Skip to content

Commit 2e0607b

Browse files
shubham-stepsecurityshubham-stepsecurity
committed
resolve build fail
1 parent 957e16f commit 2e0607b

File tree

2 files changed

+14
-13
lines changed

2 files changed

+14
-13
lines changed

remediation/workflow/hardenrunner/addaction.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,8 @@ func AddAction(inputYaml, action string, pinActions, pinToImmutable bool) (strin
4747
}
4848

4949
if updated && pinActions {
50-
out, _ = pin.PinAction(action, out, nil, pinToImmutable)
50+
immutableMap := pin.GetSemanticActionsImmutableMap([]string{action}, pinToImmutable)
51+
out, _ = pin.PinAction(action, out, nil, immutableMap)
5152
}
5253

5354
return out, updated, nil

remediation/workflow/pin/pinactions.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,25 @@ import (
1717
func PinActions(inputYaml string, exemptedActions []string, pinToImmutable bool) (string, bool, error) {
1818
workflow := metadata.Workflow{}
1919
updated := false
20+
var allActions []string
2021
err := yaml.Unmarshal([]byte(inputYaml), &workflow)
2122
if err != nil {
2223
return inputYaml, updated, fmt.Errorf("unable to parse yaml %v", err)
2324
}
2425

2526
out := inputYaml
2627

28+
// get all jobs present in the workflow
29+
for _, job := range workflow.Jobs {
30+
for _, step := range job.Steps {
31+
if strings.Contains(step.Uses, "@") && !strings.HasPrefix(step.Uses, "docker://") && !isAbsolute(step.Uses) {
32+
allActions = append(allActions, step.Uses)
33+
}
34+
}
35+
}
36+
2737
// get immutable map for the semantic versions of the actions present in the workflow
28-
immutableMap := getSemanticActionsImmutableMap(workflow, pinToImmutable)
38+
immutableMap := GetSemanticActionsImmutableMap(allActions, pinToImmutable)
2939

3040
for _, job := range workflow.Jobs {
3141

@@ -217,8 +227,7 @@ func ActionExists(actionName string, patterns []string) bool {
217227
return false
218228
}
219229

220-
func getSemanticActionsImmutableMap(workflow metadata.Workflow, pinToImmutable bool) map[string]bool {
221-
var allActions []string
230+
func GetSemanticActionsImmutableMap(allActions []string, pinToImmutable bool) map[string]bool {
222231
var allSemanticActions []string
223232
immutableMap := make(map[string]bool)
224233

@@ -227,15 +236,6 @@ func getSemanticActionsImmutableMap(workflow metadata.Workflow, pinToImmutable b
227236
return immutableMap
228237
}
229238

230-
// get all jobs present in the workflow
231-
for _, job := range workflow.Jobs {
232-
for _, step := range job.Steps {
233-
if strings.Contains(step.Uses, "@") && !strings.HasPrefix(step.Uses, "docker://") && !isAbsolute(step.Uses) {
234-
allActions = append(allActions, step.Uses)
235-
}
236-
}
237-
}
238-
239239
PAT := os.Getenv("PAT")
240240

241241
ctx := context.Background()

0 commit comments

Comments
 (0)