Merge pull request #183 from h0x0er/cache-solve

Add changes to get cache endpoint

dist/post/index.js

@@ -61421,6 +61421,11 @@ var CompressionMethod;
     CompressionMethod["ZstdWithoutLong"] = "zstd-without-long";
     CompressionMethod["Zstd"] = "zstd";
 })(CompressionMethod || (CompressionMethod = {}));
+// Refer: https://github.com/actions/cache/blob/12681847c623a9274356751fdf0a63576ff3f846/src/utils/actionUtils.ts#L53
+const RefKey = "GITHUB_REF";
+function isValidEvent() {
+    return RefKey in process.env && Boolean(process.env[RefKey]);
+}
 
 // EXTERNAL MODULE: external "path"
 var external_path_ = __nccwpck_require__(5622);
@@ -61494,15 +61499,17 @@ var cleanup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
     });
     console.log("Service log:");
     console.log(journalLog);
-    try {
-        const cmd = "sudo";
-        const args = ["cp", external_path_default().join(__dirname, "cache.txt"), cacheFile];
-        external_child_process_.execFileSync(cmd, args);
-        const cacheResult = yield cache.saveCache([cacheFile], cacheKey);
-        console.log(cacheResult);
-    }
-    catch (exception) {
-        console.log(exception);
+    if (isValidEvent()) {
+        try {
+            const cmd = "cp";
+            const args = [external_path_default().join(__dirname, "cache.txt"), cacheFile];
+            external_child_process_.execFileSync(cmd, args);
+            const cacheResult = yield cache.saveCache([cacheFile], cacheKey);
+            console.log(cacheResult);
+        }
+        catch (exception) {
+            console.log(exception);
+        }
     }
 }))();
 function sleep(ms) {

src/cache.ts

@@ -114,3 +114,8 @@ export enum CompressionMethod {
   ZstdWithoutLong = "zstd-without-long",
   Zstd = "zstd",
 }
+// Refer: https://github.com/actions/cache/blob/12681847c623a9274356751fdf0a63576ff3f846/src/utils/actionUtils.ts#L53
+const RefKey = "GITHUB_REF";
+export function isValidEvent(): boolean {
+  return RefKey in process.env && Boolean(process.env[RefKey]);
+}

src/cleanup.ts

@@ -4,7 +4,7 @@ import * as core from "@actions/core";
 import * as common from "./common";
 import isDocker from "is-docker";
 import * as cache from "@actions/cache";
-import { cacheFile, cacheKey } from "./cache";
+import { cacheFile, cacheKey, isValidEvent } from "./cache";
 import path from "path";
 
 (async () => {
@@ -69,14 +69,16 @@ import path from "path";
   console.log("Service log:");
   console.log(journalLog);
 
-  try {
-    const cmd = "sudo";
-    const args = ["cp", path.join(__dirname, "cache.txt"), cacheFile];
-    cp.execFileSync(cmd, args);
-    const cacheResult = await cache.saveCache([cacheFile], cacheKey);
-    console.log(cacheResult);
-  } catch (exception) {
-    console.log(exception);
+  if (isValidEvent()) {
+    try {
+      const cmd = "cp";
+      const args = [path.join(__dirname, "cache.txt"), cacheFile];
+      cp.execFileSync(cmd, args);
+      const cacheResult = await cache.saveCache([cacheFile], cacheKey);
+      console.log(cacheResult);
+    } catch (exception) {
+      console.log(exception);
+    }
   }
 })();
 

src/setup.ts

@@ -8,7 +8,13 @@ import * as common from "./common";
 import * as tc from "@actions/tool-cache";
 import { verifyChecksum } from "./checksum";
 import isDocker from "is-docker";
-import { cacheFile, cacheKey, CompressionMethod, getCacheEntry } from "./cache";
+import {
+  cacheFile,
+  cacheKey,
+  CompressionMethod,
+  getCacheEntry,
+  isValidEvent,
+} from "./cache";
 
 (async () => {
   try {
@@ -26,6 +32,8 @@ import { cacheFile, cacheKey, CompressionMethod, getCacheEntry } from "./cache";
     var api_url = `https://${env}.api.stepsecurity.io/v1`;
     var web_url = "https://app.stepsecurity.io";
 
+    console.log(`Step Security Job Correlation ID: ${correlation_id}`);
+
     const confg = {
       repo: process.env["GITHUB_REPOSITORY"],
       run_id: process.env["GITHUB_RUN_ID"],
@@ -37,21 +45,21 @@ import { cacheFile, cacheKey, CompressionMethod, getCacheEntry } from "./cache";
       disable_telemetry: core.getBooleanInput("disable-telemetry"),
     };
 
-    try {
-      const cacheEntry = await getCacheEntry([cacheKey], [cacheFile], {
-        compressionMethod: CompressionMethod.ZstdWithoutLong,
-      });
-      const url = new URL(cacheEntry.archiveLocation);
-      core.info(`Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`);
-      confg.allowed_endpoints += ` ${url.hostname}:443`;
-    } catch (exception) {
-      // some exception has occurred.
-      core.info("Unable to fetch cacheURL");
-      if (confg.egress_policy === "block") {
-        core.warning(
-          "Unable to fetch cacheURL switching egress-policy to audit mode"
-        );
-        confg.egress_policy = "audit";
+    if (isValidEvent()) {
+      try {
+        const cacheEntry = await getCacheEntry([cacheKey], [cacheFile], {
+          compressionMethod: CompressionMethod.ZstdWithoutLong,
+        });
+        const url = new URL(cacheEntry.archiveLocation);
+        core.info(`Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`);
+        confg.allowed_endpoints += ` ${url.hostname}:443`;
+      } catch (exception) {
+        // some exception has occurred.
+        core.info("Unable to fetch cacheURL");
+        if (confg.egress_policy === "block") {
+          core.info("Switching egress-policy to audit mode");
+          confg.egress_policy = "audit";
+        }
       }
     }
 
@@ -98,8 +106,6 @@ import { cacheFile, cacheKey, CompressionMethod, getCacheEntry } from "./cache";
     verifyChecksum(downloadPath); // NOTE: verifying agent's checksum, before extracting
     const extractPath = await tc.extractTar(downloadPath);
 
-    console.log(`Step Security Job Correlation ID: ${correlation_id}`);
-
     if (!confg.disable_telemetry || confg.egress_policy === "audit") {
       common.printInfo(web_url);
     }