github cicd comments

.github/scripts/akto-cicd.sh

@@ -34,7 +34,7 @@ echo "### Akto test summary" >> $GITHUB_STEP_SUMMARY
 while true; do
   current_time=$(date +%s)
   elapsed_time=$((current_time - start_time))
-  
+
   if ((elapsed_time >= MAX_POLL_INTERVAL)); then
     echo "Max poll interval reached. Exiting."
     break

.github/workflows/staging.yml

@@ -93,15 +93,15 @@ jobs:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
-      
+
   deploy:
     needs: build
     runs-on: ubuntu-latest
     environment: Dev
     permissions:
       id-token: write
       contents: read
-    env: 
+    env:
       IMAGE_TAG: ${{needs.build.outputs.IMAGE_TAG}}
       FLASH_NLB_DNS: ${{ secrets.FLASH_NLB_DNS }}
       FLASH_MONGO_CONN: ${{ secrets.FLASH_MONGO_CONN }}
@@ -125,7 +125,7 @@ jobs:
         aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }}
         aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }}
         aws-region: ap-south-1
-        
+
     - name: deploy to cluster
       id: deploy_cluster
       uses: koslib/helm-eks-action@master
@@ -186,11 +186,12 @@ jobs:
         with:
           node-version: '17'
 
-      - uses: akto-api-security/run-scan@v1.0.10
+      - uses: akto-api-security/run-scan@v1.0.12
         with:
           AKTO_DASHBOARD_URL: https://flash.staging.akto.io
           AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
           AKTO_TEST_ID: 65590b1ce9fca33d79d45440
+          GITHUB_COMMIT_ID: ${{github.event.pull_request.head.sha}}
           START_TIME_DELAY: 2
           OVERRIDDEN_TEST_APP_URL: ${{needs.deploy.outputs.lb_name}}
           WAIT_TIME_FOR_RESULT: 1200
@@ -213,12 +214,12 @@ jobs:
     permissions:
       id-token: write
       contents: read
-    env: 
+    env:
       IMAGE_TAG: ${{needs.build.outputs.IMAGE_TAG}}
       FLASH_NLB_DNS: ${{ secrets.FLASH_NLB_DNS }}
       FLASH_MONGO_CONN: ${{ secrets.FLASH_MONGO_CONN }}
     steps:
-        
+
     - name: Fetch kube yaml
       #revert branch name
       run: |
@@ -231,7 +232,7 @@ jobs:
         aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }}
         aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }}
         aws-region: ap-south-1
-        
+
     - name: delete cluster
       uses: koslib/helm-eks-action@master
       env:

apps/dashboard/pom.xml

@@ -66,6 +66,12 @@
             <artifactId>commons-lang3</artifactId>
             <version>3.12.0</version>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/org.kohsuke/github-api -->
+        <dependency>
+            <groupId>org.kohsuke</groupId>
+            <artifactId>github-api</artifactId>
+            <version>1.316</version>
+        </dependency>
         <!-- https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlets -->
         <dependency>
             <groupId>org.eclipse.jetty</groupId>

apps/dashboard/src/main/java/com/akto/action/user/GithubSsoAction.java

@@ -1,21 +1,31 @@
 package com.akto.action.user;
 
 import com.akto.action.UserAction;
+import com.akto.action.testing.StartTestAction;
+import com.akto.dao.AccountSettingsDao;
 import com.akto.dao.ConfigsDao;
 import com.akto.dao.RBACDao;
 import com.akto.dao.UsersDao;
 import com.akto.dao.context.Context;
+import com.akto.dto.AccountSettings;
 import com.akto.dto.Config;
 import com.akto.dto.User;
+import com.akto.github.GithubUtils;
+import com.akto.log.LoggerMaker;
 import com.akto.util.DashboardMode;
 import com.mongodb.BasicDBObject;
 import com.mongodb.client.model.Filters;
 import com.mongodb.client.model.Updates;
 import com.mongodb.client.result.DeleteResult;
+import org.kohsuke.github.GitHub;
+import org.kohsuke.github.GitHubBuilder;
 
 import java.util.ArrayList;
 
+import static com.akto.dao.AccountSettingsDao.generateFilter;
+
 public class GithubSsoAction extends UserAction {
+    private static final LoggerMaker loggerMaker = new LoggerMaker(StartTestAction.class);
 
     public String deleteGithubSso() {
 
@@ -45,8 +55,65 @@ public String deleteGithubSso() {
         return SUCCESS.toUpperCase();
     }
 
+    public String fetchGithubAppId() {
+        AccountSettings accountSettings = AccountSettingsDao.instance.findOne(generateFilter());
+        githubAppId = accountSettings.getGithubAppId();
+        return SUCCESS.toUpperCase();
+    }
+
+    public String deleteGithubAppSecretKey() {
+        if(!DashboardMode.isOnPremDeployment()){
+            addActionError("This feature is only available in on-prem deployment");
+            return ERROR.toUpperCase();
+        }
+
+        User user = getSUser();
+        boolean isAdmin = RBACDao.instance.isAdmin(user.getId(), Context.accountId.get());
+        if (!isAdmin) {
+            addActionError("Only admin can delete github app credentials");
+            return ERROR.toUpperCase();
+        }
+
+        AccountSettingsDao.instance.updateOne(generateFilter(), Updates.combine(
+                Updates.unset(AccountSettings.GITHUB_APP_ID),
+                Updates.unset(AccountSettings.GITHUB_APP_SECRET_KEY)));
+        addActionMessage("Deleted github app ID and secret key");
+        return SUCCESS.toUpperCase();
+    }
+
+    public String addGithubAppSecretKey() {
+        if(!DashboardMode.isOnPremDeployment()){
+            addActionError("This feature is only available in on-prem deployment");
+            return ERROR.toUpperCase();
+        }
+
+        User user = getSUser();
+        boolean isAdmin = RBACDao.instance.isAdmin(user.getId(), Context.accountId.get());
+        if (!isAdmin) {
+            addActionError("Only admin can delete github app credentials");
+            return ERROR.toUpperCase();
+        }
+        githubAppSecretKey = githubAppSecretKey.replace("-----BEGIN RSA PRIVATE KEY-----","");
+        githubAppSecretKey = githubAppSecretKey.replace("-----END RSA PRIVATE KEY-----","");
+        githubAppSecretKey = githubAppSecretKey.replace("\n","");
+
+        try {
+            String jwtToken = GithubUtils.createJWT(githubAppId,githubAppSecretKey, 10 * 60 * 1000);
+            GitHub gitHub = new GitHubBuilder().withJwtToken(jwtToken).build();
+            gitHub.getApp();
+        } catch (Exception e) {
+            addActionError("invalid github app Id and secret key");
+            return ERROR.toUpperCase();
+        }
+        AccountSettingsDao.instance.updateOne(generateFilter(), Updates.combine(Updates.set(AccountSettings.GITHUB_APP_SECRET_KEY, githubAppSecretKey),
+                Updates.set(AccountSettings.GITHUB_APP_ID, githubAppId)));
+        return SUCCESS.toUpperCase();
+    }
     private String githubClientId;
     private String githubClientSecret;
+    private String githubAppSecretKey;
+    private String githubAppId;
+    private String testingRunSummaryHexId;
     public String addGithubSso() {
 
         if(!DashboardMode.isOnPremDeployment()){
@@ -104,4 +171,28 @@ public String getGithubClientId() {
     public void setGithubClientSecret(String githubClientSecret) {
         this.githubClientSecret = githubClientSecret;
     }
+
+    public String getGithubAppSecretKey() {
+        return githubAppSecretKey;
+    }
+
+    public void setGithubAppSecretKey(String githubAppSecretKey) {
+        this.githubAppSecretKey = githubAppSecretKey;
+    }
+
+    public String getTestingRunSummaryHexId() {
+        return testingRunSummaryHexId;
+    }
+
+    public void setTestingRunSummaryHexId(String testingRunSummaryHexId) {
+        this.testingRunSummaryHexId = testingRunSummaryHexId;
+    }
+
+    public String getGithubAppId() {
+        return githubAppId;
+    }
+
+    public void setGithubAppId(String githubAppId) {
+        this.githubAppId = githubAppId;
+    }
 }

apps/dashboard/src/main/resources/struts.xml

@@ -297,6 +297,39 @@
             </result>
         </action>
 
+        <action name="api/fetchGithubAppId" class="com.akto.action.user.GithubSsoAction" method="fetchGithubAppId">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <result name="SUCCESS"   type="json"/>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
+        <action name="api/addGithubAppSecretKey" class="com.akto.action.user.GithubSsoAction" method="addGithubAppSecretKey">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <result name="SUCCESS"   type="json"/>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
+        <action name="api/deleteGithubAppSecretKey" class="com.akto.action.user.GithubSsoAction" method="deleteGithubAppSecretKey">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <result name="SUCCESS"   type="json"/>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
         <action name="api/getAPICatalog" class="com.akto.action.APICatalogAction" method="getAPICatalog">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />

apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/layouts/PageWithMultipleCards.jsx

@@ -3,7 +3,7 @@ import { useNavigate, useLocation } from "react-router-dom";
 
 const PageWithMultipleCards = (props) => {
 
-    const {backUrl, isFirstPage, title, primaryAction, secondaryActions, divider, components} = props
+    const {backUrl, isFirstPage, title, primaryAction, secondaryActions, divider, components, fullWidth} = props
 
     const location = useLocation();
     const navigate = useNavigate()
@@ -21,7 +21,7 @@ const PageWithMultipleCards = (props) => {
     }
 
     return (
-        <Page fullWidth
+        <Page fullWidth={fullWidth === undefined ? true: fullWidth}
             title={title}
             backAction={getBackAction()}
             primaryAction={primaryAction}

apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/shared/UploadFile.jsx

@@ -3,7 +3,7 @@ import { UploadMajor } from '@shopify/polaris-icons';
 import { useRef } from "react"
 
 
-function UploadFile({ fileFormat, fileChanged, tooltipText, label, primary}) {
+function UploadFile({ fileFormat, fileChanged, tooltipText, label, primary, plain}) {
 
     const fileUploadRef = useRef("")
 
@@ -27,7 +27,8 @@ function UploadFile({ fileFormat, fileChanged, tooltipText, label, primary}) {
             <Button 
                 // icon={UploadMajor} 
                 primary={primary !== undefined ? primary : true}
-                plain monochrome removeUnderline
+                plain={plain === undefined ? true: plain}
+                monochrome removeUnderline
                 onClick={onPickFile}>
                 {label}
                 <input

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/api.js

@@ -218,6 +218,27 @@ const settingRequests = {
             data: {}
         })
     },
+    fetchGithubAppId() {
+        return request({
+            url: '/api/fetchGithubAppId',
+            method: 'post',
+            data: {}
+        })
+    },
+    addGithubAppSecretKey(githubAppSecretKey, githubAppId) {
+        return request({
+            url: '/api/addGithubAppSecretKey',
+            method: 'post',
+            data: {githubAppSecretKey, githubAppId}
+        })
+    },
+    deleteGithubAppSettings() {
+        return request({
+            url: '/api/deleteGithubAppSecretKey',
+            method: 'post',
+            data: {}
+        })
+    },
     toggleRedactFeature(redactPayload) {
         return request({
             url: '/api/toggleRedactFeature',
@@ -227,7 +248,6 @@ const settingRequests = {
             }
         })
     },
-
     toggleNewMergingEnabled(newMergingEnabled) {
         return request({
             url: '/api/toggleNewMergingEnabled',
@@ -237,7 +257,6 @@ const settingRequests = {
             }
         });
     },
-
     updateSetupType(setupType) {
         return request({
             url: '/api/updateSetupType',
@@ -247,14 +266,13 @@ const settingRequests = {
             }
         })
     },
-
     updateTrafficAlertThresholdSeconds(trafficAlertThresholdSeconds) {
         return request({
             url: '/api/updateTrafficAlertThresholdSeconds',
             method: 'post',
             data: {trafficAlertThresholdSeconds}
         })
-    },
+    }
 }
 
 export default settingRequests