step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix workflow name extraction for policy store API

Browse source 
Use GITHUB_WORKFLOW_REF to extract the workflow filename instead of
GITHUB_WORKFLOW which gives the workflow display name. The policy
store API expects the filename (e.g. ci.yml) to match workflow-level
policies.
This commit is contained in:
Varun Sharma 2026-04-08 16:38:21 -07:00
commit 8e8c444a73
3 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
dist/pre/index.js vendored
View file

@ -85740,7 +85740,8 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
else {
try {
const repoName = (process.env["GITHUB_REPOSITORY"] || "").split("/")[1] || "";
const workflow = process.env["GITHUB_WORKFLOW"] || "";
const workflowRef = process.env["GITHUB_WORKFLOW_REF"] || "";
const workflow = workflowRef.replace(/.*\.github\/workflows\//, "").replace(/@.*/, "");
let result = yield fetchPolicyFromStore(github.context.repo.owner, repoName, confg.api_key, workflow, confg.run_id, confg.correlation_id);
if (result !== null) {
lib_core.info(`Policy found: ${result.policy_name || "unnamed"}`);

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

3
src/setup.ts
View file

@ -103,7 +103,8 @@ interface MonitorResponse {
} else {
try {
const repoName = (process.env["GITHUB_REPOSITORY"] || "").split("/")[1] || "";
const workflow = process.env["GITHUB_WORKFLOW"] || "";
const workflowRef = process.env["GITHUB_WORKFLOW_REF"] || "";
const workflow = workflowRef.replace(/.*\.github\/workflows\//, "").replace(/@.*/, "");
let result: PolicyResponse | null = await fetchPolicyFromStore(
context.repo.owner,
repoName,