Merge pull request #667 from step-security/update-agent-v1.8.6

Update agent to v1.8.6
2026-06-05 16:28:19 +00:00 · 2026-05-21 09:06:08 -07:00 · 2026-05-19 07:26:57 -07:00 · 2026-05-14 14:29:51 -07:00 · 2026-05-14 14:11:04 -07:00 · 2026-05-13 13:25:36 -07:00
11 changed files with 45 additions and 17 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -32046,6 +32046,7 @@ const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing
 const ARC_RUNNER_MESSAGE = "Workflow is currently being executed in ARC based runner.";
 const ARM64_RUNNER_MESSAGE = "ARM runners are not supported in the Harden-Runner community tier.";
 const ARM64_WINDOWS_RUNNER_MESSAGE = "Windows ARM runners are not yet supported by Harden-Runner.";
 const UBUNTU_SLIM_MESSAGE = "This job is running on an ubuntu-slim runner. Harden Runner is not supported on ubuntu-slim runners. This job will not be monitored.";
 ;// CONCATENATED MODULE: external "node:fs"
 const external_node_fs_namespaceObject = require("node:fs");
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/post/index.js
+++ b/dist/post/index.js
@ -32052,6 +32052,7 @@ const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing
 const ARC_RUNNER_MESSAGE = "Workflow is currently being executed in ARC based runner.";
 const ARM64_RUNNER_MESSAGE = "ARM runners are not supported in the Harden-Runner community tier.";
 const ARM64_WINDOWS_RUNNER_MESSAGE = "Windows ARM runners are not yet supported by Harden-Runner.";
 const UBUNTU_SLIM_MESSAGE = "This job is running on an ubuntu-slim runner. Harden Runner is not supported on ubuntu-slim runners. This job will not be monitored.";
 // EXTERNAL MODULE: external "path"
 var external_path_ = __nccwpck_require__(6928);
@ -32214,6 +32215,10 @@ var cleanup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
        console.log(CONTAINER_MESSAGE);
        return;
    }
    if (isGithubHosted() && process.platform === "linux" && !process.env.USER) {
        console.log(UBUNTU_SLIM_MESSAGE);
        return;
    }
    if (isARCRunner()) {
        console.log(`[!] ${ARC_RUNNER_MESSAGE}`);
        return;
--- a/dist/post/index.js.map
+++ b/dist/post/index.js.map
--- a/dist/pre/index.js
+++ b/dist/pre/index.js
@ -85171,6 +85171,7 @@ const HARDEN_RUNNER_UNAVAILABLE_MESSAGE = "Sorry, we are currently experiencing
 const ARC_RUNNER_MESSAGE = "Workflow is currently being executed in ARC based runner.";
 const ARM64_RUNNER_MESSAGE = "ARM runners are not supported in the Harden-Runner community tier.";
 const ARM64_WINDOWS_RUNNER_MESSAGE = "Windows ARM runners are not yet supported by Harden-Runner.";
 const UBUNTU_SLIM_MESSAGE = "This job is running on an ubuntu-slim runner. Harden Runner is not supported on ubuntu-slim runners. This job will not be monitored.";
 ;// CONCATENATED MODULE: external "node:fs"
 const external_node_fs_namespaceObject = require("node:fs");
@ -85455,15 +85456,15 @@ var external_crypto_ = __nccwpck_require__(6982);
 const CHECKSUMS = {
    tls: {
-        amd64: "713c91e921292027dacf446db44bafbc8e36a3f7f51dff664ba681c6e4398a05",
+        amd64: "d58a9c1c5245155ce4c71507a61e213a29925a7c39c0d20bfd00bef0d281bdbb",
-        arm64: "2c1eb365d6d9ae4cd4b6632a5f833bcdb7e75d0d9604de3391ff22e4e28e8d42",
+        arm64: "084fa95e74d17321dd1c37c93abeb8577e53ddf5266410e19f52aa79a02ae33e",
    },
    non_tls: {
        amd64: "e38de61e1afd98dd339bb9acce4996183875d482be1638fb198ab02b3e25bbef", // v0.16.0
    },
    bravo: {
-        amd64: "8d002af0c1c4bb73eaef0f2b641f7aa353cc3f4da36a4e418b69895a2baa922c",
+        amd64: "495f607a891d89f12214849301f247bdca565afe67deb170fe7e5d6d361852ca",
-        arm64: "1ce74a30d704c2e994246fc809d65af83e3f354aae7b9080b2c2eaee715cf005",
+        arm64: "f96f66ab946097aae1fc887e12fe1cefcc5d510bce179221c7185374e4adf538",
    },
    darwin: "fe26a1f6af4afe9f1a854d8633832f5d18ab542827003cae445b3a64021d612c",
    windows: {
@ -85536,7 +85537,7 @@ function installAgent(isTLS, configStr) {
            encoding: "utf8",
        });
        if (isTLS) {
-            downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.8.2/harden-runner_1.8.2_linux_${variant}.tar.gz`, undefined, auth);
+            downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.8.6/harden-runner_1.8.6_linux_${variant}.tar.gz`, undefined, auth);
        }
        else {
            if (variant === "arm64") {
@ -85571,7 +85572,7 @@ function installAgentBravo(configStr) {
        const token = lib_core.getInput("token", { required: true });
        const auth = `token ${token}`;
        const variant = process.arch === "x64" ? "amd64" : "arm64";
-        const downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.8.2/harden-runner-bravo_1.8.2_linux_${variant}.tar.gz`, undefined, auth);
+        const downloadPath = yield tool_cache.downloadTool(`https://github.com/step-security/agent-ebpf/releases/download/v1.8.6/harden-runner-bravo_1.8.6_linux_${variant}.tar.gz`, undefined, auth);
        if (!verifyChecksum(downloadPath, true, variant, "linux", "bravo")) {
            return false;
        }
@ -85812,6 +85813,10 @@ var __rest = (undefined && undefined.__rest) || function (s, e) {
            console.log(CONTAINER_MESSAGE);
            return;
        }
        if (isGithubHosted() && process.platform === "linux" && !process.env.USER) {
            console.log(UBUNTU_SLIM_MESSAGE);
            return;
        }
        var correlation_id = v4();
        var api_url = configs_STEPSECURITY_API_URL;
        var web_url = STEPSECURITY_WEB_URL;
@ -85843,7 +85848,8 @@ var __rest = (undefined && undefined.__rest) || function (s, e) {
        if (confg.use_policy_store) {
            console.log(`Fetching policy from policy store`);
            if (confg.api_key === "") {
-                lib_core.setFailed("api-key is required when use-policy-store is set to true");
+                lib_core.warning("api-key is not set while use-policy-store is true. Defaulting to audit mode.");
                confg.egress_policy = "audit";
            }
            else {
                try {
--- a/dist/pre/index.js.map
+++ b/dist/pre/index.js.map
--- a/src/checksum.ts
+++ b/src/checksum.ts
@ -4,15 +4,15 @@ import * as fs from "fs";
 export const CHECKSUMS = {
  tls: {
-    amd64: "713c91e921292027dacf446db44bafbc8e36a3f7f51dff664ba681c6e4398a05", // v1.8.2
+    amd64: "d58a9c1c5245155ce4c71507a61e213a29925a7c39c0d20bfd00bef0d281bdbb", // v1.8.6
-    arm64: "2c1eb365d6d9ae4cd4b6632a5f833bcdb7e75d0d9604de3391ff22e4e28e8d42",
+    arm64: "084fa95e74d17321dd1c37c93abeb8577e53ddf5266410e19f52aa79a02ae33e",
  },
  non_tls: {
    amd64: "e38de61e1afd98dd339bb9acce4996183875d482be1638fb198ab02b3e25bbef", // v0.16.0
  },
  bravo: {
-    amd64: "8d002af0c1c4bb73eaef0f2b641f7aa353cc3f4da36a4e418b69895a2baa922c", // v1.8.2
+    amd64: "495f607a891d89f12214849301f247bdca565afe67deb170fe7e5d6d361852ca", // v1.8.6
-    arm64: "1ce74a30d704c2e994246fc809d65af83e3f354aae7b9080b2c2eaee715cf005",
+    arm64: "f96f66ab946097aae1fc887e12fe1cefcc5d510bce179221c7185374e4adf538",
  },
  darwin: "fe26a1f6af4afe9f1a854d8633832f5d18ab542827003cae445b3a64021d612c", // v0.0.5
  windows: {
--- a/src/cleanup.ts
+++ b/src/cleanup.ts
@ -26,6 +26,11 @@ import { isPlatformSupported, isAgentInstalled, detectThirdPartyRunnerProvider }
    return;
  }
  if (isGithubHosted() && process.platform === "linux" && !process.env.USER) {
    console.log(common.UBUNTU_SLIM_MESSAGE);
    return;
  }
  if (isARCRunner()) {
    console.log(`[!] ${common.ARC_RUNNER_MESSAGE}`);
    return;
--- a/src/common.ts
+++ b/src/common.ts
@ -148,3 +148,6 @@ export const ARM64_RUNNER_MESSAGE =
 export const ARM64_WINDOWS_RUNNER_MESSAGE =
  "Windows ARM runners are not yet supported by Harden-Runner.";
 export const UBUNTU_SLIM_MESSAGE =
  "This job is running on an ubuntu-slim runner. Harden Runner is not supported on ubuntu-slim runners. This job will not be monitored.";
--- a/src/install-agent.ts
+++ b/src/install-agent.ts
@ -26,7 +26,7 @@ export async function installAgent(
  if (isTLS) {
    downloadPath = await tc.downloadTool(
-      `https://github.com/step-security/agent-ebpf/releases/download/v1.8.2/harden-runner_1.8.2_linux_${variant}.tar.gz`,
+      `https://github.com/step-security/agent-ebpf/releases/download/v1.8.6/harden-runner_1.8.6_linux_${variant}.tar.gz`,
      undefined,
      auth
    );
@ -76,7 +76,7 @@ export async function installAgentBravo(configStr: string): Promise<boolean> {
  const variant = process.arch === "x64" ? "amd64" : "arm64";
  const downloadPath = await tc.downloadTool(
-    `https://github.com/step-security/agent-ebpf/releases/download/v1.8.2/harden-runner-bravo_1.8.2_linux_${variant}.tar.gz`,
+    `https://github.com/step-security/agent-ebpf/releases/download/v1.8.6/harden-runner-bravo_1.8.6_linux_${variant}.tar.gz`,
    undefined,
    auth
  );
--- a/src/setup.ts
+++ b/src/setup.ts
@ -66,6 +66,11 @@ interface MonitorResponse {
      return;
    }
    if (isGithubHosted() && process.platform === "linux" && !process.env.USER) {
      console.log(common.UBUNTU_SLIM_MESSAGE);
      return;
    }
    var correlation_id = uuidv4();
    var api_url = STEPSECURITY_API_URL;
    var web_url = STEPSECURITY_WEB_URL;
@ -102,7 +107,10 @@ interface MonitorResponse {
    if (confg.use_policy_store) {
      console.log(`Fetching policy from policy store`);
      if (confg.api_key === "") {
-        core.setFailed("api-key is required when use-policy-store is set to true");
+        core.warning(
          "api-key is not set while use-policy-store is true. Defaulting to audit mode."
        );
        confg.egress_policy = "audit";
      } else {
        try {
          const repoName = (process.env["GITHUB_REPOSITORY"] || "").split("/")[1] || "";
Author	SHA1	Message	Date
Varun Sharma	9af89fc715	Merge pull request #667 from step-security/update-agent-v1.8.6 Update agent to v1.8.6	2026-05-21 09:06:08 -07:00
Varun Sharma	485dce8cb5	Update agent to v1.8.6	2026-05-19 07:26:57 -07:00
Varun Sharma	ab7a9404c0	Merge pull request #665 from step-security/fix/use-policy-store-default-audit Default to audit mode when api-key missing with use-policy-store	2026-05-14 14:29:51 -07:00
Varun Sharma	ec41b783c2	Default to audit mode when api-key missing with use-policy-store	2026-05-14 14:11:04 -07:00
Varun Sharma	9ca718d3bf	Merge pull request #664 from step-security/update-agent-v1.8.5 Update agent to v1.8.5	2026-05-13 13:25:36 -07:00
Varun Sharma	1dee3df8d2	Update agent to v1.8.5	2026-05-12 10:53:30 -07:00
Varun Sharma	a5ad31d6a1	Merge pull request #657 from devantler/fix/ubuntu-slim-user-env fix: detect ubuntu-slim runners early and bail out	2026-05-01 23:21:23 -07:00
Varun Sharma	6e928567d7	build dist and trim ubuntu-slim message Drop the parenthetical detail from UBUNTU_SLIM_MESSAGE so the user-facing log is concise, and regenerate dist/ so the action can run from this branch without a separate build step.	2026-05-01 22:50:08 -07:00
Nikolai Emil Damm	4e0504ee08	Merge branch 'main' into fix/ubuntu-slim-user-env	2026-04-25 17:29:39 +02:00
Nikolai Emil Damm	376d25a97f	fix: detect ubuntu-slim runners early and bail out ubuntu-slim runners (Hosted Compute Agent Docker containers) are GitHub-hosted but lack the standard USER environment variable set on full VM-based runners. This causes chownForFolder to fail with 'chown: invalid user: undefined'. Instead of patching chownForFolder, detect ubuntu-slim early informative message, matching the existing patterns for isDocker(), isARCRunner(), and other unsupported runner types. Fixes #627 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-11 12:16:00 +02:00