Read platform specific annotation-logs & added post-step check in

macos-cleanup
2026-06-05 14:28:19 +00:00 · 2026-02-02 17:40:08 +05:30 · 2026-02-02 17:40:08 +05:30 · ac1419447b
commit ac1419447b
parent ef9c6372b3
9 changed files with 190 additions and 126 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -34379,13 +34379,58 @@ __nccwpck_require__.r(__webpack_exports__);

 // EXTERNAL MODULE: ./node_modules/@actions/core/lib/core.js
 var lib_core = __nccwpck_require__(2186);
-// EXTERNAL MODULE: external "fs"
-var external_fs_ = __nccwpck_require__(5747);
 ;// CONCATENATED MODULE: ./src/configs.ts
 const STEPSECURITY_ENV = "agent"; // agent or int
 const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
 const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

+// EXTERNAL MODULE: external "child_process"
+var external_child_process_ = __nccwpck_require__(3129);
+// EXTERNAL MODULE: external "fs"
+var external_fs_ = __nccwpck_require__(5747);
+;// CONCATENATED MODULE: ./src/utils.ts
+
+
+function isPlatformSupported(platform) {
+    switch (platform) {
+        case "linux":
+        case "win32":
+        case "darwin":
+            return true;
+        default:
+            return false;
+    }
+}
+function chownForFolder(newOwner, target) {
+    let cmd = "sudo";
+    let args = ["chown", "-R", newOwner, target];
+    cp.execFileSync(cmd, args);
+}
+function isAgentInstalled(platform) {
+    switch (platform) {
+        case "linux":
+            return fs.existsSync("/home/agent/agent.status");
+        case "win32":
+            return fs.existsSync("C:\\agent\\agent.status");
+        case "darwin":
+            return fs.existsSync("/opt/step-security/agent.status");
+        default:
+            return false;
+    }
+}
+function utils_getAnnotationLogs(platform) {
+    switch (platform) {
+        case "linux":
+            return fs.readFileSync("/home/agent/annotation.log");
+        case "win32":
+            return fs.readFileSync("C:\\agent\\annotation.log");
+        case "darwin":
+            return fs.readFileSync("/opt/step-security/annotation.log");
+        default:
+            throw new Error("platform not supported");
+    }
+}
+
 ;// CONCATENATED MODULE: ./src/common.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@ -34438,8 +34483,9 @@ function addSummary() {
        }
        let needsSubscription = false;
        try {
-            let data = fs.readFileSync("/home/agent/annotation.log", "utf8");
-            if (data.includes("StepSecurity Harden Runner is disabled")) {
+            let data = getAnnotationLogs(process.platform);
+            if (data !== undefined &&
+                data.includes("StepSecurity Harden Runner is disabled")) {
                needsSubscription = true;
            }
        }
@ -34570,39 +34616,6 @@ function isGithubHosted() {

 // EXTERNAL MODULE: ./node_modules/@actions/github/lib/github.js
 var github = __nccwpck_require__(5438);
-// EXTERNAL MODULE: external "child_process"
-var external_child_process_ = __nccwpck_require__(3129);
-;// CONCATENATED MODULE: ./src/utils.ts
-
-
-function isPlatformSupported(platform) {
-    switch (platform) {
-        case "linux":
-        case "win32":
-        case "darwin":
-            return true;
-        default:
-            return false;
-    }
-}
-function chownForFolder(newOwner, target) {
-    let cmd = "sudo";
-    let args = ["chown", "-R", newOwner, target];
-    cp.execFileSync(cmd, args);
-}
-function isAgentInstalled(platform) {
-    switch (platform) {
-        case "linux":
-            return fs.existsSync("/home/agent/agent.status");
-        case "win32":
-            return fs.existsSync("C:\\agent\\agent.status");
-        case "darwin":
-            return fs.existsSync("/opt/step-security/agent.status");
-        default:
-            return false;
-    }
-}
-
 ;// CONCATENATED MODULE: ./src/index.ts
 var src_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/post/index.js
+++ b/dist/post/index.js
@ -34386,6 +34386,51 @@ const STEPSECURITY_ENV = "agent"; // agent or int
 const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
 const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

+// EXTERNAL MODULE: external "child_process"
+var external_child_process_ = __nccwpck_require__(3129);
+;// CONCATENATED MODULE: ./src/utils.ts
+
+
+function isPlatformSupported(platform) {
+    switch (platform) {
+        case "linux":
+        case "win32":
+        case "darwin":
+            return true;
+        default:
+            return false;
+    }
+}
+function chownForFolder(newOwner, target) {
+    let cmd = "sudo";
+    let args = ["chown", "-R", newOwner, target];
+    cp.execFileSync(cmd, args);
+}
+function isAgentInstalled(platform) {
+    switch (platform) {
+        case "linux":
+            return fs.existsSync("/home/agent/agent.status");
+        case "win32":
+            return fs.existsSync("C:\\agent\\agent.status");
+        case "darwin":
+            return fs.existsSync("/opt/step-security/agent.status");
+        default:
+            return false;
+    }
+}
+function getAnnotationLogs(platform) {
+    switch (platform) {
+        case "linux":
+            return external_fs_.readFileSync("/home/agent/annotation.log");
+        case "win32":
+            return external_fs_.readFileSync("C:\\agent\\annotation.log");
+        case "darwin":
+            return external_fs_.readFileSync("/opt/step-security/annotation.log");
+        default:
+            throw new Error("platform not supported");
+    }
+}
+
 ;// CONCATENATED MODULE: ./src/common.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@ -34438,8 +34483,9 @@ function addSummary() {
        }
        let needsSubscription = false;
        try {
-            let data = external_fs_.readFileSync("/home/agent/annotation.log", "utf8");
-            if (data.includes("StepSecurity Harden Runner is disabled")) {
+            let data = getAnnotationLogs(process.platform);
+            if (data !== undefined &&
+                data.includes("StepSecurity Harden Runner is disabled")) {
                needsSubscription = true;
            }
        }
@ -34490,8 +34536,6 @@ const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing
 const ARC_RUNNER_MESSAGE = "Workflow is currently being executed in ARC based runner.";
 const ARM64_RUNNER_MESSAGE = "ARM runners are not supported in the Harden-Runner community tier.";

-// EXTERNAL MODULE: external "child_process"
-var external_child_process_ = __nccwpck_require__(3129);
 // EXTERNAL MODULE: external "path"
 var external_path_ = __nccwpck_require__(5622);
 ;// CONCATENATED MODULE: external "node:fs"
@ -34618,37 +34662,6 @@ function isGithubHosted() {

 // EXTERNAL MODULE: ./node_modules/@actions/github/lib/github.js
 var github = __nccwpck_require__(5438);
-;// CONCATENATED MODULE: ./src/utils.ts
-
-
-function isPlatformSupported(platform) {
-    switch (platform) {
-        case "linux":
-        case "win32":
-        case "darwin":
-            return true;
-        default:
-            return false;
-    }
-}
-function chownForFolder(newOwner, target) {
-    let cmd = "sudo";
-    let args = ["chown", "-R", newOwner, target];
-    cp.execFileSync(cmd, args);
-}
-function isAgentInstalled(platform) {
-    switch (platform) {
-        case "linux":
-            return fs.existsSync("/home/agent/agent.status");
-        case "win32":
-            return fs.existsSync("C:\\agent\\agent.status");
-        case "darwin":
-            return fs.existsSync("/opt/step-security/agent.status");
-        default:
-            return false;
-    }
-}
-
 ;// CONCATENATED MODULE: ./src/cleanup.ts
 var cleanup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@ -34780,7 +34793,12 @@ function handleLinuxCleanup() {
 }
 function handleMacosCleanup() {
    return cleanup_awaiter(this, void 0, void 0, function* () {
-        external_fs_.writeFileSync("/opt/step-security/post_event.json", JSON.stringify({ event: "post" }));
+        const post_event = "/opt/step-security/post_event.json";
+        if (isGithubHosted() && external_fs_.existsSync(post_event)) {
+            console.log("Post step already executed, skipping");
+            return;
+        }
+        external_fs_.writeFileSync(post_event, JSON.stringify({ event: "post" }));
        let macDone = "/opt/step-security/done.json";
        let counter = 0;
        while (true) {
@ -34797,10 +34815,10 @@ function handleMacosCleanup() {
                break;
            }
        }
-        let macAgenLog = "/opt/step-security/agent.log";
-        if (external_fs_.existsSync(macAgenLog)) {
+        let macAgentLog = "/opt/step-security/agent.log";
+        if (external_fs_.existsSync(macAgentLog)) {
            console.log("macAgenLog:");
-            var content = external_fs_.readFileSync(macAgenLog, "utf-8");
+            var content = external_fs_.readFileSync(macAgentLog, "utf-8");
            console.log(content);
        }
        else {
@ -34812,7 +34830,7 @@ function handleMacosCleanup() {
            const logStreamOutput = external_child_process_.execSync("log show --predicate 'subsystem == \"io.stepsecurity.harden-runner\"' --info --last 10m", {
                encoding: "utf8",
                maxBuffer: 1024 * 1024 * 10,
-                timeout: 10000, // 10 second timeout
+                timeout: 5000, // 5 seconds timeout
            });
            console.log(logStreamOutput);
        }
--- a/dist/post/index.js.map
+++ b/dist/post/index.js.map
--- a/dist/pre/index.js
+++ b/dist/pre/index.js
@ -87644,6 +87644,49 @@ const STEPSECURITY_ENV = "agent"; // agent or int
 const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
 const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

+;// CONCATENATED MODULE: ./src/utils.ts
+
+
+function isPlatformSupported(platform) {
+    switch (platform) {
+        case "linux":
+        case "win32":
+        case "darwin":
+            return true;
+        default:
+            return false;
+    }
+}
+function chownForFolder(newOwner, target) {
+    let cmd = "sudo";
+    let args = ["chown", "-R", newOwner, target];
+    external_child_process_.execFileSync(cmd, args);
+}
+function isAgentInstalled(platform) {
+    switch (platform) {
+        case "linux":
+            return external_fs_.existsSync("/home/agent/agent.status");
+        case "win32":
+            return external_fs_.existsSync("C:\\agent\\agent.status");
+        case "darwin":
+            return external_fs_.existsSync("/opt/step-security/agent.status");
+        default:
+            return false;
+    }
+}
+function utils_getAnnotationLogs(platform) {
+    switch (platform) {
+        case "linux":
+            return fs.readFileSync("/home/agent/annotation.log");
+        case "win32":
+            return fs.readFileSync("C:\\agent\\annotation.log");
+        case "darwin":
+            return fs.readFileSync("/opt/step-security/annotation.log");
+        default:
+            throw new Error("platform not supported");
+    }
+}
+
 ;// CONCATENATED MODULE: ./src/common.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@ -87696,8 +87739,9 @@ function addSummary() {
        }
        let needsSubscription = false;
        try {
-            let data = fs.readFileSync("/home/agent/annotation.log", "utf8");
-            if (data.includes("StepSecurity Harden Runner is disabled")) {
+            let data = getAnnotationLogs(process.platform);
+            if (data !== undefined &&
+                data.includes("StepSecurity Harden Runner is disabled")) {
                needsSubscription = true;
            }
        }
@ -88024,37 +88068,6 @@ function verifyChecksum(downloadPath, isTLS, variant, platform) {
    lib_core.info(`✅ Checksum verification passed. checksum=${checksum}`);
 }

-;// CONCATENATED MODULE: ./src/utils.ts
-
-
-function isPlatformSupported(platform) {
-    switch (platform) {
-        case "linux":
-        case "win32":
-        case "darwin":
-            return true;
-        default:
-            return false;
-    }
-}
-function chownForFolder(newOwner, target) {
-    let cmd = "sudo";
-    let args = ["chown", "-R", newOwner, target];
-    external_child_process_.execFileSync(cmd, args);
-}
-function isAgentInstalled(platform) {
-    switch (platform) {
-        case "linux":
-            return external_fs_.existsSync("/home/agent/agent.status");
-        case "win32":
-            return external_fs_.existsSync("C:\\agent\\agent.status");
-        case "darwin":
-            return external_fs_.existsSync("/opt/step-security/agent.status");
-        default:
-            return false;
-    }
-}
-
 ;// CONCATENATED MODULE: ./src/install-agent.ts
 var install_agent_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
--- a/dist/pre/index.js.map
+++ b/dist/pre/index.js.map
--- a/src/cleanup.ts
+++ b/src/cleanup.ts
@ -140,10 +140,14 @@ async function handleLinuxCleanup() {
 }

 async function handleMacosCleanup() {
-  fs.writeFileSync(
-    "/opt/step-security/post_event.json",
-    JSON.stringify({ event: "post" })
-  );
+  const post_event = "/opt/step-security/post_event.json";
+
+  if (isGithubHosted() && fs.existsSync(post_event)) {
+    console.log("Post step already executed, skipping");
+    return;
+  }
+
+  fs.writeFileSync(post_event, JSON.stringify({ event: "post" }));

  let macDone = "/opt/step-security/done.json";
  let counter = 0;
@ -161,10 +165,10 @@ async function handleMacosCleanup() {
    }
  }

-  let macAgenLog = "/opt/step-security/agent.log";
-  if (fs.existsSync(macAgenLog)) {
+  let macAgentLog = "/opt/step-security/agent.log";
+  if (fs.existsSync(macAgentLog)) {
    console.log("macAgenLog:");
-    var content = fs.readFileSync(macAgenLog, "utf-8");
+    var content = fs.readFileSync(macAgentLog, "utf-8");
    console.log(content);
  } else {
    console.log("😭 macos agent.log file not found");
@ -178,7 +182,7 @@ async function handleMacosCleanup() {
      {
        encoding: "utf8",
        maxBuffer: 1024 * 1024 * 10, // 10MB buffer
-        timeout: 10000, // 10 second timeout
+        timeout: 5000, // 5 seconds timeout
      }
    );
    console.log(logStreamOutput);
--- a/src/common.ts
+++ b/src/common.ts
@ -1,6 +1,6 @@
 import * as core from "@actions/core";
-import * as fs from "fs";
 import { STEPSECURITY_API_URL, STEPSECURITY_WEB_URL } from "./configs";
+import { getAnnotationLogs } from "./utils";

 export function printInfo(web_url) {
  console.log(
@ -67,8 +67,11 @@ export async function addSummary() {

  let needsSubscription = false;
  try {
-    let data = fs.readFileSync("/home/agent/annotation.log", "utf8");
-    if (data.includes("StepSecurity Harden Runner is disabled")) {
+    let data = getAnnotationLogs(process.platform);
+    if (
+      data !== undefined &&
+      data.includes("StepSecurity Harden Runner is disabled")
+    ) {
      needsSubscription = true;
    }
  } catch (err) {
--- a/src/utils.ts
+++ b/src/utils.ts
@ -1,7 +1,7 @@
 import * as cp from "child_process";
 import * as fs from "fs";

-export function isPlatformSupported(platform: string) {
+export function isPlatformSupported(platform: NodeJS.Platform) {
  switch (platform) {
    case "linux":
    case "win32":
@ -19,7 +19,7 @@ export function chownForFolder(newOwner: string, target: string) {
  cp.execFileSync(cmd, args);
 }

-export function isAgentInstalled(platform: string) {
+export function isAgentInstalled(platform: NodeJS.Platform) {
  switch (platform) {
    case "linux":
      return fs.existsSync("/home/agent/agent.status");
@ -31,3 +31,16 @@ export function isAgentInstalled(platform: string) {
      return false;
  }
 }
+
+export function getAnnotationLogs(platform: NodeJS.Platform) {
+  switch (platform) {
+    case "linux":
+      return fs.readFileSync("/home/agent/annotation.log");
+    case "win32":
+      return fs.readFileSync("C:\\agent\\annotation.log");
+    case "darwin":
+      return fs.readFileSync("/opt/step-security/annotation.log");
+    default:
+      throw new Error("platform not supported");
+  }
+}