nowsecure
diff --git a/‎.gitignore‎
Lines changed: 139 additions & 0 deletions b/‎.gitignore‎
Lines changed: 139 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 33 additions & 1 deletion b/‎README.md‎
Lines changed: 33 additions & 1 deletion
diff --git a/‎nowsecure/index.ts‎
Lines changed: 145 additions & 0 deletions b/‎nowsecure/index.ts‎
Lines changed: 145 additions & 0 deletions
@@ -0,0 +1,139 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.*
+!.env.example
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Sveltekit cache directory
+.svelte-kit/
+
+# vitepress build output
+**/.vitepress/dist
+
+# vitepress cache directory
+**/.vitepress/cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# Firebase cache directory
+.firebase/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v3
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Vite logs files
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
@@ -1 +1,33 @@
-# nowsecure-azure-ci-extension
+# nowsecure-azure-ci-extension
+
+## Development
+
+### Dependencies
+- node
+
+### Making Changes
+
+The core functionality is handled by the `nowsecure-ci` golang binary. The logic in `Nowsecure/index.ts` is merely a wrapper around that binary file.
+
+To adjust any of the inputs / default values edit the `nowsecure/task.json`
+
+To adjust any of the wrapper logic, edit `nowsecure/index.ts`
+
+### Building
+
+There is a convenience bash script, `publish` which can handle packaging and publishing the ADO extension. 
+
+To package for testing in the QA environment, run the following:
+
+``` shell
+ENV=QA ./publish package
+```
+
+This will create a `.vsix` file which can be uploaded to the [QA storefront](https://marketplace.visualstudio.com/publishers/qa-nowsecure) 
+
+## Deploying
+This should be handled automatically by a Github Action in the future, but the bash script in this repo can also publish directly to the [public storefront](https://marketplace.visualstudio.com/publishers/Nowsecure-com)
+
+```
+ENV=PROD TOKEN=<some-token> ./publish publish
+```
@@ -0,0 +1,145 @@
+import *  as tl from "azure-pipelines-task-lib/task";
+import { ToolRunner } from "azure-pipelines-task-lib/toolrunner";
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+
+const enum Arch {
+  X86 = "x86",
+  X64 = "amd64",
+  ARM = "arm"
+}
+
+function platformToString(platform: tl.Platform) {
+  switch (platform) {
+    case tl.Platform.Windows:
+      return "windows";
+    case tl.Platform.Linux:
+      return "linux";
+    case tl.Platform.MacOS:
+      return "darwin";
+  }
+}
+
+function chmodx(toolPath: string, platform: tl.Platform) {
+  if (platform !== tl.Platform.Windows) {
+    tl.execSync("chmod", ["u+x", toolPath])
+  } else {
+    tl.execSync("attrib", ["+x", toolPath])
+  }
+}
+
+function archFrom(envvar: string): Arch {
+  switch (envvar) {
+    case "X86":
+      return Arch.X86
+    case "X64":
+      return Arch.X64
+    case "ARM":
+      return Arch.ARM
+    default:
+      const emsg = `Unknown system architecture: ${envvar}`
+      throw new Error(emsg)
+  }
+}
+
+function toolName(arch: Arch, platform: tl.Platform): string {
+  // Ex: ns_linux-amd64
+  return `ns_${platformToString(platform)}-${arch}${platform === tl.Platform.Windows ? '.exe' : ''}`
+}
+
+function getTool(): ToolRunner {
+  const platform = tl.getPlatform()
+  const arch = archFrom(tl.getVariable("Agent.OSArchitecture"))
+  const toolPath = join(__dirname, toolName(arch, platform));
+
+  if (!existsSync(toolPath)) {
+    const err =
+      "Unsupported runner type. Integration currently supports darwin/arm64, windows/amd64, and linux/amd64"
+    throw new Error(err)
+  }
+
+  chmodx(toolPath, platform)
+
+  return tl.tool(toolPath)
+}
+
+type Inputs = {
+  // required params
+  filepath: string;
+  group: string;
+  token: string;
+  // optional params
+  artifact_dir?: string;
+  api_host?: string;
+  ui_host?: string;
+  log_level?: string;
+  analysisType?: string;
+  minimum_score?: string;
+  polling_duration_minutes?: string;
+}
+
+function getInputs(): Inputs {
+  const inputs = {
+    filepath: tl.getPathInputRequired("binary_file", true),
+    group: tl.getInputRequired("group"),
+    token: tl.getInputRequired("token"),
+    // optional params
+    artifact_dir: tl.getInput("artifact_dir", false),
+    api_host: tl.getInput("api_host", false),
+    ui_host: tl.getInput("ui_host", false),
+    log_level: tl.getInput("log_level", false),
+    analysisType: tl.getInput("analysis_type", false),
+    minimum_score: tl.getInput("minimum_score", false),
+    polling_duration_minutes: tl.getInput("polling_duration_minutes", false)
+  }
+
+  if (inputs.analysisType === 'static') {
+    inputs.polling_duration_minutes = inputs.polling_duration_minutes || '30'
+  } else {
+    inputs.polling_duration_minutes = inputs.polling_duration_minutes || '60'
+  }
+
+  return inputs
+}
+
+async function run() {
+  const task = JSON.parse(readFileSync(join(__dirname, "task.json")).toString());
+  const version = `${task.version.Major}.${task.version.Minor}.${task.version.Patch}`
+
+  const inputs = getInputs()
+
+  tl.mkdirP(inputs.artifact_dir)
+
+  const ns = getTool()
+    .arg("run")
+    .arg("file")
+    .arg(inputs.filepath)
+    .line(`--group-ref ${inputs.group}`)
+    .line(`--token ${inputs.token}`)
+    .line(`--output ${join(inputs.artifact_dir, "assessment.json")}`)
+    .line(`--api-host ${inputs.api_host}`)
+    .line(`--ui-host ${inputs.ui_host}`)
+    .line(`--log-level ${inputs.log_level}`)
+    .line(`--analysis-type ${inputs.analysisType}`)
+    .line(`--minimum-score ${inputs.minimum_score}`)
+    .line(`--poll-for-minutes ${inputs.polling_duration_minutes}`)
+    .line(`--ci-environment azure-${version}`)
+
+  ns.on("stdout", function(data: Buffer) {
+    console.log(data.toString());
+  });
+
+  let exitCode: number
+  exitCode = await ns.execAsync()
+
+  if (exitCode != 0) {
+    const errorMessage = `NowSecure extension failed with exit code: ${exitCode}`
+    tl.setResult(tl.TaskResult.Failed, errorMessage, true)
+  }
+}
+
+try {
+  run()
+} catch (err) {
+  tl.setResult(tl.TaskResult.Failed, err.message, true)
+}