();
-/******/ 	
-/******/ 	/* webpack/runtime/hasOwnProperty shorthand */
-/******/ 	(() => {
-/******/ 		__nccwpck_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))
-/******/ 	})();
-/******/ 	
 /******/ 	/* webpack/runtime/make namespace object */
 /******/ 	(() => {
 /******/ 		// define __esModule on exports

package.json

@@ -1,49 +1,4 @@
 {
-<<<<<<< HEAD
-    "name": "step-security-harden-runner",
-    "version": "0.1.0",
-    "description": "GitHub Actions Runtime Security",
-    "main": "index.js",
-    "scripts": {
-        "build": "npm run main && npm run pre && npm run post",
-        "main": "ncc build src/index.ts --source-map",
-        "pre": "ncc build src/setup.ts --source-map -o dist/pre",
-        "post": "ncc build src/cleanup.ts --source-map -o dist/post",
-        "lint": "eslint src/**/*.ts"
-    },
-    "repository": {
-        "type": "git",
-        "url": "git+https://github.com/step-security/harden-runner.git"
-    },
-    "keywords": [],
-    "author": "Varun Sharma",
-    "license": "Apache License 2.0",
-    "bugs": {
-        "url": "https://github.com/step-security/harden-runner/issues"
-    },
-    "homepage": "https://github.com/step-security/harden-runner#readme",
-    "dependencies": {
-        "@actions/core": "^1.5.0",
-        "@actions/exec": "^1.1.0",
-        "@actions/github": "^5.0.0",
-        "@actions/http-client": "^1.0.11",
-        "node-fetch": "^2.6.1",
-        "uuid": "^8.3.2"
-    },
-    "devDependencies": {
-        "@types/jest": "^27.0.1",
-        "@types/node": "^16.9.0",
-        "@typescript-eslint/eslint-plugin": "^4.29.2",
-        "@typescript-eslint/parser": "^4.29.2",
-        "@vercel/ncc": "^0.30.0",
-        "eslint": "^7.32.0",
-        "eslint-config-google": "^0.14.0",
-        "jest": "^26.6.3",
-        "jest-junit": "^12.2.0",
-        "ts-jest": "^26.5.6",
-        "typescript": "^4.3.5"
-    }
-=======
   "name": "step-security-harden-runner",
   "version": "2.6.1",
   "description": "Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches",
@@ -94,5 +49,4 @@
     "ts-node": "^10.9.1",
     "typescript": "^4.3.5"
   }
->>>>>>> main
 }

src/cleanup.ts

@@ -1,12 +1,8 @@
 import * as fs from "fs";
-<<<<<<< HEAD
-import * as core from "@actions/core";
-=======
 import * as cp from "child_process";
 import * as common from "./common";
 import isDocker from "is-docker";
 import { arcCleanUp, isArcRunner, removeStepPolicyFiles } from "./arc-runner";
->>>>>>> main
 
 (async () => {
   if (process.platform !== "linux") {
@@ -73,15 +69,6 @@ import { arcCleanUp, isArcRunner, removeStepPolicyFiles } from "./arc-runner";
     console.log(content);
   }
 
-<<<<<<< HEAD
-  // write annotations
-  var annotationsFile = "/home/agent/annotation.log";
-  if (fs.existsSync(annotationsFile)) {
-    var content = fs.readFileSync(annotationsFile, "utf-8");
-    content.split(/\r?\n/).forEach((line) => {
-      core.error(line);
-    });
-=======
   var disable_sudo = process.env.STATE_disableSudo;
   if (disable_sudo !== "true") {
     var journalLog = cp.execSync("sudo journalctl -u agent.service", {
@@ -95,7 +82,6 @@ import { arcCleanUp, isArcRunner, removeStepPolicyFiles } from "./arc-runner";
     await common.addSummary();
   } catch (exception) {
     console.log(exception);
->>>>>>> main
   }
 })();
 

src/setup.ts

@@ -1,16 +1,9 @@
 import * as core from "@actions/core";
-<<<<<<< HEAD
-import { context } from "@actions/github";
-=======
->>>>>>> main
 import * as cp from "child_process";
 import * as fs from "fs";
 import * as httpm from "@actions/http-client";
 import * as path from "path";
 import { v4 as uuidv4 } from "uuid";
-<<<<<<< HEAD
-import * as httpm from "@actions/http-client";
-=======
 import * as common from "./common";
 import * as tc from "@actions/tool-cache";
 import { verifyChecksum } from "./checksum";
@@ -30,7 +23,6 @@ import * as cache from "@actions/cache";
 import { getCacheEntry } from "@actions/cache/lib/internal/cacheHttpClient";
 import * as utils from "@actions/cache/lib/internal/cacheUtils";
 import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
->>>>>>> main
 
 (async () => {
   try {
@@ -44,9 +36,9 @@ import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
     }
 
     var correlation_id = uuidv4();
-    var env = "agent";
+    var env = "int";
     var api_url = `https://${env}.api.stepsecurity.io/v1`;
-    var web_url = "https://app.stepsecurity.io";
+    var web_url = "https://int1.stepsecurity.io";
 
     let confg: Configuration = {
       repo: process.env["GITHUB_REPOSITORY"],
@@ -56,17 +48,6 @@ import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
       api_url: api_url,
       allowed_endpoints: core.getInput("allowed-endpoints"),
       egress_policy: core.getInput("egress-policy"),
-<<<<<<< HEAD
-      disable_sudo: core.getBooleanInput("disable-sudo"),
-      disable_file_monitoring: core.getBooleanInput("disable-file-monitoring"),
-      private: context.payload.repository.private,
-    };
-
-    let _http = new httpm.HttpClient();
-    await _http.get(
-      `${api_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}/monitor`
-    );
-=======
       disable_telemetry: core.getBooleanInput("disable-telemetry"),
       disable_sudo: core.getBooleanInput("disable-sudo"),
       disable_file_monitoring: core.getBooleanInput("disable-file-monitoring"),
@@ -209,7 +190,6 @@ import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
       console.log(common.HARDEN_RUNNER_UNAVAILABLE_MESSAGE);
       return;
     }
->>>>>>> main
 
     const confgStr = JSON.stringify(confg);
     cp.execSync("sudo mkdir -p /home/agent");
@@ -220,16 +200,11 @@ import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
     let auth = `token ${token}`;
 
     const downloadPath: string = await tc.downloadTool(
-      "https://github.com/step-security/agent/releases/download/v0.13.5/agent_0.13.5_linux_amd64.tar.gz",
-      undefined,
-      auth
+      `https://step-security-agent.s3.us-west-2.amazonaws.com/refs/heads/${env}/agent`
     );
 
-    verifyChecksum(downloadPath); // NOTE: verifying agent's checksum, before extracting
-    const extractPath = await tc.extractTar(downloadPath);
-
     let cmd = "cp",
-      args = [path.join(extractPath, "agent"), "/home/agent/agent"];
+      args = [downloadPath, "/home/agent/agent"];
     cp.execFileSync(cmd, args);
     cp.execSync("chmod +x /home/agent/agent");