diff --git a/.eslintrc.json b/.eslintrc.json index a56c2e4..66db48b 100644 --- a/.eslintrc.json +++ b/.eslintrc.json @@ -10,7 +10,7 @@ "semi": ["error", "always"] }, "parserOptions": { - "ecmaVersion": 8, + "ecmaVersion": 2020, "sourceType": "module" }, "ignorePatterns": [ diff --git a/.github/workflows/actions_release.yml b/.github/workflows/actions_release.yml index d560230..899bd70 100644 --- a/.github/workflows/actions_release.yml +++ b/.github/workflows/actions_release.yml @@ -11,6 +11,10 @@ on: required: false type: string default: 'yarn build' + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" permissions: contents: read @@ -25,4 +29,5 @@ jobs: uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1 with: tag: "${{ github.event.inputs.tag }}" - script: "${{ github.event.inputs.script }}" \ No newline at end of file + script: "${{ github.event.inputs.script }}" + node_version: "${{ github.event.inputs.node_version }}" \ No newline at end of file diff --git a/.github/workflows/audit_package.yml b/.github/workflows/audit_package.yml index 6da6488..f630bb1 100644 --- a/.github/workflows/audit_package.yml +++ b/.github/workflows/audit_package.yml @@ -16,6 +16,10 @@ on: required: false type: string default: 'yarn build' + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" schedule: - cron: "0 0 * * 1" @@ -26,6 +30,7 @@ jobs: package_manager: ${{ inputs.package_manager || 'yarn' }} base_branch: ${{ inputs.base_branch || 'main' }} script: ${{ inputs.script || 'yarn build' }} + node_version: "${{ inputs.node_version || '24' }}" permissions: contents: write diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml index 06b55f7..2afa6f6 100644 --- a/.github/workflows/auto_cherry_pick.yml +++ b/.github/workflows/auto_cherry_pick.yml @@ -7,6 +7,10 @@ on: description: "Base branch to create the PR against" required: true default: "main" + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" permissions: contents: write @@ -21,3 +25,4 @@ jobs: original-owner: "mmoyaferrer" repo-name: "set-github-variable" base_branch: ${{ inputs.base_branch }} + node_version: "${{ inputs.node_version || '24' }}" diff --git a/README.md b/README.md index 47fd928..d68b39b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) +
📦
diff --git a/action.yml b/action.yml index 9c00652..510b7ce 100644 --- a/action.yml +++ b/action.yml @@ -40,5 +40,5 @@ outputs: description: Response data runs: - using: 'node20' + using: 'node24' main: 'dist/index.js' diff --git a/dist/index.js b/dist/index.js index 5003dd4..6a0d9a1 100644 --- a/dist/index.js +++ b/dist/index.js @@ -45912,26 +45912,58 @@ axios.default = axios; // this module should only have a default export /* harmony default export */ const lib_axios = (axios); +// EXTERNAL MODULE: external "fs" +var external_fs_ = __nccwpck_require__(9896); ;// CONCATENATED MODULE: ./src/index.js -async function validateSubscription() { - const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`; +async function validateSubscription() { + let repoPrivate; + const eventPath = process.env.GITHUB_EVENT_PATH; + if (eventPath && external_fs_.existsSync(eventPath)) { + const payload = JSON.parse(external_fs_.readFileSync(eventPath, 'utf8')); + repoPrivate = payload?.repository?.private; + } + + const upstream = 'mmoyaferrer/set-github-variable'; + const action = process.env.GITHUB_ACTION_REPOSITORY; + const docsUrl = + 'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions'; + + core.info(''); + core.info('StepSecurity Maintained Action'); + core.info(`Secure drop-in replacement for ${upstream}`); + if (repoPrivate === false) + core.info('✓ Free for public repositories'); + core.info(`Learn more: ${docsUrl}`); + core.info(''); + + if (repoPrivate === false) return; + const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com'; + const body = { action: action || '' }; + + if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl; try { - await lib_axios.get(API_URL, { timeout: 3000 }); + await lib_axios.post( + `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`, + body, + { timeout: 3000 }, + ); } catch (error) { - if (error.response && error.response.status === 403) { + if (lib_axios.isAxiosError(error) && error.response?.status === 403) { core.error( - 'Subscription is not valid. Reach out to support@stepsecurity.io' + 'This action requires a StepSecurity subscription for private repositories.', + ); + core.error( + `Learn how to enable a subscription: ${docsUrl}`, ); process.exit(1); - } else { - core.info('Timeout or API not reachable. Continuing to next step.'); } + core.info('Timeout or API not reachable. Continuing to next step.'); } } diff --git a/src/index.js b/src/index.js index 63be1a7..3ff623a 100644 --- a/src/index.js +++ b/src/index.js @@ -2,21 +2,51 @@ import core, { getInput, setOutput, setFailed } from '@actions/core'; import { Octokit } from '@octokit/core'; import fetch from 'node-fetch'; import axios from 'axios'; +import fs from 'fs'; async function validateSubscription() { - const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`; + let repoPrivate; + const eventPath = process.env.GITHUB_EVENT_PATH; + if (eventPath && fs.existsSync(eventPath)) { + const payload = JSON.parse(fs.readFileSync(eventPath, 'utf8')); + repoPrivate = payload?.repository?.private; + } + + const upstream = 'mmoyaferrer/set-github-variable'; + const action = process.env.GITHUB_ACTION_REPOSITORY; + const docsUrl = + 'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions'; + + core.info(''); + core.info('StepSecurity Maintained Action'); + core.info(`Secure drop-in replacement for ${upstream}`); + if (repoPrivate === false) + core.info('✓ Free for public repositories'); + core.info(`Learn more: ${docsUrl}`); + core.info(''); + if (repoPrivate === false) return; + const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com'; + const body = { action: action || '' }; + + if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl; try { - await axios.get(API_URL, { timeout: 3000 }); + await axios.post( + `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`, + body, + { timeout: 3000 }, + ); } catch (error) { - if (error.response && error.response.status === 403) { + if (axios.isAxiosError(error) && error.response?.status === 403) { + core.error( + 'This action requires a StepSecurity subscription for private repositories.', + ); core.error( - 'Subscription is not valid. Reach out to support@stepsecurity.io' + `Learn how to enable a subscription: ${docsUrl}`, ); process.exit(1); - } else { - core.info('Timeout or API not reachable. Continuing to next step.'); } + core.info('Timeout or API not reachable. Continuing to next step.'); } }