step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 14:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: get job summary from API

Browse source
This commit is contained in:
Varun Sharma 2025-07-13 22:59:51 -07:00
commit 7c7a56fcaa
8 changed files with 117 additions and 250 deletions
Download patch file Download diff file Expand all files Collapse all files

84
dist/index.js vendored
View file

@ -27615,7 +27615,7 @@ var external_fs_ = __nccwpck_require__(5747);
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
;// CONCATENATED MODULE: ./src/common.ts
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@ -27658,14 +27658,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!fs.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
@ -27691,62 +27690,29 @@ function addSummary() {
.write();
return;
}
const content = fs.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
// Fetch job summary from API
const apiUrl = `${STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
}
});
tableEntries = tableEntries.slice(0, 3);
yield core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield core.summary
.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
@ -27871,7 +27837,7 @@ var src_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argu
console.log("Telemetry will not be sent to StepSecurity API as disable-telemetry is set to true");
}
else {
var web_url = configs_STEPSECURITY_WEB_URL;
var web_url = STEPSECURITY_WEB_URL;
printInfo(web_url);
}
}))();

2
dist/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

79
dist/post/index.js vendored
View file

@ -27660,14 +27660,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!external_fs_.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
@ -27691,61 +27690,29 @@ function addSummary() {
.write();
return;
}
const content = external_fs_.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield lib_core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
// Fetch job summary from API
const apiUrl = `${configs_STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
}
});
tableEntries = tableEntries.slice(0, 3);
yield lib_core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield lib_core.summary.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield lib_core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";

2
dist/post/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

95
dist/pre/index.js vendored
View file

@ -87641,8 +87641,8 @@ const parse = dist/* parse */.Qc;
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
;// CONCATENATED MODULE: ./src/common.ts
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@ -87685,14 +87685,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!fs.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
@ -87718,62 +87717,29 @@ function addSummary() {
.write();
return;
}
const content = fs.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
// Fetch job summary from API
const apiUrl = `${STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
}
});
tableEntries = tableEntries.slice(0, 3);
yield core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield core.summary
.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
@ -87855,7 +87821,7 @@ function fetchPolicy(owner, policyName, idToken) {
if (idToken === "") {
throw new Error("[PolicyFetch]: id-token in empty");
}
let policyEndpoint = `${STEPSECURITY_API_URL}/github/${owner}/actions/policies/${policyName}`;
let policyEndpoint = `${configs_STEPSECURITY_API_URL}/github/${owner}/actions/policies/${policyName}`;
let httpClient = new lib.HttpClient();
let headers = {};
headers["Authorization"] = `Bearer ${idToken}`;
@ -87978,7 +87944,7 @@ var tls_inspect_awaiter = (undefined && undefined.__awaiter) || function (thisAr
function isTLSEnabled(owner) {
return tls_inspect_awaiter(this, void 0, void 0, function* () {
let tlsStatusEndpoint = `${STEPSECURITY_API_URL}/github/${owner}/actions/tls-inspection-status`;
let tlsStatusEndpoint = `${configs_STEPSECURITY_API_URL}/github/${owner}/actions/tls-inspection-status`;
let httpClient = new lib.HttpClient();
httpClient.requestOptions = { socketTimeout: 3 * 1000 };
lib_core.info(`[!] Checking TLS_STATUS: ${owner}`);
@ -88140,8 +88106,8 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
return;
}
var correlation_id = v4();
var api_url = STEPSECURITY_API_URL;
var web_url = configs_STEPSECURITY_WEB_URL;
var api_url = configs_STEPSECURITY_API_URL;
var web_url = STEPSECURITY_WEB_URL;
let confg = {
repo: process.env["GITHUB_REPOSITORY"],
run_id: process.env["GITHUB_RUN_ID"],
@ -88297,6 +88263,9 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
external_fs_.appendFileSync(process.env.GITHUB_STATE, `addSummary=${addSummary}${external_os_.EOL}`, {
encoding: "utf8",
});
external_fs_.appendFileSync(process.env.GITHUB_STATE, `correlation_id=${correlation_id}${external_os_.EOL}`, {
encoding: "utf8",
});
console.log(`Step Security Job Correlation ID: ${correlation_id}`);
if (String(statusCode) === STATUS_HARDEN_RUNNER_UNAVAILABLE) {
console.log(HARDEN_RUNNER_UNAVAILABLE_MESSAGE);

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

96
src/common.ts
View file

@ -1,6 +1,6 @@
import * as core from "@actions/core";
import * as fs from "fs";
import { STEPSECURITY_WEB_URL } from "./configs";
import { STEPSECURITY_API_URL, STEPSECURITY_WEB_URL } from "./configs";
export function printInfo(web_url) {
console.log(
@ -59,14 +59,12 @@ export async function addSummary() {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!fs.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
try {
let data = fs.readFileSync("/home/agent/annotation.log", "utf8");
@ -96,73 +94,33 @@ export async function addSummary() {
return;
}
const content = fs.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = process.env["GITHUB_REPOSITORY"]?.split("/") || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
await core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
} else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
} else {
return 0;
// Fetch job summary from API
const apiUrl = `${STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = await fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
});
tableEntries = tableEntries.slice(0, 3);
await core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map(
(entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`
)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
await core.summary
.addRaw(
`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`
)
.addSeparator()
.write();
const markdownSummary = await response.text();
// Render the markdown summary using core.summary.addRaw
await core.summary.addRaw(markdownSummary).write();
return;
} catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
}
export const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";

7
src/setup.ts
View file

@ -271,6 +271,13 @@ interface MonitorResponse {
encoding: "utf8",
}
);
fs.appendFileSync(
process.env.GITHUB_STATE,
`correlation_id=${correlation_id}${EOL}`,
{
encoding: "utf8",
}
);
console.log(`Step Security Job Correlation ID: ${correlation_id}`);
if (String(statusCode) === common.STATUS_HARDEN_RUNNER_UNAVAILABLE) {