mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-08 03:17:11 +00:00
add functionality to download agent from github and update checksum
This commit is contained in:
sailikhith-stepsecurity
parent
276bb94451
commit
d11b063e55
2 changed files with 11 additions and 66 deletions
|
|
@ -11,7 +11,7 @@ const CHECKSUMS = {
|
|||
amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2
|
||||
},
|
||||
windows: {
|
||||
amd64: "", // v0.0.1
|
||||
amd64: "sha256:4ce2409d5802e947b563e29dbd8e803525dc78b21996b0ecedb51ceb046911a3", // v1.0.0-int
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -78,7 +78,6 @@ export async function installWindowsAgent(
|
|||
return false;
|
||||
}
|
||||
|
||||
// set up agent directory at C:\agent
|
||||
const agentDir = "C:\\agent";
|
||||
core.info(`Creating agent directory: ${agentDir}`);
|
||||
if (!fs.existsSync(agentDir)) {
|
||||
|
|
@ -93,67 +92,19 @@ export async function installWindowsAgent(
|
|||
);
|
||||
const agentExePath = path.join(agentDir, "agent.exe");
|
||||
|
||||
// uncomment to download agent from github
|
||||
// const downloadPath = await tc.downloadTool(
|
||||
// `https://github.com/step-security/agent-releases/releases/download/v0.0.1/agent_0.0.1_windows_amd64.tar.gz`,
|
||||
// undefined,
|
||||
// auth
|
||||
// );
|
||||
// verifyChecksum(downloadPath, false, variant, process.platform);
|
||||
const downloadPath = await tc.downloadTool(
|
||||
`https://github.com/step-security/agent-releases/releases/download/v1.0.0-int/harden-runner-agent-windows_int_windows_amd64.tar.gz `,
|
||||
undefined,
|
||||
auth
|
||||
);
|
||||
verifyChecksum(downloadPath, false, variant, process.platform);
|
||||
|
||||
// const extractPath = await tc.extractTar(downloadPath);
|
||||
// let cmd = "cp",
|
||||
// args = [path.join(extractPath, "agent.exe"), agentExePath];
|
||||
const extractPath = await tc.extractTar(downloadPath);
|
||||
|
||||
// cp.execFileSync(cmd, args);
|
||||
const extractedAgentPath = path.join(extractPath, "agent.exe");
|
||||
fs.copyFileSync(extractedAgentPath, agentExePath);
|
||||
core.info(`Copied agent from ${extractedAgentPath} to ${agentExePath}`);
|
||||
|
||||
// Download Windows agent from S3 - TODO: remove this later once github releases are available
|
||||
// Get S3 URL from environment variable or GitHub Actions input
|
||||
const s3Url = process.env.AGENT_S3_URL || core.getInput("agent-s3-url");
|
||||
|
||||
if (!s3Url) {
|
||||
core.setFailed(
|
||||
"S3 URL not configured. Please set AGENT_S3_URL environment variable or provide 'agent-s3-url' input."
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
const tarGzPath = path.join(agentDir, "agent_windows_amd64.tar.gz");
|
||||
|
||||
core.info(`Downloading Windows agent from S3...`);
|
||||
|
||||
try {
|
||||
// Download tar.gz from S3 using curl
|
||||
core.info(`Downloading from: ${s3Url}`);
|
||||
cp.execSync(`curl -L -o "${tarGzPath}" "${s3Url}"`, { stdio: "inherit" });
|
||||
|
||||
if (!fs.existsSync(tarGzPath)) {
|
||||
core.setFailed("Failed to download agent.tar.gz from S3");
|
||||
return false;
|
||||
}
|
||||
|
||||
core.info(`Downloaded tar.gz to: ${tarGzPath}`);
|
||||
|
||||
// Extract tar.gz
|
||||
core.info("Extracting tar.gz...");
|
||||
cp.execSync(`tar -xzf "${tarGzPath}" -C "${agentDir}"`, { stdio: "inherit" });
|
||||
|
||||
// Verify agent.exe exists after extraction
|
||||
if (fs.existsSync(agentExePath)) {
|
||||
core.info(`Agent extracted to: ${agentExePath}`);
|
||||
|
||||
// Clean up tar.gz
|
||||
fs.unlinkSync(tarGzPath);
|
||||
} else {
|
||||
core.setFailed("agent.exe not found after extraction");
|
||||
return false;
|
||||
}
|
||||
} catch (error) {
|
||||
core.setFailed(`Failed to download Windows agent: ${error.message}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Write config.json
|
||||
const configPath = path.join(agentDir, "config.json");
|
||||
fs.writeFileSync(configPath, configStr);
|
||||
core.info(`Created config file: ${configPath}`);
|
||||
|
|
@ -161,10 +112,6 @@ export async function installWindowsAgent(
|
|||
core.info("Starting Windows Agent...");
|
||||
|
||||
try {
|
||||
// start the agent process in the background
|
||||
core.info(`Executing: ${agentExePath}`);
|
||||
|
||||
// set up log file for agent output
|
||||
const logPath = path.join(agentDir, "agent.log");
|
||||
const logStream = fs.openSync(logPath, 'a');
|
||||
core.info(`Agent logs will be written to: ${logPath}`);
|
||||
|
|
@ -178,13 +125,11 @@ export async function installWindowsAgent(
|
|||
shell: false
|
||||
});
|
||||
|
||||
// save the PID to a file for later termination
|
||||
const pidFile = path.join(agentDir, "agent.pid");
|
||||
fs.writeFileSync(pidFile, agentProcess.pid.toString());
|
||||
core.info(`Agent process started with PID: ${agentProcess.pid}`);
|
||||
core.info(`PID saved to: ${pidFile}`);
|
||||
|
||||
// unref the process so it can continue running independently
|
||||
agentProcess.unref();
|
||||
|
||||
core.info("Windows Agent process started successfully");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue