step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-06 06:17:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: replace skip-harden-runner with skip-on-custom-property input

Browse source
This commit is contained in:
Varun Sharma 2025-12-05 00:44:56 -08:00
commit ee1faec052
9 changed files with 8735 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

6
action.yml
View file

@ -32,10 +32,10 @@ inputs:
description: "Policy name to be used from the policy store"
required: false
default: ""
skip-harden-runner:
description: "Set to 'true' to skip harden-runner. Use with expressions to conditionally skip based on custom properties or other conditions."
skip-on-custom-property:
description: "Skip if custom property matches value (format: property_name=value)"
required: false
default: "false"
default: ""
branding:
icon: "check-square"

4294
dist/index.js vendored
View file

File diff suppressed because it is too large Load diff

2
dist/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

4294
dist/post/index.js vendored
View file

File diff suppressed because it is too large Load diff

2
dist/post/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

15
dist/pre/index.js vendored
View file

@ -85609,12 +85609,17 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
(() => setup_awaiter(void 0, void 0, void 0, function* () {
var _a, _b;
var _a, _b, _c, _d;
try {
console.log("[harden-runner] pre-step");
if (lib_core.getBooleanInput("skip-harden-runner")) {
console.log("Skipping harden-runner as skip-harden-runner is set to true");
return;
const skipOnProperty = lib_core.getInput("skip-on-custom-property");
if (skipOnProperty) {
const [propertyName, expectedValue] = skipOnProperty.split("=");
const customProperties = ((_b = (_a = github.context === null || github.context === void 0 ? void 0 : github.context.payload) === null || _a === void 0 ? void 0 : _a.repository) === null || _b === void 0 ? void 0 : _b.custom_properties) || {};
if (customProperties[propertyName] === expectedValue) {
console.log(`Skipping harden-runner: custom property '${propertyName}' equals '${expectedValue}'`);
return;
}
}
if (process.platform !== "linux") {
console.log(UBUNTU_MESSAGE);
@ -85639,7 +85644,7 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
disable_sudo: lib_core.getBooleanInput("disable-sudo"),
disable_sudo_and_containers: lib_core.getBooleanInput("disable-sudo-and-containers"),
disable_file_monitoring: lib_core.getBooleanInput("disable-file-monitoring"),
private: ((_b = (_a = github.context === null || github.context === void 0 ? void 0 : github.context.payload) === null || _a === void 0 ? void 0 : _a.repository) === null || _b === void 0 ? void 0 : _b.private) || false,
private: ((_d = (_c = github.context === null || github.context === void 0 ? void 0 : github.context.payload) === null || _c === void 0 ? void 0 : _c.repository) === null || _d === void 0 ? void 0 : _d.private) || false,
is_github_hosted: isGithubHosted(),
is_debug: lib_core.isDebug(),
one_time_key: "",

12
src/cleanup.ts
View file

@ -5,12 +5,18 @@ import * as common from "./common";
import isDocker from "is-docker";
import { isARCRunner } from "./arc-runner";
import { isGithubHosted } from "./tls-inspect";
import { context } from "@actions/github";
(async () => {
console.log("[harden-runner] post-step");
if (core.getBooleanInput("skip-harden-runner")) {
console.log("Skipping harden-runner as skip-harden-runner is set to true");
return;
const skipOnProperty = core.getInput("skip-on-custom-property");
if (skipOnProperty) {
const [propertyName, expectedValue] = skipOnProperty.split("=");
const customProperties = context?.payload?.repository?.custom_properties || {};
if (customProperties[propertyName] === expectedValue) {
console.log(`Skipping harden-runner: custom property '${propertyName}' equals '${expectedValue}'`);
return;
}
}
if (process.platform !== "linux") {

12
src/index.ts
View file

@ -3,12 +3,18 @@ import * as core from "@actions/core";
import isDocker from "is-docker";
import { STEPSECURITY_WEB_URL } from "./configs";
import { isGithubHosted } from "./tls-inspect";
import { context } from "@actions/github";
(async () => {
console.log("[harden-runner] main-step");
if (core.getBooleanInput("skip-harden-runner")) {
console.log("Skipping harden-runner as skip-harden-runner is set to true");
return;
const skipOnProperty = core.getInput("skip-on-custom-property");
if (skipOnProperty) {
const [propertyName, expectedValue] = skipOnProperty.split("=");
const customProperties = context?.payload?.repository?.custom_properties || {};
if (customProperties[propertyName] === expectedValue) {
console.log(`Skipping harden-runner: custom property '${propertyName}' equals '${expectedValue}'`);
return;
}
}
if (process.platform !== "linux") {

11
src/setup.ts
View file

@ -39,9 +39,14 @@ interface MonitorResponse {
try {
console.log("[harden-runner] pre-step");
if (core.getBooleanInput("skip-harden-runner")) {
console.log("Skipping harden-runner as skip-harden-runner is set to true");
return;
const skipOnProperty = core.getInput("skip-on-custom-property");
if (skipOnProperty) {
const [propertyName, expectedValue] = skipOnProperty.split("=");
const customProperties = context?.payload?.repository?.custom_properties || {};
if (customProperties[propertyName] === expectedValue) {
console.log(`Skipping harden-runner: custom property '${propertyName}' equals '${expectedValue}'`);
return;
}
}
if (process.platform !== "linux") {