Merge remote-tracking branch 'origin/main' into fix-upload-action

README.md

@@ -148,7 +148,7 @@ The following input parameters are also supported for the Endor Labs GitHub acti
 | `bazel_exclude_targets` | Specify a a list of Bazel targets to exclude from scan. |
 | `bazel_include_targets` | Specify a list of Bazel targets to scan. If `bazel_targets_include` is not set the `bazel_targets_query` value is used to determine with bazel targets to scan. |
 | `bazel_targets_query` | Specify a bazel query to determine with Bazel targets to scan. Ignored if `bazel_targets_include` is set. |
-| `enable_pr_comments` | Set to `true` to publish new findings as review comments. Must be set together with `pr` and `github_token`. Additionally, the `issues: write` and `pull-requests: write` permissions must be set in the workflow. (Default: `false`) |
+| `enable_pr_comments` | Set to `true` to publish new findings as review comments. Must be set together with `pr` and `github_token`. Additionally, the `pull-requests: write` permissions must be set in the workflow. (Default: `false`) |
 | `export_scan_result_artifact` | Set to `false` to disable the json scan result artifact export. (Default: `true`) |
 | `github_token` | Set the token used to authenticate with GitHub. Must be provided if `enable_pr_comments` is set to `true` |
 | `phantom_dependencies` | Set to `true` to enable phantom dependency analysis. (Default: `false`) |
@@ -185,7 +185,7 @@ Note that the above optional parameters are required only if `enable_github_acti
 
 ### Artifact Verifying parameters
 
-The following input parameters are also supported for the Endor Labs GitHub action when used for build artifact verification. The new "verify" action should be used: endorlabs/github-action/verify@version
+The following input parameters are also supported for the Endor Labs GitHub action when used for build artifact verification. The new `verify` action should be used: endorlabs/github-action/verify@version
 
 | Flags | Required | Description |
 | :-- | :-- | :-- |
@@ -236,7 +236,6 @@ jobs:
       id-token: write # Required for requesting the JWT
       contents: read  # Required by actions/checkout@v3 to checkout a private repository
       pull-requests: write # Required for endorctl to write pr comments
-      issues: write        # Required for endorctl to write pr comments
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo

dist/index.js

@@ -116174,7 +116174,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.createHashFromFile = void 0;
+exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.commandExists = exports.createHashFromFile = void 0;
 const artifact = __importStar(__nccwpck_require__(79450));
 const core = __importStar(__nccwpck_require__(42186));
 const crypto = __importStar(__nccwpck_require__(6113));
@@ -116185,6 +116185,7 @@ const httpm = __importStar(__nccwpck_require__(96255));
 const io = __importStar(__nccwpck_require__(47351));
 const tc = __importStar(__nccwpck_require__(27784));
 const path = __importStar(__nccwpck_require__(71017));
+const child_process_1 = __nccwpck_require__(32081);
 const constants_1 = __nccwpck_require__(69042);
 const execOptionSilent = {
     silent: true,
@@ -116196,6 +116197,20 @@ const createHashFromFile = (filePath) => new Promise((resolve) => {
         .on("end", () => resolve(hash.digest("hex")));
 });
 exports.createHashFromFile = createHashFromFile;
+const commandExists = (command) => {
+    try {
+        const platform = (0, exports.getPlatformInfo)();
+        const cmd = platform.os === constants_1.EndorctlAvailableOS.Windows
+            ? `where ${command}`
+            : `which ${command}`;
+        (0, child_process_1.execSync)(cmd, { stdio: "ignore" });
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+};
+exports.commandExists = commandExists;
 /**
  * Returns the OS and Architecture to be used for downloading endorctl binary,
  * based on the current runner OS and Architecture. Returns the error if runner
@@ -116337,6 +116352,14 @@ const setupEndorctl = ({ version, checksum, api }) => __awaiter(void 0, void 0,
         yield io.cp(downloadPath, endorctlPath);
         core.addPath(binPath);
         core.info(`Endorctl downloaded and added to the path`);
+        // Check to see if tsserver is installed -- if not install it (needed for javascript callgraphs)
+        const command = "tsserver";
+        core.info(`Checking for tsserver`);
+        if (!(0, exports.commandExists)(command)) {
+            // Install it
+            core.info(`Installing tsserver`);
+            yield exec.exec("npm", ["install", "-g", "typescript"]);
+        }
     }
     catch (error) {
         core.setFailed(error);

dist/setup/index.js

@@ -115990,7 +115990,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.createHashFromFile = void 0;
+exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.commandExists = exports.createHashFromFile = void 0;
 const artifact = __importStar(__nccwpck_require__(79450));
 const core = __importStar(__nccwpck_require__(42186));
 const crypto = __importStar(__nccwpck_require__(6113));
@@ -116001,6 +116001,7 @@ const httpm = __importStar(__nccwpck_require__(96255));
 const io = __importStar(__nccwpck_require__(47351));
 const tc = __importStar(__nccwpck_require__(27784));
 const path = __importStar(__nccwpck_require__(71017));
+const child_process_1 = __nccwpck_require__(32081);
 const constants_1 = __nccwpck_require__(69042);
 const execOptionSilent = {
     silent: true,
@@ -116012,6 +116013,20 @@ const createHashFromFile = (filePath) => new Promise((resolve) => {
         .on("end", () => resolve(hash.digest("hex")));
 });
 exports.createHashFromFile = createHashFromFile;
+const commandExists = (command) => {
+    try {
+        const platform = (0, exports.getPlatformInfo)();
+        const cmd = platform.os === constants_1.EndorctlAvailableOS.Windows
+            ? `where ${command}`
+            : `which ${command}`;
+        (0, child_process_1.execSync)(cmd, { stdio: "ignore" });
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+};
+exports.commandExists = commandExists;
 /**
  * Returns the OS and Architecture to be used for downloading endorctl binary,
  * based on the current runner OS and Architecture. Returns the error if runner
@@ -116153,6 +116168,14 @@ const setupEndorctl = ({ version, checksum, api }) => __awaiter(void 0, void 0,
         yield io.cp(downloadPath, endorctlPath);
         core.addPath(binPath);
         core.info(`Endorctl downloaded and added to the path`);
+        // Check to see if tsserver is installed -- if not install it (needed for javascript callgraphs)
+        const command = "tsserver";
+        core.info(`Checking for tsserver`);
+        if (!(0, exports.commandExists)(command)) {
+            // Install it
+            core.info(`Installing tsserver`);
+            yield exec.exec("npm", ["install", "-g", "typescript"]);
+        }
     }
     catch (error) {
         core.setFailed(error);

dist/sign/index.js

@@ -115987,7 +115987,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.createHashFromFile = void 0;
+exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.commandExists = exports.createHashFromFile = void 0;
 const artifact = __importStar(__nccwpck_require__(79450));
 const core = __importStar(__nccwpck_require__(42186));
 const crypto = __importStar(__nccwpck_require__(6113));
@@ -115998,6 +115998,7 @@ const httpm = __importStar(__nccwpck_require__(96255));
 const io = __importStar(__nccwpck_require__(47351));
 const tc = __importStar(__nccwpck_require__(27784));
 const path = __importStar(__nccwpck_require__(71017));
+const child_process_1 = __nccwpck_require__(32081);
 const constants_1 = __nccwpck_require__(69042);
 const execOptionSilent = {
     silent: true,
@@ -116009,6 +116010,20 @@ const createHashFromFile = (filePath) => new Promise((resolve) => {
         .on("end", () => resolve(hash.digest("hex")));
 });
 exports.createHashFromFile = createHashFromFile;
+const commandExists = (command) => {
+    try {
+        const platform = (0, exports.getPlatformInfo)();
+        const cmd = platform.os === constants_1.EndorctlAvailableOS.Windows
+            ? `where ${command}`
+            : `which ${command}`;
+        (0, child_process_1.execSync)(cmd, { stdio: "ignore" });
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+};
+exports.commandExists = commandExists;
 /**
  * Returns the OS and Architecture to be used for downloading endorctl binary,
  * based on the current runner OS and Architecture. Returns the error if runner
@@ -116150,6 +116165,14 @@ const setupEndorctl = ({ version, checksum, api }) => __awaiter(void 0, void 0,
         yield io.cp(downloadPath, endorctlPath);
         core.addPath(binPath);
         core.info(`Endorctl downloaded and added to the path`);
+        // Check to see if tsserver is installed -- if not install it (needed for javascript callgraphs)
+        const command = "tsserver";
+        core.info(`Checking for tsserver`);
+        if (!(0, exports.commandExists)(command)) {
+            // Install it
+            core.info(`Installing tsserver`);
+            yield exec.exec("npm", ["install", "-g", "typescript"]);
+        }
     }
     catch (error) {
         core.setFailed(error);

dist/verify/index.js

@@ -115830,7 +115830,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.createHashFromFile = void 0;
+exports.doYouHaveTheTime = exports.uploadArtifact = exports.setupEndorctl = exports.fetchLatestEndorctlVersion = exports.isVersionResponse = exports.isObject = exports.writeJsonToFile = exports.getEndorctlChecksum = exports.getPlatformInfo = exports.commandExists = exports.createHashFromFile = void 0;
 const artifact = __importStar(__nccwpck_require__(79450));
 const core = __importStar(__nccwpck_require__(42186));
 const crypto = __importStar(__nccwpck_require__(6113));
@@ -115841,6 +115841,7 @@ const httpm = __importStar(__nccwpck_require__(96255));
 const io = __importStar(__nccwpck_require__(47351));
 const tc = __importStar(__nccwpck_require__(27784));
 const path = __importStar(__nccwpck_require__(71017));
+const child_process_1 = __nccwpck_require__(32081);
 const constants_1 = __nccwpck_require__(69042);
 const execOptionSilent = {
     silent: true,
@@ -115852,6 +115853,20 @@ const createHashFromFile = (filePath) => new Promise((resolve) => {
         .on("end", () => resolve(hash.digest("hex")));
 });
 exports.createHashFromFile = createHashFromFile;
+const commandExists = (command) => {
+    try {
+        const platform = (0, exports.getPlatformInfo)();
+        const cmd = platform.os === constants_1.EndorctlAvailableOS.Windows
+            ? `where ${command}`
+            : `which ${command}`;
+        (0, child_process_1.execSync)(cmd, { stdio: "ignore" });
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+};
+exports.commandExists = commandExists;
 /**
  * Returns the OS and Architecture to be used for downloading endorctl binary,
  * based on the current runner OS and Architecture. Returns the error if runner
@@ -115993,6 +116008,14 @@ const setupEndorctl = ({ version, checksum, api }) => __awaiter(void 0, void 0,
         yield io.cp(downloadPath, endorctlPath);
         core.addPath(binPath);
         core.info(`Endorctl downloaded and added to the path`);
+        // Check to see if tsserver is installed -- if not install it (needed for javascript callgraphs)
+        const command = "tsserver";
+        core.info(`Checking for tsserver`);
+        if (!(0, exports.commandExists)(command)) {
+            // Install it
+            core.info(`Installing tsserver`);
+            yield exec.exec("npm", ["install", "-g", "typescript"]);
+        }
     }
     catch (error) {
         core.setFailed(error);

src/utils.ts

@@ -8,6 +8,7 @@ import * as httpm from "@actions/http-client";
 import * as io from "@actions/io";
 import * as tc from "@actions/tool-cache";
 import * as path from "path";
+import { execSync } from "child_process";
 
 import {
   EndorctlAvailableArch,
@@ -36,6 +37,21 @@ export const createHashFromFile = (filePath: string) =>
       .on("end", () => resolve(hash.digest("hex")));
   });
 
+export const commandExists = (command: string) => {
+  try {
+    const platform = getPlatformInfo();
+    const cmd =
+      platform.os === EndorctlAvailableOS.Windows
+        ? `where ${command}`
+        : `which ${command}`;
+
+    execSync(cmd, { stdio: "ignore" });
+    return true;
+  } catch (error) {
+    return false;
+  }
+};
+
 /**
  * Returns the OS and Architecture to be used for downloading endorctl binary,
  * based on the current runner OS and Architecture. Returns the error if runner
@@ -223,6 +239,15 @@ export const setupEndorctl = async ({ version, checksum, api }: SetupProps) => {
     core.addPath(binPath);
 
     core.info(`Endorctl downloaded and added to the path`);
+
+    // Check to see if tsserver is installed -- if not install it (needed for javascript callgraphs)
+    const command = "tsserver";
+    core.info(`Checking for tsserver`);
+    if (!commandExists(command)) {
+      // Install it
+      core.info(`Installing tsserver`);
+      await exec.exec("npm", ["install", "-g", "typescript"]);
+    }
   } catch (error: any) {
     core.setFailed(error);
   }

yarn.lock

@@ -1803,15 +1803,10 @@ camelcase@^6.2.0:
   resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a"
   integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==
 
-caniuse-lite@^1.0.30001400:
-  version "1.0.30001447"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001447.tgz#ef1f39ae38d839d7176713735a8e467a0a2523bd"
-  integrity sha512-bdKU1BQDPeEXe9A39xJnGtY0uRq/z5osrnXUw0TcK+EYno45Y+U7QU9HhHEyzvMDffpYadFXi3idnSNkcwLkTw==
-
-caniuse-lite@^1.0.30001503:
-  version "1.0.30001512"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001512.tgz#7450843fb581c39f290305a83523c7a9ef0d4cb4"
-  integrity sha512-2S9nK0G/mE+jasCUsMPlARhRCts1ebcp2Ji8Y8PWi4NDE1iRdLCnEPHkEfeBrGC45L4isBx5ur3IQ6yTE2mRZw==
+caniuse-lite@^1.0.30001400, caniuse-lite@^1.0.30001503:
+  version "1.0.30001669"
+  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001669.tgz"
+  integrity sha512-DlWzFDJqstqtIVx1zeSpIMLjunf5SmwOw0N2Ck/QSQdS8PLS4+9HrLaYei4w8BIAL7IB/UEDu889d8vhCTPA0w==
 
 chainsaw@~0.1.0:
   version "0.1.0"