Merge pull request #16 from step-security/int

main <- int

README.md

@@ -44,8 +44,7 @@ jobs:
  runs-on: ubuntu-latest
  permissions:
  contents: read
- pull-requests: write
- id-token: write
+ pull-requests: read
  steps:
  - name: Harden Runner
  uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0

apiclient.go

@@ -33,20 +33,21 @@ func (apiclient *ApiClient) performRequest(method, url string, headers map[strin
  return nil, err
  }
 
- for k, v := range headers {
- req.Header.Add(k, v)
+ if headers != nil {
+ for key, value := range headers {
+ req.Header.Add(key, value)
+ }
  }
 
  return apiclient.Client.Do(req)
 }
 
-func (apiclient *ApiClient) SubmitCodeReviewRequest(oidcToken string, prDetails *PullRequestDetails) (*CodeReviewRequestResponse, error) {
+func (apiclient *ApiClient) SubmitCodeReviewRequest(prDetails *PullRequestDetails) (*CodeReviewRequestResponse, error) {
  url := fmt.Sprintf("%s/codereview/submit", apiclient.ApiBaseURI)
  jsonData, _ := json.Marshal(prDetails)
 
  headers := map[string]string{
- "Content-Type": "application/json; charset=UTF-8",
- "Authorization": fmt.Sprintf("Bearer %s", oidcToken),
+ "Content-Type": "application/json; charset=UTF-8",
  }
 
  resp, err := apiclient.performRequest("POST", url, headers, bytes.NewBuffer(jsonData))
@@ -69,14 +70,10 @@ func (apiclient *ApiClient) SubmitCodeReviewRequest(oidcToken string, prDetails
  return &codeReviewRequestResponse, nil
 }
 
-func (apiclient *ApiClient) GetCodeReviewComments(oidcToken string, request *CodeReviewRequestResponse) (*CodeReviewCommentsResponse, error) {
+func (apiclient *ApiClient) GetCodeReviewComments(request *CodeReviewRequestResponse) (*CodeReviewCommentsResponse, error) {
  url := fmt.Sprintf("%s/codereview/comments?fullreponame=%s&codereviewid=%s", apiclient.ApiBaseURI, request.FullRepoName, request.CodeReviewID)
 
- headers := map[string]string{
- "Authorization": fmt.Sprintf("Bearer %s", oidcToken),
- }
-
- resp, err := apiclient.performRequest("GET", url, headers, nil)
+ resp, err := apiclient.performRequest("GET", url, nil, nil)
  if err != nil {
  return nil, err
  }

main.go

@@ -5,7 +5,6 @@ import (
  "encoding/json"
  "errors"
  "fmt"
- "io/ioutil"
  "net/http"
  "os"
  "strconv"
@@ -40,15 +39,6 @@ const (
  OperationStatusError = "Error"
 )
 
-func getTokenRemainingValidity(timestamp interface{}) float64 {
- if validity, ok := timestamp.(float64); ok {
- tm := time.Unix(int64(validity), 0)
- remainder := time.Until(tm)
- return remainder.Seconds()
- }
- return 0
-}
-
 func getGitHubClient() (*github.Client, context.Context, error) {
  pat := os.Getenv("INPUT_PAT")
  if len(pat) == 0 {
@@ -159,22 +149,12 @@ func getPullRequestDetailsFromEnvironment(isDebugMode bool) (*PullRequestDetails
 
 func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMode bool) (bool, error) {
  responseReceived := false
- audience := APIEndpoint
- oidcClient, err := DefaultOIDCClient(audience)
- if err != nil {
- return responseReceived, fmt.Errorf("error generating OIDC auth token. error:%v", err)
- }
-
- actionsJWT, exp, err := getActionsJWTAndExp(oidcClient, isDebugMode)
- if err != nil {
- return responseReceived, fmt.Errorf("error generating OIDC auth token. error:%v", err)
- }
 
  apiClient := ApiClient{
  Client: &http.Client{},
  ApiBaseURI: APIEndpoint + "/v1/app/",
  }
- response, err := apiClient.SubmitCodeReviewRequest(actionsJWT.Value, prDetails)
+ response, err := apiClient.SubmitCodeReviewRequest(prDetails)
  if err != nil {
  return responseReceived, fmt.Errorf("error submitting code review request: %v", err)
  }
@@ -185,15 +165,7 @@ func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMod
  var reviewComments *CodeReviewCommentsResponse
 
  for i := 0; i < 20 && !responseReceived; i++ {
- remainder := getTokenRemainingValidity(exp)
- if remainder < 60 {
- githubactions.Infof("Renewing OIDC token as it's only valid for %f", remainder)
- actionsJWT, exp, err = getActionsJWTAndExp(oidcClient, isDebugMode)
- if err != nil {
- return responseReceived, fmt.Errorf("error renewing OIDC token. Error: %v", err)
- }
- }
- reviewComments, err = apiClient.GetCodeReviewComments(actionsJWT.Value, response)
+ reviewComments, err = apiClient.GetCodeReviewComments(response)
  if err != nil {
  return responseReceived, fmt.Errorf("error retrieving code review comments: %v", err)
  }
@@ -204,30 +176,7 @@ func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMod
  responseReceived = true
  if reviewComments.Status == OperationStatusError {
  message := fmt.Sprintf("Error while using StepSecurity AI Code Reviewer. \nError details:%s", reviewComments.Error)
- client, ctx, err := getGitHubClient()
- if err != nil {
- return responseReceived, fmt.Errorf("error getting github client:%v", err)
- }
- comment := "COMMENT"
- _, commentResponse, err := client.PullRequests.CreateReview(
- ctx,
- prDetails.GitHubAccountName,
- prDetails.RepositoryName,
- prDetails.PullNumber,
- &github.PullRequestReviewRequest{
- Body: &message,
- Event: &comment,
- })
- if err != nil {
- errorMessage := fmt.Sprintf("Error writing comment on pull request: %v\n", err)
- responseBody, err := ioutil.ReadAll(commentResponse.Body)
- if err == nil {
- errorMessage += fmt.Sprintf(" response body:%s", responseBody)
- } else {
- errorMessage += fmt.Sprintf(" could not retrieve response body for error details. error:%v", err)
- }
- return responseReceived, errors.New(errorMessage)
- }
+ githubactions.Errorf(message)
  }
  break
  }
@@ -259,22 +208,6 @@ func main() {
 
  if !responseReceived {
  message := "StepSecurity AI Code Reviewer request timed out after 10 minutes"
- comment := "COMMENT"
- client, ctx, err := getGitHubClient()
- if err != nil {
- githubactions.Errorf("error getting github client:%v", err)
- return
- }
- client.PullRequests.CreateReview(
- ctx,
- prDetails.GitHubAccountName,
- prDetails.RepositoryName,
- prDetails.PullNumber,
- &github.PullRequestReviewRequest{
- Body: &message,
- Event: &comment,
- })
-
  githubactions.Fatalf(message)
  }
 }