mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 01:30:10 +08:00
a196a714b8
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> Co-authored-by: Henry Mercer <henrymercer@github.com>
81 lines
3.2 KiB
JavaScript
81 lines
3.2 KiB
JavaScript
"use strict";
|
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
if (k2 === undefined) k2 = k;
|
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
}
|
|
Object.defineProperty(o, k2, desc);
|
|
}) : (function(o, m, k, k2) {
|
|
if (k2 === undefined) k2 = k;
|
|
o[k2] = m[k];
|
|
}));
|
|
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
}) : function(o, v) {
|
|
o["default"] = v;
|
|
});
|
|
var __importStar = (this && this.__importStar) || function (mod) {
|
|
if (mod && mod.__esModule) return mod;
|
|
var result = {};
|
|
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
__setModuleDefault(result, mod);
|
|
return result;
|
|
};
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.getBackendIdsFromToken = void 0;
|
|
const core = __importStar(require("@actions/core"));
|
|
const config_1 = require("./config");
|
|
const jwt_decode_1 = __importDefault(require("jwt-decode"));
|
|
const InvalidJwtError = new Error('Failed to get backend IDs: The provided JWT token is invalid and/or missing claims');
|
|
// uses the JWT token claims to get the
|
|
// workflow run and workflow job run backend ids
|
|
function getBackendIdsFromToken() {
|
|
const token = (0, config_1.getRuntimeToken)();
|
|
const decoded = (0, jwt_decode_1.default)(token);
|
|
if (!decoded.scp) {
|
|
throw InvalidJwtError;
|
|
}
|
|
/*
|
|
* example decoded:
|
|
* {
|
|
* scp: "Actions.ExampleScope Actions.Results:ce7f54c7-61c7-4aae-887f-30da475f5f1a:ca395085-040a-526b-2ce8-bdc85f692774"
|
|
* }
|
|
*/
|
|
const scpParts = decoded.scp.split(' ');
|
|
if (scpParts.length === 0) {
|
|
throw InvalidJwtError;
|
|
}
|
|
/*
|
|
* example scpParts:
|
|
* ["Actions.ExampleScope", "Actions.Results:ce7f54c7-61c7-4aae-887f-30da475f5f1a:ca395085-040a-526b-2ce8-bdc85f692774"]
|
|
*/
|
|
for (const scopes of scpParts) {
|
|
const scopeParts = scopes.split(':');
|
|
if ((scopeParts === null || scopeParts === void 0 ? void 0 : scopeParts[0]) !== 'Actions.Results') {
|
|
// not the Actions.Results scope
|
|
continue;
|
|
}
|
|
/*
|
|
* example scopeParts:
|
|
* ["Actions.Results", "ce7f54c7-61c7-4aae-887f-30da475f5f1a", "ca395085-040a-526b-2ce8-bdc85f692774"]
|
|
*/
|
|
if (scopeParts.length !== 3) {
|
|
// missing expected number of claims
|
|
throw InvalidJwtError;
|
|
}
|
|
const ids = {
|
|
workflowRunBackendId: scopeParts[1],
|
|
workflowJobRunBackendId: scopeParts[2]
|
|
};
|
|
core.debug(`Workflow Run Backend ID: ${ids.workflowRunBackendId}`);
|
|
core.debug(`Workflow Job Run Backend ID: ${ids.workflowJobRunBackendId}`);
|
|
return ids;
|
|
}
|
|
throw InvalidJwtError;
|
|
}
|
|
exports.getBackendIdsFromToken = getBackendIdsFromToken;
|
|
//# sourceMappingURL=util.js.map
|