feat: progress on javascript action

This commit is contained in:
Rogério Peixoto
2021-10-15 18:36:36 +01:00
parent b154474a20
commit 85361e63fa
6 changed files with 7038 additions and 289 deletions

View File

@ -1,4 +1,4 @@
name: Test
name: Test KICS action
on:
pull_request:
@ -9,6 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: ./
- name: Test KICS action
uses: ./
with:
path: positive.tf

View File

@ -6,10 +6,10 @@ inputs:
required: false
default: "latest"
description: "KICS version to use (defaults to latest)"
enable_pr_comments:
enable_comments:
required: false
default: false
description: "Enable PR comments"
description: "Enable pull request reprot comments"
path:
description: "paths to a file or directories to scan, accepts a comma separated list"
required: true

7149
dist/index.js vendored

File diff suppressed because one or more lines are too long

View File

@ -1,10 +1,8 @@
const https = require('https')
const filepath = require('path');
const tc = require('@actions/tool-cache');
//const releaseDownloader = require('@fohlen/github-release-downloader');
const core = require("@actions/core");
const os = require('os');
//const decompress = require('decompress');
//const decompressTargz = require('decompress-targz');
function getVersion(version) {
let path = ''
@ -63,42 +61,15 @@ function getReleaseInfo(release) {
default:
targetAsset = { size: 0, browser_download_url: '' };
}
return { size: targetAsset.size, browser_download_url: targetAsset.browser_download_url, version: targetAsset.name };
return {
binary: 'kics',
size: targetAsset.size,
browser_download_url: targetAsset.browser_download_url,
version: release.tag_name,
arch: arch
};
}
// async function downloadReleaseFile(releaseAsset) {
// const dest = os.homedir();
// const releaseURL = releaseAsset.browser_download_url;
// console.log("Downloading", releaseURL);
// const baseName = releaseURL.substr(releaseURL.lastIndexOf("/") + 1);
// return releaseDownloader.downloadAsset(releaseURL, baseName, dest, () => {
// process.stdout.write(".");
// });
// }
// function decompressRelease(path) {
// const dest = os.homedir();
// return decompress(path, filepath.join(dest, 'kics'), {
// plugins: [
// decompressTargz()
// ]
// });
// }
// function getExecutableName() {
// const os = process.platform;
// switch (os) {
// case 'darwin':
// case 'linux':
// return 'kics';
// case 'win32':
// return 'kics.exe';
// default:
// return 'kics';
// }
// }
async function installKICS(kicsVersion) {
let release = {};
if (!kicsVersion || kicsVersion == "latest") {
@ -107,20 +78,14 @@ async function installKICS(kicsVersion) {
release = await getVersion(kicsVersion);
}
const releaseInfo = getReleaseInfo(release)
const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
const cachedPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version);
core.addPath(cachedPath);
// const releasePath = await downloadReleaseFile(releaseAsset, "./")
// console.log('\nDownloaded KICS release', releasePath);
// const files = await decompressRelease(releasePath);
// console.log('\nDecompressed KICS release', files.map(f => f.path));
// const kicsPath = filepath.join(os.homedir(), 'kics', getExecutableName());
// console.log('\nInstalling KICS to', kicsPath);
return kicsPath;
let kicsPath = tc.find(releaseInfo.binary, releaseInfo.version, releaseInfo.arch);
if (!kicsPath) {
core.info(`Downloading ${releaseInfo.binary} ${releaseInfo.version} ${releaseInfo.arch}`);
const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
kicsPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version, releaseInfo.arch);
}
core.addPath(kicsPath);
}
module.exports = {

View File

@ -2,24 +2,26 @@ const install = require("./install");
const commenter = require("./commenter");
const scanner = require("./scanner");
const core = require("@actions/core");
const github = require("@actions/github");
const actionInputs = {
kics_version: { value: core.getInput('kics_version') },
enable_pr_comments: { value: core.getInput('enable_pr_comments') },
enable_comments: { value: core.getInput('enable_comments') },
}
async function main() {
console.log("Running KICS action...");
try {
// const context = github.context;
// const repository = context.repo;
// const pullRequestNumber = context.payload.pull_request.number;
const kicsPath = await install.installKICS(actionInputs.kics_version.value);
console.log("KICS installed at: " + kicsPath);
//await scanner.scanWithKICS(kicsPath);
// if (actionInputs.enable_pr_comments.value === "true") {
// await commenter.commentOnPullRequest(repository, pullRequestNumber);
// }
let enableComments = actionInputs.enable_comments.value.toLocaleLowerCase() === "true";
const context = github.context;
const repository = context.repo;
console.log(context);
const pullRequestNumber = context.payload.pull_request.number;
await install.installKICS();
await scanner.scanWithKICS(enableComments);
if (enableComments) {
await commenter.commentOnPullRequest(repository, pullRequestNumber);
}
} catch (e) {
console.error(e);
core.setFailed(e.message);

View File

@ -2,35 +2,63 @@ const exec = require('@actions/exec');
const core = require("@actions/core");
const kicsInputs = {
path: { flag: '--path', value: core.getInput('path') },
ignore_on_exit: { flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
fail_on: { flag: '--fail-on', value: core.getInput('fail_on') },
timeout: { flag: '--timeout', value: core.getInput('timeout') },
profiling: { flag: '--profiling', value: core.getInput('profiling') },
config_path: { flag: '--config', value: core.getInput('config_path') },
payload_path: { flag: '--payload-path', value: core.getInput('payload_path') },
exclude_paths: { flag: '--exclude-paths', value: core.getInput('exclude_paths') },
exclude_queries: { flag: '--exclude-queries', value: core.getInput('exclude_queries') },
exclude_categories: { flag: '--exclude-categories', value: core.getInput('exclude_categories') },
exclude_results: { flag: '--exclude-results', value: core.getInput('exclude_results') },
output_formats: { flag: '--report-formats', value: core.getInput('output_formats') },
output_path: { flag: '--output-path', value: core.getInput('output_path') },
queries: { flag: '--queries-path', value: core.getInput('queries') },
verbose: { flag: '--verbose', value: core.getInput('verbose') },
secrets_regexes_path: { flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
libraries_path: { flag: '--libraries-path', value: core.getInput('libraries-path') },
disable_secrets: { flag: '--disable-secrets', value: core.getInput('disable_secrets') },
disable_full_descriptions: { flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
types: { flag: '--types', value: core.getInput('types') },
bom: { flag: '--bom', value: core.getInput('bom') },
const kicsBinary = 'kics';
const kicsInput = {
path: { value_type: "string", flag: '--path', value: core.getInput('path') },
ignore_on_exit: { value_type: "list", flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
fail_on: { value_type: "list", flag: '--fail-on', value: core.getInput('fail_on') },
timeout: { value_type: "int", flag: '--timeout', value: core.getInput('timeout') },
profiling: { value_type: "list", flag: '--profiling', value: core.getInput('profiling') },
config_path: { value_type: "string", flag: '--config', value: core.getInput('config_path') },
payload_path: { value_type: "string", flag: '--payload-path', value: core.getInput('payload_path') },
exclude_paths: { value_type: "list", flag: '--exclude-paths', value: core.getInput('exclude_paths') },
exclude_queries: { value_type: "list", flag: '--exclude-queries', value: core.getInput('exclude_queries') },
exclude_categories: { value_type: "list", flag: '--exclude-categories', value: core.getInput('exclude_categories') },
exclude_results: { value_type: "list", flag: '--exclude-results', value: core.getInput('exclude_results') },
output_formats: { value_type: "list", flag: '--report-formats', value: core.getInput('output_formats') },
output_path: { value_type: "string", flag: '--output-path', value: core.getInput('output_path') },
queries: { value_type: "string", flag: '--queries-path', value: core.getInput('queries') },
verbose: { value_type: "bool", flag: '--verbose', value: core.getInput('verbose') },
secrets_regexes_path: { value_type: "string", flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
libraries_path: { value_type: "string", flag: '--libraries-path', value: core.getInput('libraries-path') },
disable_secrets: { value_type: "bool", flag: '--disable-secrets', value: core.getInput('disable_secrets') },
disable_full_descriptions: { value_type: "bool", flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
types: { value_type: "list", flag: '--types', value: core.getInput('types') },
bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
};
async function scanWithKICS(kicsPath) {
let statusCode = 0;
if (kicsInputs.config_path.value) {
statusCode = await exec.exec(`${kicsPath} scan ${kicsInputs.config_path.flag} ${kicsInputs.config_path.value}`);
async function scanWithKICS(enableComments) {
if (!kicsInput.path.value) {
core.error('Path to scan is not set');
throw new Error('Path to scan is not set');
}
let cmdArgs = [];
for (let input in kicsInput) {
if (kicsInput[input].value_type === 'string') {
if (kicsInput[input].value) {
cmdArgs.push(kicsInput[input].flag);
cmdArgs.push(kicsInput[input].value);
}
} else if (kicsInput[input].value_type === 'list') {
if (kicsInput[input].value) {
cmdArgs.push(kicsInput[input].flag);
cmdArgs.push(kicsInput[input].value);
}
} else if (kicsInput[input].value_type === 'bool') {
if (kicsInput[input].value) {
cmdArgs.push(kicsInput[input].flag);
}
}
}
if (enableComments) {
if (!cmdArgs.find(arg => arg == '--output-path')) {
cmdArgs.push('--output-path');
cmdArgs.push('./');
}
}
return await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`)
}
module.exports = {