mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-05 19:53:33 +00:00
20c37511ecDetect Depot/Namespace/Warp/Blacksmith runners and install the bravo agent variant. Bravo install mirrors installAgentForSelfHosted: TLS gate via isTLSEnabled, hand-picked config literal with random api_key, correlation_id set to RUNNER_NAME so it matches server-side correlation derived from job logs (is_github_hosted=true keeps the agent from overriding correlation_id to customer-hostname). Bumps agent-ebpf to v1.8.1 and macOS installer to v0.0.5.
65 lines
1.9 KiB
TypeScript
65 lines
1.9 KiB
TypeScript
import * as cp from "child_process";
|
|
import * as fs from "fs";
|
|
|
|
export function isPlatformSupported(platform: NodeJS.Platform) {
|
|
switch (platform) {
|
|
case "linux":
|
|
case "win32":
|
|
case "darwin":
|
|
return true;
|
|
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
export function chownForFolder(newOwner: string, target: string) {
|
|
let cmd = "sudo";
|
|
let args = ["chown", "-R", newOwner, target];
|
|
cp.execFileSync(cmd, args);
|
|
}
|
|
|
|
export function isAgentInstalled(platform: NodeJS.Platform) {
|
|
switch (platform) {
|
|
case "linux":
|
|
return fs.existsSync("/home/agent/agent.status");
|
|
case "win32":
|
|
return fs.existsSync("C:\\agent\\agent.status");
|
|
case "darwin":
|
|
return fs.existsSync("/opt/step-security/agent.status");
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
export function shouldDeployAgentOnSelfHosted(
|
|
deployOnSelfHostedVm: boolean,
|
|
isContainer: boolean,
|
|
agentAlreadyInstalled: boolean
|
|
): boolean {
|
|
return deployOnSelfHostedVm && !isContainer && !agentAlreadyInstalled;
|
|
}
|
|
|
|
export type ThirdPartyRunnerProvider = "depot" | "namespace" | "warp" | "blacksmith";
|
|
|
|
export function detectThirdPartyRunnerProvider(): ThirdPartyRunnerProvider | null {
|
|
if (process.env["DEPOT_RUNNER"] === "1") return "depot";
|
|
if (process.env["NAMESPACE_GITHUB_RUNTIME"]) return "namespace";
|
|
const runnerName = process.env["RUNNER_NAME"] ?? "";
|
|
if (runnerName.startsWith("warp-")) return "warp";
|
|
if (runnerName.startsWith("blacksmith-")) return "blacksmith";
|
|
return null;
|
|
}
|
|
|
|
export function getAnnotationLogs(platform: NodeJS.Platform) {
|
|
switch (platform) {
|
|
case "linux":
|
|
return fs.readFileSync("/home/agent/annotation.log", "utf8");
|
|
case "win32":
|
|
return fs.readFileSync("C:\\agent\\annotation.log", "utf8");
|
|
case "darwin":
|
|
return fs.readFileSync("/opt/step-security/annotation.log", "utf8");
|
|
default:
|
|
throw new Error("platform not supported");
|
|
}
|
|
}
|