update agent

dist/pre/index.js

@@ -85495,8 +85495,8 @@ var external_crypto_ = __nccwpck_require__(6982);
 
 const CHECKSUMS = {
     tls: {
-        amd64: "2a5be06ab620340f6957ddd180450caab414671c8b7da1996d8e2755c1cd49fa",
+        amd64: "d92e2d3ad0d451dfddc082c10690fb69472df9e45f6d9b37b0e6fe374bd6569f",
-        arm64: "e9d0ccf3e4e62ba15ff208ef6e0afa0ad5e323c3dfc50527342f436a85e65a55",
+        arm64: "84ff11038212d5143447619a3b5457b58dd196cad94f987154f11bd6cd6a5fb0",
     },
     non_tls: {
         amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2
@@ -85549,7 +85549,7 @@ function installAgent(isTLS, configStr) {
             encoding: "utf8",
         });
         if (isTLS) {
-            downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.7.9/harden-runner_1.7.9_linux_${variant}.tar.gz`, undefined, auth);
+            downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.7.12/harden-runner_1.7.12_linux_${variant}.tar.gz`, undefined, auth);
         }
         else {
             if (variant === "arm64") {
@@ -85763,6 +85763,13 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
                 encoding: "utf8",
             });
             lib_core.info(SELF_HOSTED_RUNNER_MESSAGE);
+            // Install agent for self-hosted runner (only if not already installed)
+            if (!external_fs_.existsSync("/home/agent/agent.status")) {
+                yield installAgentForSelfHosted(github.context.repo.owner);
+            }
+            else {
+                console.log("Agent already installed for self-hosted runner, skipping installation");
+            }
             if (confg.egress_policy === "block") {
                 sendAllowedEndpoints(confg.allowed_endpoints);
                 yield setup_sleep(5000);
@@ -85867,6 +85874,59 @@ function chownForFolder(newOwner, target) {
     let args = ["chown", "-R", newOwner, target];
     external_child_process_.execFileSync(cmd, args);
 }
+function installAgentForSelfHosted(owner) {
+    return setup_awaiter(this, void 0, void 0, function* () {
+        try {
+            console.log("Installing Harden Runner agent for self-hosted runner");
+            // Determine TLS support
+            let isTLS = yield isTLSEnabled(owner);
+            if (!isTLS) {
+                console.log("TLS is not enabled for this organization. Agent installation skipped for self-hosted runner.");
+                return;
+            }
+            // Create self-hosted specific config
+            const selfHostedConfig = {
+                customer: owner,
+                working_directory: process.env.GITHUB_WORKSPACE,
+                api_key: v4()
+            };
+            const selfHostedConfigStr = JSON.stringify(selfHostedConfig);
+            // Create /home/agent directory
+            external_child_process_.execSync("sudo mkdir -p /home/agent");
+            chownForFolder(process.env.USER, "/home/agent");
+            // Install the agent
+            const agentInstalled = yield installAgent(isTLS, selfHostedConfigStr);
+            if (agentInstalled) {
+                // Wait for agent.status file
+                var statusFile = "/home/agent/agent.status";
+                var logFile = "/home/agent/agent.log";
+                var counter = 0;
+                while (true) {
+                    if (!external_fs_.existsSync(statusFile)) {
+                        counter++;
+                        if (counter > 30) {
+                            console.log("timed out");
+                            if (external_fs_.existsSync(logFile)) {
+                                var content = external_fs_.readFileSync(logFile, "utf-8");
+                                console.log(content);
+                            }
+                            break;
+                        }
+                        yield setup_sleep(300);
+                    }
+                    else {
+                        var content = external_fs_.readFileSync(statusFile, "utf-8");
+                        console.log(content);
+                        break;
+                    }
+                }
+            }
+        }
+        catch (error) {
+            console.log(`Failed to install agent for self-hosted runner: ${error.message}`);
+        }
+    });
+}
 
 })();
 

src/checksum.ts

@@ -4,8 +4,8 @@ import * as fs from "fs";
 
 const CHECKSUMS = {
   tls: {
-    amd64: "2a5be06ab620340f6957ddd180450caab414671c8b7da1996d8e2755c1cd49fa", // v1.7.9
+    amd64: "d92e2d3ad0d451dfddc082c10690fb69472df9e45f6d9b37b0e6fe374bd6569f", // v1.7.12
-    arm64: "e9d0ccf3e4e62ba15ff208ef6e0afa0ad5e323c3dfc50527342f436a85e65a55",
+    arm64: "84ff11038212d5143447619a3b5457b58dd196cad94f987154f11bd6cd6a5fb0",
   },
   non_tls: {
     amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2

src/install-agent.ts

@@ -25,7 +25,7 @@ export async function installAgent(
 
   if (isTLS) {
     downloadPath = await tc.downloadTool(
-      `https://github.com/step-security/agent-ebpf/releases/download/v1.7.9/harden-runner_1.7.9_linux_${variant}.tar.gz`,
+      `https://github.com/step-security/agent-ebpf/releases/download/v1.7.12/harden-runner_1.7.12_linux_${variant}.tar.gz`,
       undefined,
       auth
     );

src/setup.ts

@@ -242,6 +242,13 @@ interface MonitorResponse {
 
       core.info(common.SELF_HOSTED_RUNNER_MESSAGE);
 
+      // Install agent for self-hosted runner (only if not already installed)
+      if (!fs.existsSync("/home/agent/agent.status")) {
+        await installAgentForSelfHosted(context.repo.owner);
+      } else {
+        console.log("Agent already installed for self-hosted runner, skipping installation");
+      }
+
       if (confg.egress_policy === "block") {
         sendAllowedEndpoints(confg.allowed_endpoints);
         await sleep(5000);
@@ -373,3 +380,59 @@ function chownForFolder(newOwner: string, target: string) {
   let args = ["chown", "-R", newOwner, target];
   cp.execFileSync(cmd, args);
 }
+
+async function installAgentForSelfHosted(owner: string) {
+  try {
+    console.log("Installing Harden Runner agent for self-hosted runner");
+
+    // Determine TLS support
+    let isTLS = await isTLSEnabled(owner);
+
+    if (!isTLS) {
+      console.log("TLS is not enabled for this organization. Agent installation skipped for self-hosted runner.");
+      return;
+    }
+
+    // Create self-hosted specific config
+    const selfHostedConfig = {
+      customer: owner,
+      working_directory: process.env.GITHUB_WORKSPACE,
+      api_key: uuidv4()
+    };
+    const selfHostedConfigStr = JSON.stringify(selfHostedConfig);
+
+    // Create /home/agent directory
+    cp.execSync("sudo mkdir -p /home/agent");
+    chownForFolder(process.env.USER, "/home/agent");
+
+    // Install the agent
+    const agentInstalled = await installAgent(isTLS, selfHostedConfigStr);
+
+    if (agentInstalled) {
+      // Wait for agent.status file
+      var statusFile = "/home/agent/agent.status";
+      var logFile = "/home/agent/agent.log";
+      var counter = 0;
+      while (true) {
+        if (!fs.existsSync(statusFile)) {
+          counter++;
+          if (counter > 30) {
+            console.log("timed out");
+            if (fs.existsSync(logFile)) {
+              var content = fs.readFileSync(logFile, "utf-8");
+              console.log(content);
+            }
+            break;
+          }
+          await sleep(300);
+        } else {
+          var content = fs.readFileSync(statusFile, "utf-8");
+          console.log(content);
+          break;
+        }
+      }
+    }
+  } catch (error) {
+    console.log(`Failed to install agent for self-hosted runner: ${error.message}`);
+  }
+}