-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Refactor login/logout actions
- Loading branch information
Showing
11 changed files
with
103 additions
and
159 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,18 @@ | ||
name: 'Run "fcli fod session login" command' | ||
description: 'Run "fcli fod session login" command based on environment variables' | ||
description: 'Run "fcli fod session login" command based on environment variables, auto-logout on job termination' | ||
author: 'Fortify' | ||
runs: | ||
using: composite | ||
steps: | ||
# Define login options | ||
- run: | | ||
if [ -z "$FOD_URL" ]; then | ||
echo "ERROR: FOD_URL environment variable must be set"; exit 1; | ||
fi | ||
if [ -n "${FOD_CLIENT_ID}" -a -n "${FOD_CLIENT_SECRET}" ]; then | ||
echo '_FOD_LOGIN_OPTS=--url "${FOD_URL}" --client-id "${FOD_CLIENT_ID}" --client-secret "${FOD_CLIENT_SECRET}" ${EXTRA_FOD_LOGIN_OPTS}' >> $GITHUB_ENV | ||
elif [ -n "${FOD_USER}" -a -n "${FOD_PASSWORD}" -a -n "${FOD_TENANT}" ]; then | ||
echo '_FOD_LOGIN_OPTS=--url "${FOD_URL}" -t "${FOD_TENANT}" -u "${FOD_USER}" -p "${FOD_PASSWORD}" ${EXTRA_FOD_LOGIN_OPTS}' >> $GITHUB_ENV | ||
else | ||
echo "ERROR: Either FOD_CLIENT_ID and FOD_CLIENT_SECRET, or FOD_TENANT, FOD_USER and FOD_PASSWORD environment variables must be set"; exit 1; | ||
fi | ||
shell: bash | ||
# Run fcli login command; note that the calling action/workflow is responsible for installing fcli | ||
- uses: fortify/github-action/internal/[email protected] | ||
# If not run before: check preconditions, run fcli login command, and run | ||
# post-job fcli logout command. | ||
# Note that the calling action/workflow is responsible for installing fcli | ||
- uses: fortify/github-action/internal/[email protected] | ||
if: ${{ !env._FOD_LOGGED_IN }} | ||
with: | ||
cmd: '"${FCLI_CMD}" fod session login ${_FOD_LOGIN_OPTS}' | ||
# Clean up temporary environment variables | ||
- run: | | ||
echo '_FOD_LOGIN_OPTS=""' >> $GITHUB_ENV | ||
shell: bash | ||
script: ${{ github.action_path }}/login.sh | ||
post: ${{ github.action_path }}/logout.sh | ||
|
||
branding: | ||
icon: 'shield' | ||
color: 'blue' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
if [ -n "$RUNNER_DEBUG" ]; then | ||
set -v -x | ||
fi | ||
if [ -z "$FCLI_CMD" ]; then | ||
echo "ERROR: fortify/github-action/setup must be run to set up fcli before running this action" | ||
exit 1; | ||
fi | ||
if [ -z "$FOD_URL" ]; then | ||
echo "ERROR: FOD_URL environment variable must be set"; exit 1; | ||
fi | ||
if [ -n "${FOD_CLIENT_ID}" -a -n "${FOD_CLIENT_SECRET}" ]; then | ||
_FOD_AUTH_OPTS=("--client-id" "${FOD_CLIENT_ID}" "--client-secret" "${FOD_CLIENT_SECRET}") | ||
elif [ -n "${FOD_USER}" -a -n "${FOD_PASSWORD}" -a -n "${FOD_TENANT}" ]; then | ||
_FOD_AUTH_OPTS=("-t" "${FOD_TENANT}" "-u" "${FOD_USER}" "-p" "${FOD_PASSWORD}") | ||
else | ||
echo "ERROR: Either FOD_CLIENT_ID and FOD_CLIENT_SECRET, or FOD_TENANT, FOD_USER and FOD_PASSWORD environment variables must be set" | ||
exit 1; | ||
fi | ||
${FCLI_CMD} fod session login --url "${FOD_URL}" "${_FOD_AUTH_OPTS[@]}" ${EXTRA_FOD_LOGIN_OPTS} || exit 1 | ||
echo '_FOD_LOGGED_IN=true' >> $GITHUB_ENV |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
if [ -n "$RUNNER_DEBUG" ]; then | ||
set -v -x | ||
fi | ||
if [[ "${_FOD_LOGGED_IN}" == "true" ]]; then | ||
echo '_FOD_LOGGED_IN=false' >> $GITHUB_ENV | ||
${FCLI_CMD} fod session logout || exit 1 | ||
fi |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
name: Run a script with optional post-job cleanup | ||
|
||
description: 'Action to execute a bash script, optionally executing another script on job completion.' | ||
|
||
inputs: | ||
script: | ||
description: 'Script to run' | ||
required: true | ||
post: | ||
description: 'Script to run on job completion' | ||
required: false | ||
key: | ||
description: 'Name of the state variable used to detect the post step.' | ||
required: false | ||
default: POST | ||
|
||
runs: | ||
using: 'node20' | ||
main: 'main.js' | ||
post: 'main.js' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
const { spawn } = require("child_process"); | ||
const { appendFileSync } = require("fs"); | ||
const { EOL } = require("os"); | ||
|
||
function run(script) { | ||
if ( script ) { | ||
const subprocess = spawn(`bash -c -o pipefail -v ${script}`, { stdio: "inherit", shell: true }); | ||
subprocess.on("exit", (exitCode) => { | ||
process.exitCode = exitCode; | ||
}); | ||
} | ||
} | ||
|
||
const key = process.env.INPUT_KEY.toUpperCase(); | ||
|
||
if ( process.env[`STATE_${key}`] !== undefined ) { // Are we in the 'post' step? | ||
run(process.env.INPUT_POST); | ||
} else { // Otherwise, this is the main step | ||
appendFileSync(process.env.GITHUB_STATE, `${key}=true${EOL}`); | ||
run(process.env.INPUT_SCRIPT); | ||
} |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,27 +7,31 @@ runs: | |
# TODO If we wait for scan completion, potentially we could generate a CIToken if | ||
# SSC_USER and SSC_PASSWORD have been set, and then revoke the token once the | ||
# scan has been successfully processed on SSC. | ||
# Define login options | ||
- run: | | ||
if [ -z "$SSC_URL" ]; then | ||
echo "ERROR: SSC_URL environment variable must be set"; exit 1; | ||
fi | ||
if [ -z "$SC_SAST_TOKEN" ]; then | ||
echo "ERROR: SC_SAST_TOKEN environment variable must be set"; exit 1; | ||
fi | ||
if [ -z "SSC_TOKEN" ]; then | ||
echo "ERROR: SSC_TOKEN environment variable must be set"; exit 1; | ||
fi | ||
echo '_SC_SAST_LOGIN_OPTS=--ssc-url "${SSC_URL}" -t "${SSC_TOKEN}" -c "${SC_SAST_TOKEN}" ${EXTRA_SC_SAST_LOGIN_OPTS}' >> $GITHUB_ENV | ||
shell: bash | ||
# Run fcli login command; note that the calling action/workflow is responsible for installing fcli | ||
- uses: fortify/github-action/internal/[email protected] | ||
|
||
# If not run before: check preconditions, run fcli login command, and run | ||
# post-job fcli logout command. | ||
# Note that the calling action/workflow is responsible for installing fcli | ||
- uses: fortify/github-action/internal/[email protected] | ||
if: ${{ !env._SC_SAST_LOGGED_IN } | ||
with: | ||
cmd: '"${FCLI_CMD}" sc-sast session login ${_SC_SAST_LOGIN_OPTS}' | ||
# Clean up temporary environment variables | ||
- run: | | ||
echo '_SC_SAST_LOGIN_OPTS=""' >> $GITHUB_ENV | ||
shell: bash | ||
main: | | ||
if [ -z "$SSC_URL" ]; then | ||
echo "ERROR: SSC_URL environment variable must be set"; exit 1; | ||
fi | ||
if [ -z "$SC_SAST_TOKEN" ]; then | ||
echo "ERROR: SC_SAST_TOKEN environment variable must be set"; exit 1; | ||
fi | ||
if [ -z "SSC_TOKEN" ]; then | ||
echo "ERROR: SSC_TOKEN environment variable must be set"; exit 1; | ||
fi | ||
"${FCLI_CMD}" sc-sast session login --ssc-url "${SSC_URL}" -t "${SSC_TOKEN}" -c "${SC_SAST_TOKEN}" ${EXTRA_SC_SAST_LOGIN_OPTS} | ||
echo '_SC_SAST_LOGGED_IN=true' >> $GITHUB_ENV | ||
post: | | ||
if [[] "${_SC_SAST_LOGGED_IN}" == "true" ]; then | ||
echo '_SC_SAST_LOGGED_IN=false' >> $GITHUB_ENV | ||
"${FCLI_CMD}" sc-sast session logout --no-revoke-token | ||
fi | ||
branding: | ||
icon: 'shield' | ||
color: 'blue' | ||
|
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.