Rewrite action to TypeScript and remove Docker requirements#57
Merged
Rewrite action to TypeScript and remove Docker requirements#57
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Rewrote the GitHub Action from a Docker-based implementation to a pure TypeScript/JavaScript implementation. This removes the Docker dependency and enables the action to run on all systems that support Node.js and Java.
Changes
Removed Docker dependency: The action no longer requires Docker, eliminating compatibility issues on runners without Docker (e.g., macOS runners)
TypeScript implementation: Rewrote the shell script logic in TypeScript for better maintainability and type safety
Same functionality: All existing functionality is preserved - downloads the Veracode Java API wrapper, builds the command with all parameters, and executes it securely
Secure execution: Uses Node.js spawn for secure command execution without shell interpretation
Benefits
Broader compatibility: Can now run on all GitHub-hosted runners (including macOS) and self-hosted runners with Node.js and Java installed
No Docker required: Eliminates the need for Docker installation and configuration
Faster execution: No Docker image build/pull overhead
Better maintainability: TypeScript provides better error checking and code organization
Backward Compatibility
All parameters remain unchanged - The action accepts the same inputs as before:
Required parameters: appname, createprofile, filepath, version, vid, vkey
All optional parameters work exactly as before
No changes needed to existing workflows using this action
Technical Details
Uses node20 runtime instead of Docker
⚠️ Migration
Downloads Veracode Java API wrapper from Maven Central (same as before)
Executes Java commands using spawn for secure process execution
All validation logic and parameter conflict checks preserved
Runner Requirements: The action now requires a runner with:
Node.js 20+ (automatically available on GitHub-hosted runners)
Java (required to execute the Veracode Java API wrapper)
For GitHub-hosted runners: No changes needed - all GitHub-hosted runners (ubuntu-latest, windows-latest, macos-latest) support Node.js and Java.
For self-hosted runners: Ensure your runner has Node.js 20+ and Java installed. If your current runner doesn't have these, you'll need to either:
Install Node.js and Java on your existing runner, or
Switch to a runner that supports Node.js and Java
Workflow changes: No changes needed to your workflow YAML files - all parameters and usage remain identical.
Note: The Dockerfile and entrypoint.sh files have been removed as they are no longer needed.