feat: progress on javascript action
This commit is contained in:
@ -1,4 +1,4 @@
|
||||
name: Test
|
||||
name: Test KICS action
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
@ -9,6 +9,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: ./
|
||||
- name: Test KICS action
|
||||
uses: ./
|
||||
with:
|
||||
path: positive.tf
|
@ -6,10 +6,10 @@ inputs:
|
||||
required: false
|
||||
default: "latest"
|
||||
description: "KICS version to use (defaults to latest)"
|
||||
enable_pr_comments:
|
||||
enable_comments:
|
||||
required: false
|
||||
default: false
|
||||
description: "Enable PR comments"
|
||||
description: "Enable pull request reprot comments"
|
||||
path:
|
||||
description: "paths to a file or directories to scan, accepts a comma separated list"
|
||||
required: true
|
||||
|
7149
dist/index.js
vendored
7149
dist/index.js
vendored
File diff suppressed because one or more lines are too long
@ -1,10 +1,8 @@
|
||||
const https = require('https')
|
||||
const filepath = require('path');
|
||||
const tc = require('@actions/tool-cache');
|
||||
//const releaseDownloader = require('@fohlen/github-release-downloader');
|
||||
const core = require("@actions/core");
|
||||
const os = require('os');
|
||||
//const decompress = require('decompress');
|
||||
//const decompressTargz = require('decompress-targz');
|
||||
|
||||
function getVersion(version) {
|
||||
let path = ''
|
||||
@ -63,42 +61,15 @@ function getReleaseInfo(release) {
|
||||
default:
|
||||
targetAsset = { size: 0, browser_download_url: '' };
|
||||
}
|
||||
return { size: targetAsset.size, browser_download_url: targetAsset.browser_download_url, version: targetAsset.name };
|
||||
return {
|
||||
binary: 'kics',
|
||||
size: targetAsset.size,
|
||||
browser_download_url: targetAsset.browser_download_url,
|
||||
version: release.tag_name,
|
||||
arch: arch
|
||||
};
|
||||
}
|
||||
|
||||
// async function downloadReleaseFile(releaseAsset) {
|
||||
// const dest = os.homedir();
|
||||
// const releaseURL = releaseAsset.browser_download_url;
|
||||
|
||||
// console.log("Downloading", releaseURL);
|
||||
// const baseName = releaseURL.substr(releaseURL.lastIndexOf("/") + 1);
|
||||
// return releaseDownloader.downloadAsset(releaseURL, baseName, dest, () => {
|
||||
// process.stdout.write(".");
|
||||
// });
|
||||
// }
|
||||
|
||||
// function decompressRelease(path) {
|
||||
// const dest = os.homedir();
|
||||
// return decompress(path, filepath.join(dest, 'kics'), {
|
||||
// plugins: [
|
||||
// decompressTargz()
|
||||
// ]
|
||||
// });
|
||||
// }
|
||||
|
||||
// function getExecutableName() {
|
||||
// const os = process.platform;
|
||||
// switch (os) {
|
||||
// case 'darwin':
|
||||
// case 'linux':
|
||||
// return 'kics';
|
||||
// case 'win32':
|
||||
// return 'kics.exe';
|
||||
// default:
|
||||
// return 'kics';
|
||||
// }
|
||||
// }
|
||||
|
||||
async function installKICS(kicsVersion) {
|
||||
let release = {};
|
||||
if (!kicsVersion || kicsVersion == "latest") {
|
||||
@ -107,20 +78,14 @@ async function installKICS(kicsVersion) {
|
||||
release = await getVersion(kicsVersion);
|
||||
}
|
||||
const releaseInfo = getReleaseInfo(release)
|
||||
|
||||
const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
|
||||
const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
|
||||
const cachedPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version);
|
||||
core.addPath(cachedPath);
|
||||
|
||||
// const releasePath = await downloadReleaseFile(releaseAsset, "./")
|
||||
// console.log('\nDownloaded KICS release', releasePath);
|
||||
// const files = await decompressRelease(releasePath);
|
||||
// console.log('\nDecompressed KICS release', files.map(f => f.path));
|
||||
|
||||
// const kicsPath = filepath.join(os.homedir(), 'kics', getExecutableName());
|
||||
// console.log('\nInstalling KICS to', kicsPath);
|
||||
return kicsPath;
|
||||
let kicsPath = tc.find(releaseInfo.binary, releaseInfo.version, releaseInfo.arch);
|
||||
if (!kicsPath) {
|
||||
core.info(`Downloading ${releaseInfo.binary} ${releaseInfo.version} ${releaseInfo.arch}`);
|
||||
const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
|
||||
const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
|
||||
kicsPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version, releaseInfo.arch);
|
||||
}
|
||||
core.addPath(kicsPath);
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
22
src/main.js
22
src/main.js
@ -2,24 +2,26 @@ const install = require("./install");
|
||||
const commenter = require("./commenter");
|
||||
const scanner = require("./scanner");
|
||||
const core = require("@actions/core");
|
||||
const github = require("@actions/github");
|
||||
|
||||
const actionInputs = {
|
||||
kics_version: { value: core.getInput('kics_version') },
|
||||
enable_pr_comments: { value: core.getInput('enable_pr_comments') },
|
||||
enable_comments: { value: core.getInput('enable_comments') },
|
||||
}
|
||||
|
||||
async function main() {
|
||||
console.log("Running KICS action...");
|
||||
try {
|
||||
// const context = github.context;
|
||||
// const repository = context.repo;
|
||||
// const pullRequestNumber = context.payload.pull_request.number;
|
||||
const kicsPath = await install.installKICS(actionInputs.kics_version.value);
|
||||
console.log("KICS installed at: " + kicsPath);
|
||||
//await scanner.scanWithKICS(kicsPath);
|
||||
// if (actionInputs.enable_pr_comments.value === "true") {
|
||||
// await commenter.commentOnPullRequest(repository, pullRequestNumber);
|
||||
// }
|
||||
let enableComments = actionInputs.enable_comments.value.toLocaleLowerCase() === "true";
|
||||
const context = github.context;
|
||||
const repository = context.repo;
|
||||
console.log(context);
|
||||
const pullRequestNumber = context.payload.pull_request.number;
|
||||
await install.installKICS();
|
||||
await scanner.scanWithKICS(enableComments);
|
||||
if (enableComments) {
|
||||
await commenter.commentOnPullRequest(repository, pullRequestNumber);
|
||||
}
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
core.setFailed(e.message);
|
||||
|
@ -2,35 +2,63 @@ const exec = require('@actions/exec');
|
||||
|
||||
const core = require("@actions/core");
|
||||
|
||||
const kicsInputs = {
|
||||
path: { flag: '--path', value: core.getInput('path') },
|
||||
ignore_on_exit: { flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
|
||||
fail_on: { flag: '--fail-on', value: core.getInput('fail_on') },
|
||||
timeout: { flag: '--timeout', value: core.getInput('timeout') },
|
||||
profiling: { flag: '--profiling', value: core.getInput('profiling') },
|
||||
config_path: { flag: '--config', value: core.getInput('config_path') },
|
||||
payload_path: { flag: '--payload-path', value: core.getInput('payload_path') },
|
||||
exclude_paths: { flag: '--exclude-paths', value: core.getInput('exclude_paths') },
|
||||
exclude_queries: { flag: '--exclude-queries', value: core.getInput('exclude_queries') },
|
||||
exclude_categories: { flag: '--exclude-categories', value: core.getInput('exclude_categories') },
|
||||
exclude_results: { flag: '--exclude-results', value: core.getInput('exclude_results') },
|
||||
output_formats: { flag: '--report-formats', value: core.getInput('output_formats') },
|
||||
output_path: { flag: '--output-path', value: core.getInput('output_path') },
|
||||
queries: { flag: '--queries-path', value: core.getInput('queries') },
|
||||
verbose: { flag: '--verbose', value: core.getInput('verbose') },
|
||||
secrets_regexes_path: { flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
|
||||
libraries_path: { flag: '--libraries-path', value: core.getInput('libraries-path') },
|
||||
disable_secrets: { flag: '--disable-secrets', value: core.getInput('disable_secrets') },
|
||||
disable_full_descriptions: { flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
|
||||
types: { flag: '--types', value: core.getInput('types') },
|
||||
bom: { flag: '--bom', value: core.getInput('bom') },
|
||||
const kicsBinary = 'kics';
|
||||
|
||||
const kicsInput = {
|
||||
path: { value_type: "string", flag: '--path', value: core.getInput('path') },
|
||||
ignore_on_exit: { value_type: "list", flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
|
||||
fail_on: { value_type: "list", flag: '--fail-on', value: core.getInput('fail_on') },
|
||||
timeout: { value_type: "int", flag: '--timeout', value: core.getInput('timeout') },
|
||||
profiling: { value_type: "list", flag: '--profiling', value: core.getInput('profiling') },
|
||||
config_path: { value_type: "string", flag: '--config', value: core.getInput('config_path') },
|
||||
payload_path: { value_type: "string", flag: '--payload-path', value: core.getInput('payload_path') },
|
||||
exclude_paths: { value_type: "list", flag: '--exclude-paths', value: core.getInput('exclude_paths') },
|
||||
exclude_queries: { value_type: "list", flag: '--exclude-queries', value: core.getInput('exclude_queries') },
|
||||
exclude_categories: { value_type: "list", flag: '--exclude-categories', value: core.getInput('exclude_categories') },
|
||||
exclude_results: { value_type: "list", flag: '--exclude-results', value: core.getInput('exclude_results') },
|
||||
output_formats: { value_type: "list", flag: '--report-formats', value: core.getInput('output_formats') },
|
||||
output_path: { value_type: "string", flag: '--output-path', value: core.getInput('output_path') },
|
||||
queries: { value_type: "string", flag: '--queries-path', value: core.getInput('queries') },
|
||||
verbose: { value_type: "bool", flag: '--verbose', value: core.getInput('verbose') },
|
||||
secrets_regexes_path: { value_type: "string", flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
|
||||
libraries_path: { value_type: "string", flag: '--libraries-path', value: core.getInput('libraries-path') },
|
||||
disable_secrets: { value_type: "bool", flag: '--disable-secrets', value: core.getInput('disable_secrets') },
|
||||
disable_full_descriptions: { value_type: "bool", flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
|
||||
types: { value_type: "list", flag: '--types', value: core.getInput('types') },
|
||||
bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
|
||||
};
|
||||
|
||||
async function scanWithKICS(kicsPath) {
|
||||
let statusCode = 0;
|
||||
if (kicsInputs.config_path.value) {
|
||||
statusCode = await exec.exec(`${kicsPath} scan ${kicsInputs.config_path.flag} ${kicsInputs.config_path.value}`);
|
||||
async function scanWithKICS(enableComments) {
|
||||
if (!kicsInput.path.value) {
|
||||
core.error('Path to scan is not set');
|
||||
throw new Error('Path to scan is not set');
|
||||
}
|
||||
let cmdArgs = [];
|
||||
for (let input in kicsInput) {
|
||||
if (kicsInput[input].value_type === 'string') {
|
||||
if (kicsInput[input].value) {
|
||||
cmdArgs.push(kicsInput[input].flag);
|
||||
cmdArgs.push(kicsInput[input].value);
|
||||
}
|
||||
} else if (kicsInput[input].value_type === 'list') {
|
||||
if (kicsInput[input].value) {
|
||||
cmdArgs.push(kicsInput[input].flag);
|
||||
cmdArgs.push(kicsInput[input].value);
|
||||
}
|
||||
} else if (kicsInput[input].value_type === 'bool') {
|
||||
if (kicsInput[input].value) {
|
||||
cmdArgs.push(kicsInput[input].flag);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (enableComments) {
|
||||
if (!cmdArgs.find(arg => arg == '--output-path')) {
|
||||
cmdArgs.push('--output-path');
|
||||
cmdArgs.push('./');
|
||||
}
|
||||
}
|
||||
|
||||
return await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`)
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
Reference in New Issue
Block a user