feat: progress on javascript action

2021-10-15 18:36:36 +01:00
parent b154474a20
commit 85361e63fa
6 changed files with 7038 additions and 289 deletions
--- a/.github/workflows/test_action.yaml
+++ b/.github/workflows/test_action.yaml
@ -1,4 +1,4 @@
-name: Test
+name: Test KICS action
 on:
  pull_request:
@ -9,6 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
-      - uses: ./
+      - name: Test KICS action
        uses: ./
        with:
          path: positive.tf
--- a/action.yml
+++ b/action.yml
@ -6,10 +6,10 @@ inputs:
    required: false
    default: "latest"
    description: "KICS version to use (defaults to latest)"
-  enable_pr_comments:
+  enable_comments:
    required: false
    default: false
-    description: "Enable PR comments"
+    description: "Enable pull request reprot comments"
  path:
    description: "paths to a file or directories to scan, accepts a comma separated list"
    required: true
--- a/dist/index.js
+++ b/dist/index.js
--- a/src/install.js
+++ b/src/install.js
@ -1,10 +1,8 @@
 const https = require('https')
 const filepath = require('path');
 const tc = require('@actions/tool-cache');
-//const releaseDownloader = require('@fohlen/github-release-downloader');
+const core = require("@actions/core");
 const os = require('os');
 //const decompress = require('decompress');
 //const decompressTargz = require('decompress-targz');
 function getVersion(version) {
    let path = ''
@ -63,42 +61,15 @@ function getReleaseInfo(release) {
        default:
            targetAsset = { size: 0, browser_download_url: '' };
    }
-    return { size: targetAsset.size, browser_download_url: targetAsset.browser_download_url, version: targetAsset.name };
+    return {
        binary: 'kics',
        size: targetAsset.size,
        browser_download_url: targetAsset.browser_download_url,
        version: release.tag_name,
        arch: arch
    };
 }
 // async function downloadReleaseFile(releaseAsset) {
 //     const dest = os.homedir();
 //     const releaseURL = releaseAsset.browser_download_url;
 //     console.log("Downloading", releaseURL);
 //     const baseName = releaseURL.substr(releaseURL.lastIndexOf("/") + 1);
 //     return releaseDownloader.downloadAsset(releaseURL, baseName, dest, () => {
 //         process.stdout.write(".");
 //     });
 // }
 // function decompressRelease(path) {
 //     const dest = os.homedir();
 //     return decompress(path, filepath.join(dest, 'kics'), {
 //         plugins: [
 //             decompressTargz()
 //         ]
 //     });
 // }
 // function getExecutableName() {
 //     const os = process.platform;
 //     switch (os) {
 //         case 'darwin':
 //         case 'linux':
 //             return 'kics';
 //         case 'win32':
 //             return 'kics.exe';
 //         default:
 //             return 'kics';
 //     }
 // }
 async function installKICS(kicsVersion) {
    let release = {};
    if (!kicsVersion || kicsVersion == "latest") {
@ -107,20 +78,14 @@ async function installKICS(kicsVersion) {
        release = await getVersion(kicsVersion);
    }
    const releaseInfo = getReleaseInfo(release)
-
+    let kicsPath = tc.find(releaseInfo.binary, releaseInfo.version, releaseInfo.arch);
    if (!kicsPath) {
        core.info(`Downloading ${releaseInfo.binary} ${releaseInfo.version} ${releaseInfo.arch}`);
        const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
        const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
-    const cachedPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version);
+        kicsPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version, releaseInfo.arch);
-    core.addPath(cachedPath);
+    }
-
+    core.addPath(kicsPath);
    // const releasePath = await downloadReleaseFile(releaseAsset, "./")
    // console.log('\nDownloaded KICS release', releasePath);
    // const files = await decompressRelease(releasePath);
    // console.log('\nDecompressed KICS release', files.map(f => f.path));
    // const kicsPath = filepath.join(os.homedir(), 'kics', getExecutableName());
    // console.log('\nInstalling KICS to', kicsPath);
    return kicsPath;
 }
 module.exports = {
--- a/src/main.js
+++ b/src/main.js
@ -2,24 +2,26 @@ const install = require("./install");
 const commenter = require("./commenter");
 const scanner = require("./scanner");
 const core = require("@actions/core");
 const github = require("@actions/github");
 const actionInputs = {
    kics_version: { value: core.getInput('kics_version') },
-    enable_pr_comments: { value: core.getInput('enable_pr_comments') },
+    enable_comments: { value: core.getInput('enable_comments') },
 }
 async function main() {
    console.log("Running KICS action...");
    try {
-        // const context = github.context;
+        let enableComments = actionInputs.enable_comments.value.toLocaleLowerCase() === "true";
-        // const repository = context.repo;
+        const context = github.context;
-        // const pullRequestNumber = context.payload.pull_request.number;
+        const repository = context.repo;
-        const kicsPath = await install.installKICS(actionInputs.kics_version.value);
+        console.log(context);
-        console.log("KICS installed at: " + kicsPath);
+        const pullRequestNumber = context.payload.pull_request.number;
-        //await scanner.scanWithKICS(kicsPath);
+        await install.installKICS();
-        // if (actionInputs.enable_pr_comments.value === "true") {
+        await scanner.scanWithKICS(enableComments);
-        //     await commenter.commentOnPullRequest(repository, pullRequestNumber);
+        if (enableComments) {
-        // }
+            await commenter.commentOnPullRequest(repository, pullRequestNumber);
        }
    } catch (e) {
        console.error(e);
        core.setFailed(e.message);
--- a/src/scanner.js
+++ b/src/scanner.js
@ -2,35 +2,63 @@ const exec = require('@actions/exec');
 const core = require("@actions/core");
-const kicsInputs = {
+const kicsBinary = 'kics';
-    path: { flag: '--path', value: core.getInput('path') },
+
-    ignore_on_exit: { flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
+const kicsInput = {
-    fail_on: { flag: '--fail-on', value: core.getInput('fail_on') },
+    path: { value_type: "string", flag: '--path', value: core.getInput('path') },
-    timeout: { flag: '--timeout', value: core.getInput('timeout') },
+    ignore_on_exit: { value_type: "list", flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
-    profiling: { flag: '--profiling', value: core.getInput('profiling') },
+    fail_on: { value_type: "list", flag: '--fail-on', value: core.getInput('fail_on') },
-    config_path: { flag: '--config', value: core.getInput('config_path') },
+    timeout: { value_type: "int", flag: '--timeout', value: core.getInput('timeout') },
-    payload_path: { flag: '--payload-path', value: core.getInput('payload_path') },
+    profiling: { value_type: "list", flag: '--profiling', value: core.getInput('profiling') },
-    exclude_paths: { flag: '--exclude-paths', value: core.getInput('exclude_paths') },
+    config_path: { value_type: "string", flag: '--config', value: core.getInput('config_path') },
-    exclude_queries: { flag: '--exclude-queries', value: core.getInput('exclude_queries') },
+    payload_path: { value_type: "string", flag: '--payload-path', value: core.getInput('payload_path') },
-    exclude_categories: { flag: '--exclude-categories', value: core.getInput('exclude_categories') },
+    exclude_paths: { value_type: "list", flag: '--exclude-paths', value: core.getInput('exclude_paths') },
-    exclude_results: { flag: '--exclude-results', value: core.getInput('exclude_results') },
+    exclude_queries: { value_type: "list", flag: '--exclude-queries', value: core.getInput('exclude_queries') },
-    output_formats: { flag: '--report-formats', value: core.getInput('output_formats') },
+    exclude_categories: { value_type: "list", flag: '--exclude-categories', value: core.getInput('exclude_categories') },
-    output_path: { flag: '--output-path', value: core.getInput('output_path') },
+    exclude_results: { value_type: "list", flag: '--exclude-results', value: core.getInput('exclude_results') },
-    queries: { flag: '--queries-path', value: core.getInput('queries') },
+    output_formats: { value_type: "list", flag: '--report-formats', value: core.getInput('output_formats') },
-    verbose: { flag: '--verbose', value: core.getInput('verbose') },
+    output_path: { value_type: "string", flag: '--output-path', value: core.getInput('output_path') },
-    secrets_regexes_path: { flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
+    queries: { value_type: "string", flag: '--queries-path', value: core.getInput('queries') },
-    libraries_path: { flag: '--libraries-path', value: core.getInput('libraries-path') },
+    verbose: { value_type: "bool", flag: '--verbose', value: core.getInput('verbose') },
-    disable_secrets: { flag: '--disable-secrets', value: core.getInput('disable_secrets') },
+    secrets_regexes_path: { value_type: "string", flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
-    disable_full_descriptions: { flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
+    libraries_path: { value_type: "string", flag: '--libraries-path', value: core.getInput('libraries-path') },
-    types: { flag: '--types', value: core.getInput('types') },
+    disable_secrets: { value_type: "bool", flag: '--disable-secrets', value: core.getInput('disable_secrets') },
-    bom: { flag: '--bom', value: core.getInput('bom') },
+    disable_full_descriptions: { value_type: "bool", flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
    types: { value_type: "list", flag: '--types', value: core.getInput('types') },
    bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
 };
-async function scanWithKICS(kicsPath) {
+async function scanWithKICS(enableComments) {
-    let statusCode = 0;
+    if (!kicsInput.path.value) {
-    if (kicsInputs.config_path.value) {
+        core.error('Path to scan is not set');
-        statusCode = await exec.exec(`${kicsPath} scan ${kicsInputs.config_path.flag} ${kicsInputs.config_path.value}`);
+        throw new Error('Path to scan is not set');
    }
    let cmdArgs = [];
    for (let input in kicsInput) {
        if (kicsInput[input].value_type === 'string') {
            if (kicsInput[input].value) {
                cmdArgs.push(kicsInput[input].flag);
                cmdArgs.push(kicsInput[input].value);
            }
        } else if (kicsInput[input].value_type === 'list') {
            if (kicsInput[input].value) {
                cmdArgs.push(kicsInput[input].flag);
                cmdArgs.push(kicsInput[input].value);
            }
        } else if (kicsInput[input].value_type === 'bool') {
            if (kicsInput[input].value) {
                cmdArgs.push(kicsInput[input].flag);
            }
        }
    }
    if (enableComments) {
        if (!cmdArgs.find(arg => arg == '--output-path')) {
            cmdArgs.push('--output-path');
            cmdArgs.push('./');
        }
    }
    return await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`)
 }
 module.exports = {