step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 11:05:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

v2.16.1 (#654)

Browse source
This commit is contained in:
Varun Sharma 2026-03-30 11:43:08 -07:00 committed by GitHub
commit fe10465874
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 29 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
dist/index.js vendored
View file

@ -32067,6 +32067,7 @@ function isDocker() {
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const configs_STEPSECURITY_API_URL = (/* unused pure expression or super */ null && (`https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`));
const STEPSECURITY_TELEMETRY_URL = "https://prod.app-api.stepsecurity.io/v1";
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
// EXTERNAL MODULE: ./node_modules/@actions/http-client/lib/index.js

2
dist/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

1
dist/post/index.js vendored
View file

@ -31881,6 +31881,7 @@ var lib_core = __nccwpck_require__(7484);
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const STEPSECURITY_TELEMETRY_URL = "https://prod.app-api.stepsecurity.io/v1";
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
// EXTERNAL MODULE: external "child_process"

2
dist/post/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

12
dist/pre/index.js vendored
View file

@ -85209,6 +85209,7 @@ function isValidEvent() {
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const STEPSECURITY_TELEMETRY_URL = "https://prod.app-api.stepsecurity.io/v1";
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
;// CONCATENATED MODULE: ./src/policy-utils.ts
@ -85392,11 +85393,11 @@ var external_crypto_ = __nccwpck_require__(6982);
const CHECKSUMS = {
tls: {
amd64: "19c35eee1347077eb71306b122ad4a1cf83f36ef0f69fd91b0c0d79ffd0eabdd",
arm64: "f9192788e86b2e44b795f072e8cc03eec9852649609aeedac0761d3b67c991fa",
amd64: "d4b80f15758bb950787000e802cc58a565919a8cb9ecf405777b304ef42911fe",
arm64: "3c224ea1da1776d1ba9f70b8dd8f0d8432230a7c2d464bca84bbdee8b7d46f6c",
},
non_tls: {
amd64: "1531bda40026b799b0704d0f775c372653a91fe436628fa8b416849d9c0707a8", // v0.14.4
amd64: "4aaaeebbe10e619d8ce13e8cc4a1acbafc8f891e8cdd319984480b9ec08407b8", // v0.15.0
},
darwin: "797399a3a3f6f9c4c000a02e0d8c7b16499129c9bdc2ad9cf2a10072c10654fb",
windows: {
@ -85464,14 +85465,14 @@ function installAgent(isTLS, configStr) {
encoding: "utf8",
});
if (isTLS) {
downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.7.10/harden-runner_1.7.10_linux_${variant}.tar.gz`, undefined, auth);
downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.7.15/harden-runner_1.7.15_linux_${variant}.tar.gz`, undefined, auth);
}
else {
if (variant === "arm64") {
console.log(ARM64_RUNNER_MESSAGE);
return false;
}
downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.14.4/agent_0.14.4_linux_amd64.tar.gz", undefined, auth);
downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.15.0/agent_0.15.0_linux_amd64.tar.gz", undefined, auth);
}
if (!verifyChecksum(downloadPath, isTLS, variant, "linux")) {
return false;
@ -85671,6 +85672,7 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
correlation_id: correlation_id,
working_directory: process.env["GITHUB_WORKSPACE"],
api_url: api_url,
telemetry_url: STEPSECURITY_TELEMETRY_URL,
allowed_endpoints: lib_core.getInput("allowed-endpoints"),
egress_policy: lib_core.getInput("egress-policy"),
disable_telemetry: lib_core.getBooleanInput("disable-telemetry"),

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

6
src/checksum.ts
View file

@ -4,11 +4,11 @@ import * as fs from "fs";
const CHECKSUMS = {
tls: {
amd64: "19c35eee1347077eb71306b122ad4a1cf83f36ef0f69fd91b0c0d79ffd0eabdd", // v1.7.10
arm64: "f9192788e86b2e44b795f072e8cc03eec9852649609aeedac0761d3b67c991fa",
amd64: "d4b80f15758bb950787000e802cc58a565919a8cb9ecf405777b304ef42911fe", // v1.7.15
arm64: "3c224ea1da1776d1ba9f70b8dd8f0d8432230a7c2d464bca84bbdee8b7d46f6c",
},
non_tls: {
amd64: "1531bda40026b799b0704d0f775c372653a91fe436628fa8b416849d9c0707a8", // v0.14.4
amd64: "4aaaeebbe10e619d8ce13e8cc4a1acbafc8f891e8cdd319984480b9ec08407b8", // v0.15.0
},
darwin: "797399a3a3f6f9c4c000a02e0d8c7b16499129c9bdc2ad9cf2a10072c10654fb", // v0.0.4
windows: {

3
src/configs.ts
View file

@ -2,4 +2,7 @@ export const STEPSECURITY_ENV = "agent"; // agent or int
export const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
export const STEPSECURITY_TELEMETRY_URL =
"https://prod.app-api.stepsecurity.io/v1";
export const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

4
src/install-agent.ts
View file

@ -26,7 +26,7 @@ export async function installAgent(
if (isTLS) {
downloadPath = await tc.downloadTool(
`https://github.com/step-security/agent-ebpf/releases/download/v1.7.10/harden-runner_1.7.10_linux_${variant}.tar.gz`,
`https://github.com/step-security/agent-ebpf/releases/download/v1.7.15/harden-runner_1.7.15_linux_${variant}.tar.gz`,
undefined,
auth
);
@ -36,7 +36,7 @@ export async function installAgent(
return false;
}
downloadPath = await tc.downloadTool(
"https://github.com/step-security/agent/releases/download/v0.14.4/agent_0.14.4_linux_amd64.tar.gz",
"https://github.com/step-security/agent/releases/download/v0.15.0/agent_0.15.0_linux_amd64.tar.gz",
undefined,
auth
);

1
src/interfaces.ts
View file

@ -4,6 +4,7 @@ export interface Configuration {
correlation_id: string;
working_directory: string;
api_url: string;
telemetry_url: string;
allowed_endpoints: string;
egress_policy: string;
disable_telemetry: boolean;

2
src/policy-utils.test.ts
View file

@ -32,6 +32,7 @@ test("merge configs", async () => {
correlation_id: "aaaaa",
working_directory: "/xyz",
api_url: "xyz",
telemetry_url: "xyz",
allowed_endpoints: "",
egress_policy: "audit",
disable_telemetry: false,
@ -59,6 +60,7 @@ test("merge configs", async () => {
correlation_id: "aaaaa",
working_directory: "/xyz",
api_url: "xyz",
telemetry_url: "xyz",
allowed_endpoints: "github.com:443 google.com:443",
egress_policy: "audit",
disable_telemetry: false,

7
src/setup.ts
View file

@ -25,7 +25,11 @@ import { getCacheServiceVersion } from "@actions/cache/lib/internal/config";
import * as utils from "@actions/cache/lib/internal/cacheUtils";
import { isARCRunner, sendAllowedEndpoints } from "./arc-runner";
import { STEPSECURITY_API_URL, STEPSECURITY_WEB_URL } from "./configs";
import {
STEPSECURITY_API_URL,
STEPSECURITY_TELEMETRY_URL,
STEPSECURITY_WEB_URL,
} from "./configs";
import { isGithubHosted, isTLSEnabled } from "./tls-inspect";
import {
installAgent,
@ -70,6 +74,7 @@ interface MonitorResponse {
correlation_id: correlation_id,
working_directory: process.env["GITHUB_WORKSPACE"],
api_url: api_url,
telemetry_url: STEPSECURITY_TELEMETRY_URL,
allowed_endpoints: core.getInput("allowed-endpoints"),
egress_policy: core.getInput("egress-policy"),
disable_telemetry: core.getBooleanInput("disable-telemetry"),