feat: automatically detect and upload github action metadata

upload-file/main.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"io"
 	"log"
@@ -92,6 +93,110 @@ func uploadFile(filePath, destination, securityAgentAPIEndpoint, securityAgentAP
 		return fmt.Errorf("failed to upload file to S3: %v", err)
 	}
 
+	type Metadata struct {
+		OriginalFileName string            `json:"original_file_name"`
+		FileContentPath  string            `json:"file_content_path"`
+		GitHubMetadata   map[string]string `json:"github_metadata"`
+		Tags             map[string]string `json:"tags"`
+	}
+
+	var metadata Metadata
+	metadata.OriginalFileName = filepath.Base(filePath)
+	metadata.FileContentPath = destination
+	metadata.GitHubMetadata = make(map[string]string)
+	metadata.Tags = make(map[string]string)
+
+	githubActionEnvVars := []string{
+		"GITHUB_JOB",
+		"GITHUB_REF",
+		"GITHUB_SHA",
+		"GITHUB_REPOSITORY",
+		"GITHUB_REPOSITORY_OWNER",
+		"GITHUB_REPOSITORY_OWNER_ID",
+		"GITHUB_RUN_ID",
+		"GITHUB_RUN_NUMBER",
+		"GITHUB_RETENTION_DAYS",
+		"GITHUB_RUN_ATTEMPT",
+		"GITHUB_ACTOR_ID",
+		"GITHUB_ACTOR",
+		"GITHUB_WORKFLOW",
+		"GITHUB_HEAD_REF",
+		"GITHUB_BASE_REF",
+		"GITHUB_EVENT_NAME",
+		"GITHUB_SERVER_URL",
+		"GITHUB_API_URL",
+		"GITHUB_GRAPHQL_URL",
+		"GITHUB_REF_NAME",
+		"GITHUB_REF_PROTECTED",
+		"GITHUB_REF_TYPE",
+		"GITHUB_WORKFLOW_REF",
+		"GITHUB_WORKFLOW_SHA",
+		"GITHUB_REPOSITORY_ID",
+		"GITHUB_TRIGGERING_ACTOR",
+		"GITHUB_WORKSPACE",
+		"GITHUB_ACTION",
+		"GITHUB_EVENT_PATH",
+		"GITHUB_ACTION_REPOSITORY",
+		"GITHUB_ACTION_REF",
+		"GITHUB_PATH",
+		"GITHUB_ENV",
+		"GITHUB_STEP_SUMMARY",
+		"GITHUB_STATE",
+		"GITHUB_OUTPUT",
+		"RUNNER_OS",
+		"RUNNER_ARCH",
+		"RUNNER_NAME",
+		"RUNNER_ENVIRONMENT",
+		"RUNNER_TOOL_CACHE",
+		"RUNNER_TEMP",
+		"RUNNER_WORKSPACE",
+		"ACTIONS_RUNTIME_URL",
+		"ACTIONS_RUNTIME_TOKEN",
+		"ACTIONS_CACHE_URL",
+		"ACTIONS_ID_TOKEN_REQUEST_URL",
+		"ACTIONS_ID_TOKEN_REQUEST_TOKEN",
+		"ACTIONS_RESULTS_URL",
+		"GITHUB_ACTIONS",
+		"CI",
+	}
+
+	if os.Getenv("GITHUB_ACTIONS") == "true" {
+		metadataUploadPath := "metadata/" + os.Getenv("GITHUB_REPOSITORY") + "/" + os.Getenv("GITHUB_REF") + "/" + os.Getenv("GITHUB_SHA") + ".json"
+		for _, envVar := range githubActionEnvVars {
+			metadata.GitHubMetadata[envVar] = os.Getenv(envVar)
+		}
+
+		log.Println("Getting presigned URL for metadata upload", metadataUploadPath)
+		presignedURL, err := getPresignedUploadURL(metadataUploadPath, securityAgentAPIEndpoint, securityAgentAPIKey)
+		if err != nil {
+			return fmt.Errorf("failed to get presigned upload URL: %v", err)
+		}
+
+		metadataJSON, err := json.Marshal(metadata)
+		if err != nil {
+			return fmt.Errorf("failed to marshal metadata: %v", err)
+		}
+
+		metadataFile, err := os.CreateTemp("", "metadata.json")
+		if err != nil {
+			return fmt.Errorf("failed to create temp metadata file: %v", err)
+		}
+		defer os.Remove(metadataFile.Name())
+
+		_, err = metadataFile.Write(metadataJSON)
+		if err != nil {
+			return fmt.Errorf("failed to write metadata to temp file: %v", err)
+		}
+
+		log.Println("Uploading metadata to S3")
+		err = uploadFileToS3(metadataFile.Name(), presignedURL)
+		if err != nil {
+			return fmt.Errorf("failed to upload file to S3: %v", err)
+		}
+
+		log.Println("Metadata upload completed successfully")
+	}
+
 	log.Printf("File uploaded successfully to: %s", destination)
 	return nil
 }
@@ -139,8 +244,7 @@ func getPresignedUploadURL(destination, securityAgentAPIEndpoint, securityAgentA
 }
 
 // uploadFileToS3 uploads the file to S3 using the presigned URL
-func uploadFileToS3(filePath, presignedURL string) error {
-	// Open the file
+func uploadFileToS3(filePath string, presignedURL string) error {
 	file, err := os.Open(filePath)
 	if err != nil {
 		return fmt.Errorf("failed to open file: %v", err)