step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-08 03:17:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

added code to fetch cache-endpoint in pre-step

Browse source
This commit is contained in:
h0x0er 2022-09-13 23:15:48 +05:30
commit 9cc3d78444
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/setup.ts
View file

@ -8,6 +8,7 @@ import * as common from "./common";
import * as tc from "@actions/tool-cache";
import { verifyChecksum } from "./checksum";
import isDocker from "is-docker";
import { cacheFile, cacheKey, CompressionMethod, getCacheEntry } from "./cache";
(async () => {
try {
@ -36,6 +37,24 @@ import isDocker from "is-docker";
disable_telemetry: core.getBooleanInput("disable-telemetry"),
};
try {
const cacheEntry = await getCacheEntry([cacheKey], [cacheFile], {
compressionMethod: CompressionMethod.ZstdWithoutLong,
});
const url = new URL(cacheEntry.archiveLocation);
core.info(`Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`);
confg.allowed_endpoints += ` ${url.hostname}:443`;
} catch (exception) {
// some exception has occurred.
core.info("Unable to fetch cacheURL");
if (confg.egress_policy === "block") {
core.warning(
"Unable to fetch cacheURL switching egress-policy to audit mode"
);
confg.egress_policy = "audit";
}
}
if (confg.egress_policy !== "audit" && confg.egress_policy !== "block") {
core.setFailed("egress-policy must be either audit or block");
}