step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 14:55:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

improve error handling for policy store sceanrio

Browse source
This commit is contained in:
Varun Sharma 2025-09-06 11:26:42 -07:00
commit b3fc98e4df
3 changed files with 16 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
dist/pre/index.js vendored
View file

@ -88140,8 +88140,14 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
lib_core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.'); lib_core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');
} }
else { else {
// Log other errors but don't fail the job // Handle different HTTP status codes
lib_core.error(`Failed to fetch policy: ${err}`); if (err.statusCode >= 400 && err.statusCode < 500) {
lib_core.error('Policy not found');
}
else {
lib_core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
confg.egress_policy = 'audit';
}
} }
} }
} }

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

9
src/setup.ts
View file

@ -89,8 +89,13 @@ interface MonitorResponse {
if (err.message && err.message.includes('Unable to get ACTIONS_ID_TOKEN_REQUEST')) { if (err.message && err.message.includes('Unable to get ACTIONS_ID_TOKEN_REQUEST')) {
core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.'); core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');
} else { } else {
// Log other errors but don't fail the job // Handle different HTTP status codes
core.error(`Failed to fetch policy: ${err}`); if (err.statusCode >= 400 && err.statusCode < 500) {
core.error('Policy not found');
} else {
core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
confg.egress_policy = 'audit';
}
} }
} }
} }