From b3e6b52283bd048d865e2ea338ff15a89d311c5e Mon Sep 17 00:00:00 2001 From: abhisek Date: Fri, 11 Oct 2024 21:57:09 +0530 Subject: [PATCH] feat: Add support for SafeDep cloud integration --- .github/workflows/vet.yml | 4 ++++ action.yml | 3 +++ dist/index.js | 28 +++++++++++++++++++++++++++- src/main.ts | 6 ++++++ src/vet.ts | 35 ++++++++++++++++++++++++++++++++++- 5 files changed, 74 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vet.yml b/.github/workflows/vet.yml index 648b3b9..2b85398 100644 --- a/.github/workflows/vet.yml +++ b/.github/workflows/vet.yml @@ -25,6 +25,10 @@ jobs: - name: Run vet id: vet uses: ./ + with: + cloud: true + cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }} + cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/action.yml b/action.yml index 2c1bab5..f06d5cc 100644 --- a/action.yml +++ b/action.yml @@ -20,6 +20,9 @@ inputs: cloud-key: description: API key to use for synchronizing report with SafeDep cloud required: false + cloud-tenant: + description: Tenant ID to use for synchronizing report with SafeDep cloud + required: false version: description: vet version to use for the scan. Defaults to using latest release diff --git a/dist/index.js b/dist/index.js index 09cbe7c..934e525 100644 --- a/dist/index.js +++ b/dist/index.js @@ -33104,6 +33104,10 @@ async function run() { required: false, trimWhitespace: true }); + const cloudTenant = core.getInput('cloud-tenant', { + required: false, + trimWhitespace: true + }); const version = core.getInput('version', { required: false, trimWhitespace: true @@ -33121,6 +33125,7 @@ async function run() { core.debug(`Running vet with policy: ${policy.length === 0 ? '' : policy} cloudMode: ${cloudMode} version: ${version.length === 0 ? '' : version}`); const vet = new vet_1.Vet({ apiKey: cloudKey, + tenant: cloudTenant, policy, version, cloudMode, @@ -33287,6 +33292,9 @@ class Vet { '--filter-suite', policyFilePath ]; + if (this.config.cloudMode) { + this.applyCloudConfig(vetFinalScanArgs); + } if (this.config.trustedRegistries && this.config.trustedRegistries.length > 0) { core.info(`Using trusted registries: ${this.config.trustedRegistries.join(',')}`); @@ -33391,6 +33399,9 @@ class Vet { core.info(`Using exceptions file: ${this.config.exceptionFile}`); vetFinalScanArgs.push('--exceptions-extra', this.config.exceptionFile); } + if (this.config.cloudMode) { + this.applyCloudConfig(vetFinalScanArgs); + } if (this.config.trustedRegistries && this.config.trustedRegistries.length > 0) { core.info(`Using trusted registries: ${this.config.trustedRegistries.join(',')}`); @@ -33503,7 +33514,7 @@ class Vet { async getLatestRelease() { let versionToUse = this.config.version ?? ''; if (versionToUse.length === 0) { - versionToUse = 'v1.6.1'; + versionToUse = 'v1.8.0'; } return `https://github.com/safedep/vet/releases/download/${versionToUse}/vet_Linux_x86_64.tar.gz`; } @@ -33588,6 +33599,21 @@ class Vet { } return (0, utils_1.getDefaultVetPolicyFilePath)(); } + applyCloudConfig(args) { + if (!this.config.apiKey) { + throw new Error('API key is required for cloud mode'); + } + if (!this.config.tenant) { + throw new Error('Tenant is required for cloud mode'); + } + core.info('Using cloud mode'); + process.env.VET_API_KEY = this.config.apiKey; + core.info(`Using tenant: ${this.config.tenant}`); + process.env.VET_CONTROL_TOWER_TENANT_ID = this.config.tenant; + args.push('--report-sync'); + args.push('--report-sync-project', process.env.GITHUB_REPOSITORY); + args.push('--report-sync-project-version', process.env.GITHUB_REF_NAME); + } } exports.Vet = Vet; diff --git a/src/main.ts b/src/main.ts index 0a4f603..9e1fe28 100644 --- a/src/main.ts +++ b/src/main.ts @@ -23,6 +23,11 @@ export async function run(): Promise { trimWhitespace: true }) + const cloudTenant: string = core.getInput('cloud-tenant', { + required: false, + trimWhitespace: true + }) + const version: string = core.getInput('version', { required: false, trimWhitespace: true @@ -53,6 +58,7 @@ export async function run(): Promise { const vet = new Vet({ apiKey: cloudKey, + tenant: cloudTenant, policy, version, cloudMode, diff --git a/src/vet.ts b/src/vet.ts index 6d224f2..dcbc45c 100644 --- a/src/vet.ts +++ b/src/vet.ts @@ -18,6 +18,7 @@ const tc = require('@actions/tool-cache') interface VetConfig { apiKey?: string + tenant?: string policy?: string cloudMode?: boolean version?: string @@ -102,6 +103,10 @@ export class Vet { policyFilePath ] + if (this.config.cloudMode) { + this.applyCloudConfig(vetFinalScanArgs) + } + if ( this.config.trustedRegistries && this.config.trustedRegistries.length > 0 @@ -252,6 +257,10 @@ export class Vet { vetFinalScanArgs.push('--exceptions-extra', this.config.exceptionFile) } + if (this.config.cloudMode) { + this.applyCloudConfig(vetFinalScanArgs) + } + if ( this.config.trustedRegistries && this.config.trustedRegistries.length > 0 @@ -408,7 +417,7 @@ export class Vet { private async getLatestRelease(): Promise { let versionToUse = this.config.version ?? '' if (versionToUse.length === 0) { - versionToUse = 'v1.6.1' + versionToUse = 'v1.8.0' } return `https://github.com/safedep/vet/releases/download/${versionToUse}/vet_Linux_x86_64.tar.gz` @@ -521,4 +530,28 @@ export class Vet { return getDefaultVetPolicyFilePath() } + + private applyCloudConfig(args: string[]): void { + if (!this.config.apiKey) { + throw new Error('API key is required for cloud mode') + } + + if (!this.config.tenant) { + throw new Error('Tenant is required for cloud mode') + } + + core.info('Using cloud mode') + process.env.VET_API_KEY = this.config.apiKey + + core.info(`Using tenant: ${this.config.tenant}`) + process.env.VET_CONTROL_TOWER_TENANT_ID = this.config.tenant + + args.push('--report-sync') + args.push('--report-sync-project', process.env.GITHUB_REPOSITORY as string) + + args.push( + '--report-sync-project-version', + process.env.GITHUB_REF_NAME as string + ) + } }