Skip to content

Release v2.13.0 #565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 15, 2025
Merged

Release v2.13.0 #565

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c7a56f
feat: get job summary from API
varunsh-coder Jul 14, 2025
04bcbc3
update agent
varunsh-coder Jul 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 25 additions & 59 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27615,7 +27615,7 @@ var external_fs_ = __nccwpck_require__(5747);
;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

;// CONCATENATED MODULE: ./src/common.ts
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
Expand Down Expand Up @@ -27658,14 +27658,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!fs.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
Expand All @@ -27691,62 +27690,29 @@ function addSummary() {
.write();
return;
}
const content = fs.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
// Fetch job summary from API
const apiUrl = `${STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
});
tableEntries = tableEntries.slice(0, 3);
yield core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield core.summary
.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
Expand Down Expand Up @@ -27871,7 +27837,7 @@ var src_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argu
console.log("Telemetry will not be sent to StepSecurity API as disable-telemetry is set to true");
}
else {
var web_url = configs_STEPSECURITY_WEB_URL;
var web_url = STEPSECURITY_WEB_URL;
printInfo(web_url);
}
}))();
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js.map
View file
Open in desktop

Large diffs are not rendered by default.

79 changes: 23 additions & 56 deletions dist/post/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27660,14 +27660,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!external_fs_.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
Expand All @@ -27691,61 +27690,29 @@ function addSummary() {
.write();
return;
}
const content = external_fs_.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield lib_core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
// Fetch job summary from API
const apiUrl = `${configs_STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
});
tableEntries = tableEntries.slice(0, 3);
yield lib_core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield lib_core.summary.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield lib_core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
Expand Down
2 changes: 1 addition & 1 deletion dist/post/index.js.map
View file
Open in desktop

Large diffs are not rendered by default.

101 changes: 35 additions & 66 deletions dist/pre/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87641,8 +87641,8 @@ const parse = dist/* parse */.Qc;

;// CONCATENATED MODULE: ./src/configs.ts
const STEPSECURITY_ENV = "agent"; // agent or int
const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const configs_STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
const configs_STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";

;// CONCATENATED MODULE: ./src/common.ts
var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
Expand Down Expand Up @@ -87685,14 +87685,13 @@ const processLogLine = (line, tableEntries) => {
}
};
function addSummary() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (process.env.STATE_addSummary !== "true") {
return;
}
const web_url = STEPSECURITY_WEB_URL;
const insights_url = `${web_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}`;
const log = "/home/agent/agent.log";
if (!fs.existsSync(log)) {
const correlation_id = process.env.STATE_correlation_id;
if (!correlation_id) {
return;
}
let needsSubscription = false;
Expand All @@ -87718,62 +87717,29 @@ function addSummary() {
.write();
return;
}
const content = fs.readFileSync(log, "utf-8");
const lines = content.split("\n");
let tableEntries = [];
for (const line of lines) {
processLogLine(line, tableEntries);
}
if (tableEntries.length === 0) {
// Extract owner and repo from GITHUB_REPOSITORY (format: owner/repo)
const [owner, repo] = ((_a = process.env["GITHUB_REPOSITORY"]) === null || _a === void 0 ? void 0 : _a.split("/")) || [];
const run_id = process.env["GITHUB_RUN_ID"];
if (!owner || !repo || !run_id || !correlation_id) {
return;
}
const insightsRow = `<p><b><a href="${insights_url}">📄 View Full Report</a></b></p>`;
yield core.summary.addSeparator().addRaw(`<h2>🛡 StepSecurity Report</h2>`);
tableEntries.sort((a, b) => {
if (a.status === "❌ Blocked" && b.status !== "❌ Blocked") {
return -1;
}
else if (a.status !== "❌ Blocked" && b.status === "❌ Blocked") {
return 1;
}
else {
return 0;
// Fetch job summary from API
const apiUrl = `${STEPSECURITY_API_URL}/github/${owner}/${repo}/actions/runs/${run_id}/correlation/${correlation_id}/job-markdown-summary`;
try {
const response = yield fetch(apiUrl);
if (!response.ok) {
console.error(`Failed to fetch job summary: ${response.status} ${response.statusText}`);
return;
}
});
tableEntries = tableEntries.slice(0, 3);
yield core.summary.addRaw(`
<blockquote>
<p>Preview of the outbound network calls during this workflow run.</p></blockquote>
<h3>Network Calls</h3>
<table>
<thead>
<tr>
<th>Process</th>
<th>Destination</th>
<th>Status</th>
</tr>
</thead>
<tbody>
${tableEntries
.map((entry) => `<tr>
<td><code>${entry.process}</code></td>
<td>${entry.domain.replace(/\.$/, "")}</td>
<td>${entry.status}</td>
</tr>`)
.join("")}
<tr>
<td><code>...</code></td>
<td><code>...</code></td>
<td><code>...</code></td>
</tr>
</tbody>
</table>
${insightsRow}
`);
yield core.summary
.addRaw(`<p><i>Markdown generated by the <a href="https://github.com/step-security/harden-runner">Harden-Runner GitHub Action</a>.</i></p>`)
.addSeparator()
.write();
const markdownSummary = yield response.text();
// Render the markdown summary using core.summary.addRaw
yield core.summary.addRaw(markdownSummary).write();
return;
}
catch (error) {
console.error(`Error fetching job summary: ${error}`);
return;
}
});
}
const STATUS_HARDEN_RUNNER_UNAVAILABLE = "409";
Expand Down Expand Up @@ -87855,7 +87821,7 @@ function fetchPolicy(owner, policyName, idToken) {
if (idToken === "") {
throw new Error("[PolicyFetch]: id-token in empty");
}
let policyEndpoint = `${STEPSECURITY_API_URL}/github/${owner}/actions/policies/${policyName}`;
let policyEndpoint = `${configs_STEPSECURITY_API_URL}/github/${owner}/actions/policies/${policyName}`;
let httpClient = new lib.HttpClient();
let headers = {};
headers["Authorization"] = `Bearer ${idToken}`;
Expand Down Expand Up @@ -87978,7 +87944,7 @@ var tls_inspect_awaiter = (undefined && undefined.__awaiter) || function (thisAr

function isTLSEnabled(owner) {
return tls_inspect_awaiter(this, void 0, void 0, function* () {
let tlsStatusEndpoint = `${STEPSECURITY_API_URL}/github/${owner}/actions/tls-inspection-status`;
let tlsStatusEndpoint = `${configs_STEPSECURITY_API_URL}/github/${owner}/actions/tls-inspection-status`;
let httpClient = new lib.HttpClient();
httpClient.requestOptions = { socketTimeout: 3 * 1000 };
lib_core.info(`[!] Checking TLS_STATUS: ${owner}`);
Expand Down Expand Up @@ -88014,8 +87980,8 @@ var external_crypto_ = __nccwpck_require__(6417);

const CHECKSUMS = {
tls: {
amd64: "3f2dc32f300071289650d1f9cbd3c04527ff8cc13e213eeccb70d4d6d2a0c8d5",
arm64: "96967e419b358b664658fa218b712fdb439ffb8eef3bb7b170f122d1e96b4779",
amd64: "5c02a40df6e2c926c92ffc6bf02ca8a301649d44541ca57e40a87948fb0d3f2e",
arm64: "b953784a468343c44a1a3ef4ec984c738a9a1e84aaf6932a2bb9dbf7ac7eab29",
},
non_tls: {
amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2
Expand Down Expand Up @@ -88068,7 +88034,7 @@ function installAgent(isTLS, configStr) {
encoding: "utf8",
});
if (isTLS) {
downloadPath = yield tool_cache.downloadTool(`https://packages.stepsecurity.io/github-hosted/harden-runner_1.6.15_linux_${variant}.tar.gz`);
downloadPath = yield tool_cache.downloadTool(`https://packages.stepsecurity.io/github-hosted/harden-runner_1.6.18_linux_${variant}.tar.gz`);
}
else {
if (variant === "arm64") {
Expand Down Expand Up @@ -88140,8 +88106,8 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
return;
}
var correlation_id = v4();
var api_url = STEPSECURITY_API_URL;
var web_url = configs_STEPSECURITY_WEB_URL;
var api_url = configs_STEPSECURITY_API_URL;
var web_url = STEPSECURITY_WEB_URL;
let confg = {
repo: process.env["GITHUB_REPOSITORY"],
run_id: process.env["GITHUB_RUN_ID"],
Expand Down Expand Up @@ -88297,6 +88263,9 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
external_fs_.appendFileSync(process.env.GITHUB_STATE, `addSummary=${addSummary}${external_os_.EOL}`, {
encoding: "utf8",
});
external_fs_.appendFileSync(process.env.GITHUB_STATE, `correlation_id=${correlation_id}${external_os_.EOL}`, {
encoding: "utf8",
});
console.log(`Step Security Job Correlation ID: ${correlation_id}`);
if (String(statusCode) === STATUS_HARDEN_RUNNER_UNAVAILABLE) {
console.log(HARDEN_RUNNER_UNAVAILABLE_MESSAGE);
Expand Down
2 changes: 1 addition & 1 deletion dist/pre/index.js.map
View file
Open in desktop

Large diffs are not rendered by default.

Loading
Loading