diff --git a/setup/dist/index.js b/setup/dist/index.js index 581f439..f508b70 100644 --- a/setup/dist/index.js +++ b/setup/dist/index.js @@ -6587,7 +6587,21 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); const core = __importStar(__nccwpck_require__(2186)); const tc = __importStar(__nccwpck_require__(7784)); const exec = __importStar(__nccwpck_require__(1514)); +// TODO Update to 2.0.0 once available const INTERNAL_FCLI_VERSION = 'dev_develop'; +// TODO For both fcli and other tools, if version is 'latest', we probably shouldn't use +// tool cache (as then we may never download newer versions), but we do want to check +// whether installPath already exists to avoid reinstalling multiple times within a +// single workflow (depending on how we organize other actions, this setup action may +// be invoked multiple times). +// TODO Somewhat related, if version is 'default', we may want to translate that to the +// actual version number for use in tool path and cache. For tools installed through +// fcli, we can run `fcli tool * list` with query and output options to get the version +// number for the default version. +// TODO We may need 'internal' versions for the other tools as well, for example a composite +// export-vulnerabilities workflow may use this setup action to install a specific FVE +// version, but we don't want to add that version to the system path as we don't want +// the export-vulnerabilities action to override the FVE version requested by the user. /** * Install fcli * @returns path to the directory where fcli was installed @@ -6596,7 +6610,7 @@ function installFcli(fcliVersion) { return __awaiter(this, void 0, void 0, function* () { let cachedPath = tc.find('fcli', fcliVersion); if (cachedPath) { - core.info(`Using fcli ${fcliVersion} from cache`); + core.info(`Using previously installed fcli ${fcliVersion}`); } else { const baseUrl = fcliVersion === 'latest' @@ -6641,7 +6655,7 @@ function installTool(internalFcli, toolName, toolVersion) { if (toolVersion !== 'none') { let installPath = tc.find(toolName, toolVersion); if (installPath) { - core.info(`Using ${toolName} ${toolVersion} from cache`); + core.info(`Using previously installed ${toolName} ${toolVersion}`); } else { core.info(`Installing ${toolName} ${toolVersion}`); diff --git a/setup/src/main.ts b/setup/src/main.ts index ee34ce5..d637054 100644 --- a/setup/src/main.ts +++ b/setup/src/main.ts @@ -2,8 +2,23 @@ import * as core from '@actions/core'; import * as tc from '@actions/tool-cache'; import * as exec from '@actions/exec'; +// TODO Update to 2.0.0 once available const INTERNAL_FCLI_VERSION='dev_develop'; +// TODO For both fcli and other tools, if version is 'latest', we probably shouldn't use +// tool cache (as then we may never download newer versions), but we do want to check +// whether installPath already exists to avoid reinstalling multiple times within a +// single workflow (depending on how we organize other actions, this setup action may +// be invoked multiple times). +// TODO Somewhat related, if version is 'default', we may want to translate that to the +// actual version number for use in tool path and cache. For tools installed through +// fcli, we can run `fcli tool * list` with query and output options to get the version +// number for the default version. +// TODO We may need 'internal' versions for the other tools as well, for example a composite +// export-vulnerabilities workflow may use this setup action to install a specific FVE +// version, but we don't want to add that version to the system path as we don't want +// the export-vulnerabilities action to override the FVE version requested by the user. + /** * Install fcli * @returns path to the directory where fcli was installed @@ -11,7 +26,7 @@ const INTERNAL_FCLI_VERSION='dev_develop'; async function installFcli(fcliVersion: string): Promise { let cachedPath = tc.find('fcli', fcliVersion); if (cachedPath) { - core.info(`Using fcli ${fcliVersion} from cache`); + core.info(`Using previously installed fcli ${fcliVersion}`); } else { const baseUrl = fcliVersion === 'latest' ? 'https://github.com/fortify/fcli/releases/latest/download' @@ -48,15 +63,15 @@ function getFcliVersion(): string { } } -async function installTool(internalFcliPath: string, toolName: string, toolVersion: string): Promise { +async function installTool(internalFcli: string, toolName: string, toolVersion: string): Promise { if (toolVersion !== 'none') { let installPath = tc.find(toolName, toolVersion); if (installPath) { - core.info(`Using ${toolName} ${toolVersion} from cache`); + core.info(`Using previously installed ${toolName} ${toolVersion}`); } else { core.info(`Installing ${toolName} ${toolVersion}`); installPath = `/opt/fortify/${toolName}/${toolVersion}`; - await exec.exec(`${internalFcliPath}/fcli`, ['tool', toolName, 'install', toolVersion, '-d', installPath]); + await exec.exec(internalFcli, ['tool', toolName, 'install', toolVersion, '-d', installPath]); installPath = await tc.cacheDir(installPath, toolName, toolVersion); } core.addPath(`${installPath}/bin`); @@ -66,11 +81,16 @@ async function installTool(internalFcliPath: string, toolName: string, toolVersi async function main(): Promise { const tools = ['sc-client', 'fod-uploader', 'vuln-exporter'] try { - const internalFcliPath = await installFcli(INTERNAL_FCLI_VERSION); - core.exportVariable('INTERNAL_FCLI_PATH', internalFcliPath); + // Install fixed fcli version for internal action use. The path to the + // internal fcli executable is accessible through the INTERNAL_FCLI + // environment variable. + const internalFcli = core.toPlatformPath(await installFcli(INTERNAL_FCLI_VERSION)+'/fcli'); + core.exportVariable('INTERNAL_FCLI', internalFcli); + + // Install user-specified fcli version and other Fortify tools core.addPath(await installFcli(getFcliVersion())); for (const tool of tools) { - await installTool(internalFcliPath, tool, core.getInput(tool)) + await installTool(internalFcli, tool, core.getInput(tool)) } } catch (err) { core.setFailed("Action failed with error: " + err);