Skip to content

Commit

Permalink
Merge pull request #423 from h0x0er/one-time-key
Browse files Browse the repository at this point in the history
Add one-time-key logic
  • Loading branch information
varunsh-coder authored Jun 8, 2024
2 parents 547a5cc + 7036afe commit 2946323
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 45 deletions.
110 changes: 70 additions & 40 deletions dist/pre/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/pre/index.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions src/checksum.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {
.digest("hex"); // checksum of downloaded file

let expectedChecksum: string =
"ceb925c78e5c79af4f344f08f59bbdcf3376d20d15930a315f9b24b6c4d0328a"; // checksum for v0.13.5
"a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a"; // checksum for v0.13.7

if (is_tls) {
expectedChecksum =
"846ae66c6cfab958fe61736cec0b58bdb7651b36af04c279405c7114675d7033"; // checksum for tls_agent
"74dbe0fb19e2792aab332c434a059e8cb44005ffe1a1594bf29612f219514af4"; // checksum for tls_agent
}

if (checksum !== expectedChecksum) {
Expand Down
1 change: 1 addition & 0 deletions src/interfaces.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ export interface Configuration {
is_github_hosted: boolean;
private: string;
is_debug: boolean;
one_time_key: string;
}

export interface PolicyResponse {
Expand Down
2 changes: 2 additions & 0 deletions src/policy-utils.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ test("merge configs", async () => {
private: "true",
is_github_hosted: true,
is_debug: false,
one_time_key: "",
};
let policyResponse: PolicyResponse = {
owner: "h0x0er",
Expand All @@ -65,6 +66,7 @@ test("merge configs", async () => {
private: "true",
is_github_hosted: true,
is_debug: false,
one_time_key: "",
};

localConfig = mergeConfigs(localConfig, policyResponse);
Expand Down
7 changes: 5 additions & 2 deletions src/setup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import { isGithubHosted, isTLSEnabled } from "./tls-inspect";

interface MonitorResponse {
runner_ip_address?: string;
one_time_key?: string;
monitoring_started?: boolean;
}

Expand Down Expand Up @@ -60,6 +61,7 @@ interface MonitorResponse {
private: context?.payload?.repository?.private || false,
is_github_hosted: isGithubHosted(),
is_debug: core.isDebug(),
one_time_key: "",
};

let policyName = core.getInput("policy");
Expand Down Expand Up @@ -200,6 +202,7 @@ interface MonitorResponse {

if (statusCode === 200 && responseData) {
console.log(`Runner IP Address: ${responseData.runner_ip_address}`);
confg.one_time_key = responseData.one_time_key;
addSummary = responseData.monitoring_started ? "true" : "false";
}
} catch (e) {
Expand Down Expand Up @@ -231,12 +234,12 @@ interface MonitorResponse {

if (await isTLSEnabled(context.repo.owner)) {
downloadPath = await tc.downloadTool(
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.0_linux_amd64.tar.gz"
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.1_linux_amd64.tar.gz"
);
verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
} else {
downloadPath = await tc.downloadTool(
"https://github.com/step-security/agent/releases/download/v0.13.5/agent_0.13.5_linux_amd64.tar.gz",
"https://github.com/step-security/agent/releases/download/v0.13.7/agent_0.13.7_linux_amd64.tar.gz",
undefined,
auth
);
Expand Down

0 comments on commit 2946323

Please sign in to comment.