feat: make dest optional and introduce github action test (#1)

* feat: make dest optional and introduce github action test

* add docker ignore

* rename the binary name

* change to non-root user home

* provide abs path of binary

* pass args to the action

* try env key

* log raw resp

* avoid raw response

* ci: trigger job

* ci: trigger after swithcing api to public mode

Author: scriptnull

.github/workflows/test-upload-file.yml

@@ -0,0 +1,36 @@
+name: Test Upload File Action
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "upload-file/**"
+  pull_request:
+    branches: [main]
+    paths:
+      - "upload-file/**"
+  workflow_dispatch:
+
+jobs:
+  test-upload-file:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Create test file
+        run: |
+          cat > test-upload.json << 'EOF'
+          {
+            "message": "This is a test file for upload action",
+            "created_at": "$(date -Iseconds)",
+          }
+          EOF
+
+      - name: Test Upload File Action
+        uses: ./upload-file
+        with:
+          file_path: test-upload.json
+          security_agent_api_endpoint: ${{ secrets.SECURITY_AGENT_API_ENDPOINT }}
+          security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}

justfile

@@ -91,8 +91,9 @@ test-upload-file-docker:
         -v "$(pwd)/test-file.json:/test-file.json:ro" \
         -e INPUT_FILE_PATH="/test-file.json" \
         -e INPUT_DESTINATION="${INPUT_DESTINATION:-temp-data/test-$(date +%s).json}" \
-        -e INPUT_SECURITY_AGENT_API_ENDPOINT="${INPUT_SECURITY_AGENT_API_ENDPOINT:-}" \
-        -e INPUT_SECURITY_AGENT_API_KEY="${INPUT_SECURITY_AGENT_API_KEY:-}" \
+        -e INPUT_SECURITY_AGENT_API_ENDPOINT="${INPUT_SECURITY_AGENT_API_ENDPOINT}" \
+        -e INPUT_SECURITY_AGENT_API_KEY="${INPUT_SECURITY_AGENT_API_KEY}" \
+        --network host \
         upload-file-test
 
     echo "--- :: Cleaning up test file"

upload-file/.dockerignore

@@ -0,0 +1,22 @@
+# Ignore compiled binaries
+upload-file
+*.exe
+
+# Ignore common development files
+.git
+.gitignore
+*.log
+*.tmp
+.DS_Store
+Thumbs.db
+
+# Ignore IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Ignore test files
+*_test.go
+
+.env

upload-file/Dockerfile

@@ -14,7 +14,7 @@ RUN go mod download
 COPY . .
 
 # Build the application
-RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o upload-file .
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o upload-file-cmd .
 
 # Runtime stage
 FROM alpine:latest
@@ -26,17 +26,18 @@ RUN apk --no-cache add ca-certificates
 RUN addgroup -g 1001 -S appgroup && \
     adduser -u 1001 -S appuser -G appgroup
 
-# Set working directory
-WORKDIR /root/
+# Set working directory to a location accessible by appuser
+WORKDIR /home/appuser
 
 # Copy the binary from builder stage
-COPY --from=builder /app/upload-file .
+COPY --from=builder /app/upload-file-cmd .
 
 # Change ownership to non-root user
-RUN chown appuser:appgroup upload-file
+RUN chown appuser:appgroup upload-file-cmd && \
+    chmod +x upload-file-cmd
 
 # Switch to non-root user
 USER appuser
 
 # Command to run the executable
-CMD ["./upload-file"]
+CMD ["/home/appuser/upload-file-cmd"]

upload-file/action.yml

@@ -12,7 +12,7 @@ inputs:
     required: true
   destination:
     description: "Destination path or URL for the upload"
-    required: true
+    required: false
   security_agent_api_endpoint:
     description: "Security Agent API endpoint"
     required: true
@@ -23,3 +23,8 @@ inputs:
 runs:
   using: "docker"
   image: "Dockerfile"
+  env:
+    INPUT_FILE_PATH: ${{ inputs.file_path }}
+    INPUT_DESTINATION: ${{ inputs.destination }}
+    INPUT_SECURITY_AGENT_API_ENDPOINT: ${{ inputs.security_agent_api_endpoint }}
+    INPUT_SECURITY_AGENT_API_KEY: ${{ inputs.security_agent_api_key }}

upload-file/main.go

@@ -3,6 +3,8 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"log"
@@ -24,13 +26,27 @@ func main() {
 	if filePath == "" {
 		log.Fatal("file-path input is required")
 	}
-	if destination == "" {
-		log.Fatal("destination input is required")
+	// Validate that the file path is a JSON file
+	if filepath.Ext(filePath) != ".json" {
+		log.Fatalf("file must be a JSON file, got: %s", filePath)
+	}
+
+	if securityAgentAPIEndpoint == "" {
+		log.Fatal("security-agent-api-endpoint input is required")
 	}
 	if securityAgentAPIKey == "" {
 		log.Fatal("security-agent-api-key input is required")
 	}
 
+	if destination == "" {
+		// Calculate SHA256 of file contents
+		hash, err := calculateFileSHA256(filePath)
+		if err != nil {
+			log.Fatalf("Failed to calculate file hash: %v", err)
+		}
+		destination = "uploads/" + hash + ".json"
+	}
+
 	// Perform the upload
 	err := uploadFile(filePath, destination, securityAgentAPIEndpoint, securityAgentAPIKey)
 	if err != nil {
@@ -105,21 +121,8 @@ func getPresignedUploadURL(destination, securityAgentAPIEndpoint, securityAgentA
 
 	// Execute the request with raw response capture
 	var response PresignedUploadResponse
-	var rawResponse interface{}
-
-	// First, try to get the raw response to see what we're actually getting
-	err := client.Run(ctx, req, &rawResponse)
-	if err != nil {
-		log.Printf("GraphQL request failed with error: %v", err)
-		return "", fmt.Errorf("GraphQL request failed: %v", err)
-	}
 
-	// Log the raw response for debugging
-	// rawJSON, _ := json.MarshalIndent(rawResponse, "", "  ")
-	// log.Printf("Raw GraphQL response: %s", string(rawJSON))
-
-	// Now try to parse into our expected structure
-	err = client.Run(ctx, req, &response)
+	err := client.Run(ctx, req, &response)
 	if err != nil {
 		log.Printf("Failed to parse GraphQL response into expected structure: %v", err)
 		return "", fmt.Errorf("GraphQL request failed: %v", err)
@@ -215,3 +218,21 @@ func getContentType(filePath string) string {
 		return "application/octet-stream"
 	}
 }
+
+// calculateFileSHA256 calculates the SHA256 hash of a file's contents
+func calculateFileSHA256(filePath string) (string, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return "", fmt.Errorf("failed to open file: %v", err)
+	}
+	defer file.Close()
+
+	hasher := sha256.New()
+	_, err = io.Copy(hasher, file)
+	if err != nil {
+		return "", fmt.Errorf("failed to read file for hashing: %v", err)
+	}
+
+	hashBytes := hasher.Sum(nil)
+	return hex.EncodeToString(hashBytes), nil
+}