Skip to content

Commit

Permalink
Merge pull request #440 from step-security/rc-11
Browse files Browse the repository at this point in the history
v2.9.1
  • Loading branch information
varunsh-coder authored Aug 5, 2024
2 parents f0db2aa + c79be45 commit 5c7944e
Show file tree
Hide file tree
Showing 11 changed files with 47 additions and 16 deletions.
10 changes: 8 additions & 2 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

10 changes: 8 additions & 2 deletions dist/post/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/post/index.js.map

Large diffs are not rendered by default.

14 changes: 10 additions & 4 deletions dist/pre/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/pre/index.js.map

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/checksum.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {

if (is_tls) {
expectedChecksum =
"e45b85e29216eb1d217aad368bdb056bbd868a308925e7b2cf9133b06ab435d0"; // checksum for tls_agent
"fa9defcf9e125a62cb29747574d6a07aee4f04153e7bce4a3c7ce29681469e92"; // checksum for tls_agent
}

if (checksum !== expectedChecksum) {
Expand Down
2 changes: 2 additions & 0 deletions src/cleanup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import isDocker from "is-docker";
import { arcCleanUp, isArcRunner, removeStepPolicyFiles } from "./arc-runner";

(async () => {
console.log("[harden-runner] post-step");

if (process.platform !== "linux") {
console.log(common.UBUNTU_MESSAGE);
return;
Expand Down
13 changes: 10 additions & 3 deletions src/common.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,15 @@ export const processLogLine = (
if (matches) {
const [ipAddress, domain, pid, process] = matches.slice(1);

// Check if all values are non-empty
if (pid && process && domain && ipAddress) {
// Check if all values are non-empty and domain does not end with specified patterns
if (
pid &&
process &&
domain &&
ipAddress &&
!domain.endsWith(".actions.githubusercontent.com.") &&
!domain.endsWith(".blob.core.windows.net.")
) {
const status = ipAddress.startsWith("54.185.253.63")
? "❌ Blocked"
: "✅ Allowed";
Expand Down Expand Up @@ -173,4 +180,4 @@ export const HARDEN_RUNNER_UNAVAILABLE_MESSAGE =
"Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";

export const ARC_RUNNER_MESSAGE =
"Workflow is currently being executed in ARC based runner";
"Workflow is currently being executed in ARC based runner";
2 changes: 2 additions & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import isDocker from "is-docker";
import { STEPSECURITY_WEB_URL } from "./configs";

(async () => {
console.log("[harden-runner] main-step");

if (process.platform !== "linux") {
console.log(common.UBUNTU_MESSAGE);
return;
Expand Down
4 changes: 3 additions & 1 deletion src/setup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ interface MonitorResponse {

(async () => {
try {
console.log("[harden-runner] pre-step");

if (process.platform !== "linux") {
console.log(common.UBUNTU_MESSAGE);
return;
Expand Down Expand Up @@ -234,7 +236,7 @@ interface MonitorResponse {

if (await isTLSEnabled(context.repo.owner)) {
downloadPath = await tc.downloadTool(
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.2_linux_amd64.tar.gz"
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.3_linux_amd64.tar.gz"
);
verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
} else {
Expand Down

0 comments on commit 5c7944e

Please sign in to comment.