Compare commits
5 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b458cf61e2 | ||
|
|
0c7bbb705b | ||
|
|
70fff002a1 | ||
|
|
7499c69ca8 | ||
|
|
788d858847 |
9 changed files with 28 additions and 57 deletions
4
dist/index.js
vendored
4
dist/index.js
vendored
|
|
@ -27613,9 +27613,9 @@ var lib_core = __nccwpck_require__(2186);
|
|||
// EXTERNAL MODULE: external "fs"
|
||||
var external_fs_ = __nccwpck_require__(5747);
|
||||
;// CONCATENATED MODULE: ./src/configs.ts
|
||||
const STEPSECURITY_ENV = "agent"; // agent or int
|
||||
const STEPSECURITY_ENV = "int"; // agent or int
|
||||
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
|
||||
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
|
||||
const configs_STEPSECURITY_WEB_URL = "https://int1.stepsecurity.io";
|
||||
|
||||
;// CONCATENATED MODULE: ./src/common.ts
|
||||
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
|
|
|
|||
2
dist/index.js.map
vendored
2
dist/index.js.map
vendored
File diff suppressed because one or more lines are too long
8
dist/post/index.js
vendored
8
dist/post/index.js
vendored
|
|
@ -27615,9 +27615,9 @@ var external_child_process_ = __nccwpck_require__(3129);
|
|||
// EXTERNAL MODULE: ./node_modules/@actions/core/lib/core.js
|
||||
var lib_core = __nccwpck_require__(2186);
|
||||
;// CONCATENATED MODULE: ./src/configs.ts
|
||||
const STEPSECURITY_ENV = "agent"; // agent or int
|
||||
const STEPSECURITY_ENV = "int"; // agent or int
|
||||
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
|
||||
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
|
||||
const STEPSECURITY_WEB_URL = "https://int1.stepsecurity.io";
|
||||
|
||||
;// CONCATENATED MODULE: ./src/common.ts
|
||||
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
|
|
@ -27947,7 +27947,9 @@ var cleanup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
|
|||
console.log(content);
|
||||
}
|
||||
var disable_sudo = process.env.STATE_disableSudo;
|
||||
var disable_sudo_and_containers = process.env.disableSudoAndContainers;
|
||||
var disable_sudo_and_containers = process.env.STATE_disableSudoAndContainers;
|
||||
console.log('disable_sudo:', disable_sudo);
|
||||
console.log('disable_sudo_and_containers:', disable_sudo_and_containers);
|
||||
if (disable_sudo !== "true" && disable_sudo_and_containers !== "true") {
|
||||
try {
|
||||
var journalLog = external_child_process_.execSync("sudo journalctl -u agent.service --lines=1000", {
|
||||
|
|
|
|||
2
dist/post/index.js.map
vendored
2
dist/post/index.js.map
vendored
File diff suppressed because one or more lines are too long
50
dist/pre/index.js
vendored
50
dist/pre/index.js
vendored
|
|
@ -13496,7 +13496,7 @@ exports.pollHttpOperation = pollHttpOperation;
|
|||
|
||||
/***/ }),
|
||||
|
||||
/***/ 5271:
|
||||
/***/ 8502:
|
||||
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
|
||||
|
||||
"use strict";
|
||||
|
|
@ -13561,7 +13561,7 @@ exports.createHttpPoller = createHttpPoller;
|
|||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.createHttpPoller = void 0;
|
||||
const tslib_1 = __nccwpck_require__(5388);
|
||||
var poller_js_1 = __nccwpck_require__(5271);
|
||||
var poller_js_1 = __nccwpck_require__(8502);
|
||||
Object.defineProperty(exports, "createHttpPoller", ({ enumerable: true, get: function () { return poller_js_1.createHttpPoller; } }));
|
||||
/**
|
||||
* This can be uncommented to expose the protocol-agnostic poller
|
||||
|
|
@ -87640,9 +87640,9 @@ const stringify = dist/* stringify */.Pz;
|
|||
const parse = dist/* parse */.Qc;
|
||||
|
||||
;// CONCATENATED MODULE: ./src/configs.ts
|
||||
const STEPSECURITY_ENV = "agent"; // agent or int
|
||||
const STEPSECURITY_ENV = "int"; // agent or int
|
||||
const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
|
||||
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
|
||||
const configs_STEPSECURITY_WEB_URL = "https://int1.stepsecurity.io";
|
||||
|
||||
;// CONCATENATED MODULE: ./src/common.ts
|
||||
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
|
|
@ -87999,39 +87999,6 @@ function isGithubHosted() {
|
|||
|
||||
// EXTERNAL MODULE: ./node_modules/@actions/tool-cache/lib/tool-cache.js
|
||||
var tool_cache = __nccwpck_require__(7784);
|
||||
// EXTERNAL MODULE: external "crypto"
|
||||
var external_crypto_ = __nccwpck_require__(6417);
|
||||
;// CONCATENATED MODULE: ./src/checksum.ts
|
||||
|
||||
|
||||
|
||||
const CHECKSUMS = {
|
||||
tls: {
|
||||
amd64: "3fdf9e0b0f08e39768dd2bb0c55d02c628c0670e3529c2f440bbb1da8a3d80f4",
|
||||
arm64: "67405f212088d2891f4e40c7004b850b80e302fb1d9066e8c651de8b14679c55",
|
||||
},
|
||||
non_tls: {
|
||||
amd64: "a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a", // v0.13.7
|
||||
},
|
||||
};
|
||||
function verifyChecksum(downloadPath, isTLS, variant) {
|
||||
const fileBuffer = external_fs_.readFileSync(downloadPath);
|
||||
const checksum = external_crypto_.createHash("sha256")
|
||||
.update(fileBuffer)
|
||||
.digest("hex"); // checksum of downloaded file
|
||||
let expectedChecksum = "";
|
||||
if (isTLS) {
|
||||
expectedChecksum = CHECKSUMS["tls"][variant];
|
||||
}
|
||||
else {
|
||||
expectedChecksum = CHECKSUMS["non_tls"][variant];
|
||||
}
|
||||
if (checksum !== expectedChecksum) {
|
||||
lib_core.setFailed(`Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`);
|
||||
}
|
||||
lib_core.debug("Checksum verification passed.");
|
||||
}
|
||||
|
||||
;// CONCATENATED MODULE: ./src/install-agent.ts
|
||||
var install_agent_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
|
|
@ -88049,7 +88016,6 @@ var install_agent_awaiter = (undefined && undefined.__awaiter) || function (this
|
|||
|
||||
|
||||
|
||||
|
||||
function installAgent(isTLS, configStr) {
|
||||
return install_agent_awaiter(this, void 0, void 0, function* () {
|
||||
// Note: to avoid github rate limiting
|
||||
|
|
@ -88061,7 +88027,7 @@ function installAgent(isTLS, configStr) {
|
|||
encoding: "utf8",
|
||||
});
|
||||
if (isTLS) {
|
||||
downloadPath = yield tool_cache.downloadTool(`https://packages.stepsecurity.io/github-hosted/harden-runner_1.6.1_linux_${variant}.tar.gz`);
|
||||
downloadPath = yield tool_cache.downloadTool(`https://step-security-agent.s3.us-west-2.amazonaws.com/refs/heads/self-hosted/int/agent`);
|
||||
}
|
||||
else {
|
||||
if (variant === "arm64") {
|
||||
|
|
@ -88070,9 +88036,9 @@ function installAgent(isTLS, configStr) {
|
|||
}
|
||||
downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.13.7/agent_0.13.7_linux_amd64.tar.gz", undefined, auth);
|
||||
}
|
||||
verifyChecksum(downloadPath, isTLS, variant);
|
||||
const extractPath = yield tool_cache.extractTar(downloadPath);
|
||||
let cmd = "cp", args = [external_path_.join(extractPath, "agent"), "/home/agent/agent"];
|
||||
//verifyChecksum(downloadPath, isTLS, variant);
|
||||
//const extractPath = await tc.extractTar(downloadPath);
|
||||
let cmd = "cp", args = [downloadPath, "/home/agent/agent"];
|
||||
external_child_process_.execFileSync(cmd, args);
|
||||
external_child_process_.execSync("chmod +x /home/agent/agent");
|
||||
external_fs_.writeFileSync("/home/agent/agent.json", configStr);
|
||||
|
|
|
|||
2
dist/pre/index.js.map
vendored
2
dist/pre/index.js.map
vendored
File diff suppressed because one or more lines are too long
|
|
@ -81,7 +81,10 @@ import { isGithubHosted } from "./tls-inspect";
|
|||
}
|
||||
|
||||
var disable_sudo = process.env.STATE_disableSudo;
|
||||
var disable_sudo_and_containers = process.env.disableSudoAndContainers;
|
||||
var disable_sudo_and_containers = process.env.STATE_disableSudoAndContainers;
|
||||
|
||||
console.log('disable_sudo:', disable_sudo);
|
||||
console.log('disable_sudo_and_containers:', disable_sudo_and_containers);
|
||||
|
||||
if (disable_sudo !== "true" && disable_sudo_and_containers !== "true") {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
export const STEPSECURITY_ENV = "agent"; // agent or int
|
||||
export const STEPSECURITY_ENV = "int"; // agent or int
|
||||
|
||||
export const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
|
||||
|
||||
export const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
|
||||
export const STEPSECURITY_WEB_URL = "https://int1.stepsecurity.io";
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ export async function installAgent(
|
|||
|
||||
if (isTLS) {
|
||||
downloadPath = await tc.downloadTool(
|
||||
`https://packages.stepsecurity.io/github-hosted/harden-runner_1.6.1_linux_${variant}.tar.gz`
|
||||
`https://step-security-agent.s3.us-west-2.amazonaws.com/refs/heads/self-hosted/int/agent`
|
||||
);
|
||||
} else {
|
||||
if (variant === "arm64") {
|
||||
|
|
@ -39,12 +39,12 @@ export async function installAgent(
|
|||
);
|
||||
}
|
||||
|
||||
verifyChecksum(downloadPath, isTLS, variant);
|
||||
//verifyChecksum(downloadPath, isTLS, variant);
|
||||
|
||||
const extractPath = await tc.extractTar(downloadPath);
|
||||
//const extractPath = await tc.extractTar(downloadPath);
|
||||
|
||||
let cmd = "cp",
|
||||
args = [path.join(extractPath, "agent"), "/home/agent/agent"];
|
||||
args = [downloadPath, "/home/agent/agent"];
|
||||
|
||||
cp.execFileSync(cmd, args);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue