step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-07 22:47:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: add support for custom vm image

Browse source
This commit is contained in:
Varun Sharma 2025-11-04 17:02:50 -08:00
commit ef891c3a30
9 changed files with 39 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dist/index.js vendored
View file

@ -27698,7 +27698,7 @@ function addSummary() {
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
const CONTAINER_MESSAGE = "This job is running in a container. Harden Runner does not run in a container as it needs sudo access to run. This job will not be monitored.";
const CONTAINER_MESSAGE = "This job is running in a container. Such jobs can be monitored by installing Harden Runner in a custom VM image for GitHub-hosted runners.";
const UBUNTU_MESSAGE = "This job is not running in a GitHub Actions Hosted Runner Ubuntu VM. Harden Runner is only supported on Ubuntu VM. This job will not be monitored.";
const SELF_HOSTED_RUNNER_MESSAGE = "This job is running on a self-hosted runner.";
const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";

2
dist/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

5
dist/post/index.js vendored
View file

@ -27705,7 +27705,7 @@ function addSummary() {
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
const CONTAINER_MESSAGE = "This job is running in a container. Harden Runner does not run in a container as it needs sudo access to run. This job will not be monitored.";
const CONTAINER_MESSAGE = "This job is running in a container. Such jobs can be monitored by installing Harden Runner in a custom VM image for GitHub-hosted runners.";
const UBUNTU_MESSAGE = "This job is not running in a GitHub Actions Hosted Runner Ubuntu VM. Harden Runner is only supported on Ubuntu VM. This job will not be monitored.";
const SELF_HOSTED_RUNNER_MESSAGE = "This job is running on a self-hosted runner.";
const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";
@ -27867,6 +27867,9 @@ var cleanup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
if (process.env.STATE_selfHosted === "true") {
return;
}
if (process.env.STATE_customVMImage === "true") {
return;
}
if (process.env.STATE_isTLS === "false" && process.arch === "arm64") {
return;
}

2
dist/post/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

13
dist/pre/index.js vendored
View file

@ -85248,7 +85248,7 @@ function addSummary() {
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
const CONTAINER_MESSAGE = "This job is running in a container. Harden Runner does not run in a container as it needs sudo access to run. This job will not be monitored.";
const CONTAINER_MESSAGE = "This job is running in a container. Such jobs can be monitored by installing Harden Runner in a custom VM image for GitHub-hosted runners.";
const UBUNTU_MESSAGE = "This job is not running in a GitHub Actions Hosted Runner Ubuntu VM. Harden Runner is only supported on Ubuntu VM. This job will not be monitored.";
const SELF_HOSTED_RUNNER_MESSAGE = "This job is running on a self-hosted runner.";
const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";
@ -85764,6 +85764,17 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
}
return;
}
if (isGithubHosted() && process.env.STEP_SECURITY_HARDEN_RUNNER === "true") {
external_fs_.appendFileSync(process.env.GITHUB_STATE, `customVMImage=true${external_os_.EOL}`, {
encoding: "utf8",
});
lib_core.info("This job is running on a custom VM image with Harden Runner installed.");
if (confg.egress_policy === "block") {
sendAllowedEndpoints(confg.allowed_endpoints);
yield setup_sleep(5000);
}
return;
}
let _http = new lib.HttpClient();
let statusCode;
_http.requestOptions = { socketTimeout: 3 * 1000 };

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

4
src/cleanup.ts
View file

@ -25,6 +25,10 @@ import { isGithubHosted } from "./tls-inspect";
return;
}
if (process.env.STATE_customVMImage === "true") {
return;
}
if (process.env.STATE_isTLS === "false" && process.arch === "arm64") {
return;
}

2
src/common.ts
View file

@ -126,7 +126,7 @@ export async function addSummary() {
export const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
export const CONTAINER_MESSAGE =
"This job is running in a container. Harden Runner does not run in a container as it needs sudo access to run. This job will not be monitored.";
"This job is running in a container. Such jobs can be monitored by installing Harden Runner in a custom VM image for GitHub-hosted runners.";
export const UBUNTU_MESSAGE =
"This job is not running in a GitHub Actions Hosted Runner Ubuntu VM. Harden Runner is only supported on Ubuntu VM. This job will not be monitored.";

14
src/setup.ts
View file

@ -243,6 +243,20 @@ interface MonitorResponse {
return;
}
if (isGithubHosted() && process.env.STEP_SECURITY_HARDEN_RUNNER === "true") {
fs.appendFileSync(process.env.GITHUB_STATE, `customVMImage=true${EOL}`, {
encoding: "utf8",
});
core.info("This job is running on a custom VM image with Harden Runner installed.");
if (confg.egress_policy === "block") {
sendAllowedEndpoints(confg.allowed_endpoints);
await sleep(5000);
}
return;
}
let _http = new httpm.HttpClient();
let statusCode: number | undefined;
_http.requestOptions = { socketTimeout: 3 * 1000 };