Skip to content

Commit

Permalink
chore: Refactor login/logout actions
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed May 31, 2024
1 parent d2fc8ae commit 440554a
Show file tree
Hide file tree
Showing 11 changed files with 103 additions and 159 deletions.
30 changes: 9 additions & 21 deletions internal/fod-login/action.yml
Original file line number Diff line number Diff line change
@@ -1,30 +1,18 @@
name: 'Run "fcli fod session login" command'
description: 'Run "fcli fod session login" command based on environment variables'
description: 'Run "fcli fod session login" command based on environment variables, auto-logout on job termination'
author: 'Fortify'
runs:
using: composite
steps:
# Define login options
- run: |
if [ -z "$FOD_URL" ]; then
echo "ERROR: FOD_URL environment variable must be set"; exit 1;
fi
if [ -n "${FOD_CLIENT_ID}" -a -n "${FOD_CLIENT_SECRET}" ]; then
echo '_FOD_LOGIN_OPTS=--url "${FOD_URL}" --client-id "${FOD_CLIENT_ID}" --client-secret "${FOD_CLIENT_SECRET}" ${EXTRA_FOD_LOGIN_OPTS}' >> $GITHUB_ENV
elif [ -n "${FOD_USER}" -a -n "${FOD_PASSWORD}" -a -n "${FOD_TENANT}" ]; then
echo '_FOD_LOGIN_OPTS=--url "${FOD_URL}" -t "${FOD_TENANT}" -u "${FOD_USER}" -p "${FOD_PASSWORD}" ${EXTRA_FOD_LOGIN_OPTS}' >> $GITHUB_ENV
else
echo "ERROR: Either FOD_CLIENT_ID and FOD_CLIENT_SECRET, or FOD_TENANT, FOD_USER and FOD_PASSWORD environment variables must be set"; exit 1;
fi
shell: bash
# Run fcli login command; note that the calling action/workflow is responsible for installing fcli
- uses: fortify/github-action/internal/[email protected]
# If not run before: check preconditions, run fcli login command, and run
# post-job fcli logout command.
# Note that the calling action/workflow is responsible for installing fcli
- uses: fortify/github-action/internal/[email protected]
if: ${{ !env._FOD_LOGGED_IN }}
with:
cmd: '"${FCLI_CMD}" fod session login ${_FOD_LOGIN_OPTS}'
# Clean up temporary environment variables
- run: |
echo '_FOD_LOGIN_OPTS=""' >> $GITHUB_ENV
shell: bash
script: ${{ github.action_path }}/login.sh
post: ${{ github.action_path }}/logout.sh

branding:
icon: 'shield'
color: 'blue'
Expand Down
21 changes: 21 additions & 0 deletions internal/fod-login/login.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash
if [ -n "$RUNNER_DEBUG" ]; then
set -v -x
fi
if [ -z "$FCLI_CMD" ]; then
echo "ERROR: fortify/github-action/setup must be run to set up fcli before running this action"
exit 1;
fi
if [ -z "$FOD_URL" ]; then
echo "ERROR: FOD_URL environment variable must be set"; exit 1;
fi
if [ -n "${FOD_CLIENT_ID}" -a -n "${FOD_CLIENT_SECRET}" ]; then
_FOD_AUTH_OPTS=("--client-id" "${FOD_CLIENT_ID}" "--client-secret" "${FOD_CLIENT_SECRET}")
elif [ -n "${FOD_USER}" -a -n "${FOD_PASSWORD}" -a -n "${FOD_TENANT}" ]; then
_FOD_AUTH_OPTS=("-t" "${FOD_TENANT}" "-u" "${FOD_USER}" "-p" "${FOD_PASSWORD}")
else
echo "ERROR: Either FOD_CLIENT_ID and FOD_CLIENT_SECRET, or FOD_TENANT, FOD_USER and FOD_PASSWORD environment variables must be set"
exit 1;
fi
${FCLI_CMD} fod session login --url "${FOD_URL}" "${_FOD_AUTH_OPTS[@]}" ${EXTRA_FOD_LOGIN_OPTS} || exit 1
echo '_FOD_LOGGED_IN=true' >> $GITHUB_ENV
8 changes: 8 additions & 0 deletions internal/fod-login/logout.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash
if [ -n "$RUNNER_DEBUG" ]; then
set -v -x
fi
if [[ "${_FOD_LOGGED_IN}" == "true" ]]; then
echo '_FOD_LOGGED_IN=false' >> $GITHUB_ENV
${FCLI_CMD} fod session logout || exit 1
fi
14 changes: 0 additions & 14 deletions internal/fod-logout/action.yml

This file was deleted.

20 changes: 20 additions & 0 deletions internal/run-script/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Run a script with optional post-job cleanup

description: 'Action to execute a bash script, optionally executing another script on job completion.'

inputs:
script:
description: 'Script to run'
required: true
post:
description: 'Script to run on job completion'
required: false
key:
description: 'Name of the state variable used to detect the post step.'
required: false
default: POST

runs:
using: 'node20'
main: 'main.js'
post: 'main.js'
21 changes: 21 additions & 0 deletions internal/run-script/main.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
const { spawn } = require("child_process");
const { appendFileSync } = require("fs");
const { EOL } = require("os");

function run(script) {
if ( script ) {
const subprocess = spawn(`bash -c -o pipefail -v ${script}`, { stdio: "inherit", shell: true });
subprocess.on("exit", (exitCode) => {
process.exitCode = exitCode;
});
}
}

const key = process.env.INPUT_KEY.toUpperCase();

if ( process.env[`STATE_${key}`] !== undefined ) { // Are we in the 'post' step?
run(process.env.INPUT_POST);
} else { // Otherwise, this is the main step
appendFileSync(process.env.GITHUB_STATE, `${key}=true${EOL}`);
run(process.env.INPUT_SCRIPT);
}
File renamed without changes.
44 changes: 24 additions & 20 deletions internal/sc-sast-login/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,31 @@ runs:
# TODO If we wait for scan completion, potentially we could generate a CIToken if
# SSC_USER and SSC_PASSWORD have been set, and then revoke the token once the
# scan has been successfully processed on SSC.
# Define login options
- run: |
if [ -z "$SSC_URL" ]; then
echo "ERROR: SSC_URL environment variable must be set"; exit 1;
fi
if [ -z "$SC_SAST_TOKEN" ]; then
echo "ERROR: SC_SAST_TOKEN environment variable must be set"; exit 1;
fi
if [ -z "SSC_TOKEN" ]; then
echo "ERROR: SSC_TOKEN environment variable must be set"; exit 1;
fi
echo '_SC_SAST_LOGIN_OPTS=--ssc-url "${SSC_URL}" -t "${SSC_TOKEN}" -c "${SC_SAST_TOKEN}" ${EXTRA_SC_SAST_LOGIN_OPTS}' >> $GITHUB_ENV
shell: bash
# Run fcli login command; note that the calling action/workflow is responsible for installing fcli
- uses: fortify/github-action/internal/[email protected]

# If not run before: check preconditions, run fcli login command, and run
# post-job fcli logout command.
# Note that the calling action/workflow is responsible for installing fcli
- uses: fortify/github-action/internal/[email protected]
if: ${{ !env._SC_SAST_LOGGED_IN }
with:
cmd: '"${FCLI_CMD}" sc-sast session login ${_SC_SAST_LOGIN_OPTS}'
# Clean up temporary environment variables
- run: |
echo '_SC_SAST_LOGIN_OPTS=""' >> $GITHUB_ENV
shell: bash
main: |
if [ -z "$SSC_URL" ]; then
echo "ERROR: SSC_URL environment variable must be set"; exit 1;
fi
if [ -z "$SC_SAST_TOKEN" ]; then
echo "ERROR: SC_SAST_TOKEN environment variable must be set"; exit 1;
fi
if [ -z "SSC_TOKEN" ]; then
echo "ERROR: SSC_TOKEN environment variable must be set"; exit 1;
fi
"${FCLI_CMD}" sc-sast session login --ssc-url "${SSC_URL}" -t "${SSC_TOKEN}" -c "${SC_SAST_TOKEN}" ${EXTRA_SC_SAST_LOGIN_OPTS}
echo '_SC_SAST_LOGGED_IN=true' >> $GITHUB_ENV
post: |
if [[] "${_SC_SAST_LOGGED_IN}" == "true" ]; then
echo '_SC_SAST_LOGGED_IN=false' >> $GITHUB_ENV
"${FCLI_CMD}" sc-sast session logout --no-revoke-token
fi
branding:
icon: 'shield'
color: 'blue'
Expand Down
16 changes: 0 additions & 16 deletions internal/sc-sast-logout/action.yml

This file was deleted.

42 changes: 0 additions & 42 deletions internal/with-post-step/action.yml

This file was deleted.

46 changes: 0 additions & 46 deletions internal/with-post-step/main.js

This file was deleted.

0 comments on commit 440554a

Please sign in to comment.