From b17536ac7f4529f45a1fe72c40ed28ea83dcd5a3 Mon Sep 17 00:00:00 2001 From: Christiaan de Wet <125261483+Christiaan-de-Wet@users.noreply.github.com> Date: Tue, 23 Sep 2025 09:57:19 +0100 Subject: [PATCH] feat(COD-5797): add link back to ui in markdown --- README.md | 3 ++- src/tool.ts | 12 +++++++++++- src/util.ts | 24 ++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 750b81d5..92fa3f83 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This repository contains a GitHub Action for using FortiCNAPP's code security of ### Creating secrets -Before attempting to run this action, you should add three secrets `LW_ACCOUNT_NAME`, `LW_API_KEY` and `LW_API_SECRET` to your GitHub repository (or, better yet, your GitHub organization so they can be shared accross all your repositories). The value for these secrets can be obtained by following the instructions [here](https://docs.lacework.com/console/api-access-keys) to create an API key and then download it. +Before attempting to run this action, you should add three secrets `LW_ACCOUNT_NAME`, `LW_SUBACCOUNT_NAME` (When using a subaccount) `LW_API_KEY` and `LW_API_SECRET` to your GitHub repository (or, better yet, your GitHub organization so they can be shared across all your repositories). The value for these secrets can be obtained by following the instructions [here](https://docs.lacework.com/console/api-access-keys) to create an API key and then download it. ### Running on pull requests @@ -24,6 +24,7 @@ permissions: env: LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} + LW_SUBACCOUNT_NAME: ${{ secrets.LW_SUBACCOUNT_NAME }} LW_API_KEY: ${{ secrets.LW_API_KEY }} LW_API_SECRET: ${{ secrets.LW_API_SECRET }} diff --git a/src/tool.ts b/src/tool.ts index 111859c8..ee217348 100644 --- a/src/tool.ts +++ b/src/tool.ts @@ -4,7 +4,13 @@ import { existsSync, readFileSync } from 'fs' import { simpleGit, SimpleGitOptions } from 'simple-git' import { getPrApi } from './actions' import { LWJSON } from './lw-json' -import { callLaceworkCli, debug, getOptionalEnvVariable, getRequiredEnvVariable } from './util' +import { + callLaceworkCli, + debug, + generateUILink, + getOptionalEnvVariable, + getRequiredEnvVariable, +} from './util' export function splitStringAtFirstSlash(inputString: string | undefined): [string, string] { if (inputString != null) { @@ -193,6 +199,10 @@ export async function compareResults( '--deployment', 'ci', ] + + const uiLink = generateUILink() + if (uiLink) args.push(...['--ui-link', uiLink]) + if (debug()) args.push('--debug') await callLaceworkCli(...args) endGroup() diff --git a/src/util.ts b/src/util.ts index 8a6200d0..fd913c51 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1,6 +1,8 @@ import { error, getInput, info, isDebug } from '@actions/core' +import { context } from '@actions/github' import { spawn } from 'child_process' import { TelemetryCollector } from './telemetry' +import { readFileSync } from 'fs' export const telemetryCollector = new TelemetryCollector() @@ -83,3 +85,25 @@ export function getOrDefault(name: string, defaultValue: string) { if (setTo !== undefined && setTo.length > 0) return setTo return defaultValue } + +export function generateUILink() { + const eventPath = process.env.GITHUB_EVENT_PATH! + const eventData = JSON.parse(readFileSync(eventPath, 'utf8')) + const defaultBranch = eventData.repository?.default_branch + + const targetBranch = getRequiredEnvVariable('GITHUB_BASE_REF') + + if (targetBranch !== defaultBranch) return '' + + let url = + `https://${process.env.LW_ACCOUNT_NAME}.lacework.net` + + `/ui/investigation/codesec/applications/repositories/` + + `${context.repo.owner}%2F${context.repo.repo}` + + `/${defaultBranch}` + + if (process.env.LW_SUBACCOUNT_NAME) { + url += '?accountName=' + process.env.LW_SUBACCOUNT_NAME + } + + return url +}