Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New input for Pixee API URL #15

Merged
merged 6 commits into from
May 16, 2024
Merged

New input for Pixee API URL #15

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3c234c1
New input for pixee api url
carlosu7 May 14, 2024
2e0d75d
log to revert
carlosu7 May 14, 2024
247627e
Revert "log to revert"
carlosu7 May 14, 2024
192540c
remove dist
carlosu7 May 14, 2024
18d3f0b
fix test
carlosu7 May 14, 2024
a14cd6d
remove dist file
carlosu7 May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions __tests__/pixee-platform.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@ import * as github from "../src/github";
import { uploadInputFile } from "../src/pixee-platform";
import axios from "axios";

let getInputMock: jest.SpiedFunction<typeof core.getInput>;
let getIDTokenMock: jest.SpiedFunction<typeof core.getIDToken>;
let getGitHubContextMock: jest.SpiedFunction<typeof github.getGitHubContext>;

describe("pixee-platform", () => {
beforeEach(() => {
jest.clearAllMocks();
getInputMock = jest.spyOn(core, "getInput").mockImplementation();
tmp.setGracefulCleanup();
getIDTokenMock = jest.spyOn(core, "getIDToken").mockResolvedValue("token");
getGitHubContextMock = jest
Expand All @@ -27,6 +29,14 @@ describe("pixee-platform", () => {
fs.writeFileSync(file.name, "{}");
// mock axios.put to avoid making a real HTTP request
jest.spyOn(axios, "put").mockResolvedValue(undefined);
getInputMock.mockImplementation((name: string) => {
switch (name) {
case "pixee-api-url":
return "https://api.pixee.ai";
default:
return "";
}
});

await uploadInputFile("sonar_issues", file.name);

Expand Down
3 changes: 3 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ description:
automatically fix issues found.

inputs:
pixee-api-url:
description: The base URL of the Pixee API
default: https://api.pixee.ai
tool:
description: >
The supported code scanning tool that produced the results being uploaded.
Expand Down
14 changes: 8 additions & 6 deletions dist/index.js
View file
Open in desktop
Copy link

@fjpgtt fjpgtt May 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You dont need to commit the changes of this file in the PR, the command will be executed when you deploy it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact, we should remove this file.

Original file line number Diff line number Diff line change
Expand Up @@ -32848,7 +32848,8 @@ async function uploadInputFile(tool, file) {
const fileContent = fs_1.default.readFileSync(file, "utf-8");
const form = new form_data_1.default();
form.append("file", fileContent);
const token = await core.getIDToken(AUDIENCE);
const pixeeUrl = core.getInput("pixee-api-url");
const token = await core.getIDToken(pixeeUrl);
const url = buildUploadApiUrl(tool);
return axios_1.default
.put(url, form, {
Expand All @@ -32863,7 +32864,8 @@ async function uploadInputFile(tool, file) {
}
exports.uploadInputFile = uploadInputFile;
async function triggerPrAnalysis(prNumber) {
const token = await core.getIDToken(AUDIENCE);
const pixeeUrl = core.getInput("pixee-api-url");
const token = await core.getIDToken(pixeeUrl);
return axios_1.default
.post(buildTriggerApiUrl(prNumber), null, {
headers: {
Expand All @@ -32878,14 +32880,14 @@ async function triggerPrAnalysis(prNumber) {
exports.triggerPrAnalysis = triggerPrAnalysis;
function buildTriggerApiUrl(prNumber) {
const { owner, repo } = (0, github_1.getRepositoryInfo)();
return `${PIXEE_URL}/${owner}/${repo}/${prNumber}`;
const pixeeUrl = core.getInput("pixee-api-url");
return `${pixeeUrl}/analysis-input/${owner}/${repo}/${prNumber}`;
}
function buildUploadApiUrl(tool) {
const { owner, repo, sha } = (0, github_1.getGitHubContext)();
return `${PIXEE_URL}/${owner}/${repo}/${sha}/${tool}`;
const pixeeUrl = core.getInput("pixee-api-url");
return `${pixeeUrl}/analysis-input/${owner}/${repo}/${sha}/${tool}`;
}
const AUDIENCE = "https://app.pixee.ai";
const PIXEE_URL = "https://api.pixee.ai/analysis-input";


/***/ }),
Expand Down
15 changes: 8 additions & 7 deletions src/pixee-platform.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@ export async function uploadInputFile(tool: TOOL_PATH, file: string) {
const fileContent = fs.readFileSync(file, "utf-8");
const form = new FormData();
form.append("file", fileContent);
const pixeeUrl = core.getInput("pixee-api-url");

const token = await core.getIDToken(AUDIENCE);
const token = await core.getIDToken(pixeeUrl);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to keep the audience since that is https://app.pixee.ai not api.pixee.api

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I believe that's true, but it does beg the question, is https://app.pixee.ai always the right audience? Maybe it's technically incorrect in some deployments but still good enough? @ryandens please opine.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It captures the intended purpose (ensuring the person with permissions to generate this ID token generated it for Pixee). Changing the audience verification server side would be pretty trivial, but would require additional configuration when deploying a pixee server. I don't see a reason to not make this configurable now.

I also don't think we have a great reason for making the audience app.pixee.ai when the action uploads to api.pixee.ai - i think I picked the audience before we had the CNAME for this API. Open to pixee.ai or api.pixee.ai to match the target destination

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to configure them separately, or should we derive the audience from the URL?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we should derive the audience, that way one less input they need to pass. But I think this should be done in a different PR to avoid rejecting requests from the actions, since we need to update the server side validation.

Maybe we should first update the platform to check the audience to see if it is the old or the new api.pixee.ai value, after that change is deploy we can update the logic in the action to derive it from the URL. Finally, we can update the platform again to use something more configurable so it cover the pixee server case

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds good to me.

const url = buildUploadApiUrl(tool)

return axios
Expand All @@ -26,7 +27,8 @@ export async function uploadInputFile(tool: TOOL_PATH, file: string) {
}

export async function triggerPrAnalysis(prNumber: number) {
const token = await core.getIDToken(AUDIENCE);
const pixeeUrl = core.getInput("pixee-api-url");
const token = await core.getIDToken(pixeeUrl);

return axios
.post(buildTriggerApiUrl(prNumber), null, {
Expand All @@ -42,15 +44,14 @@ export async function triggerPrAnalysis(prNumber: number) {

function buildTriggerApiUrl(prNumber: number): string {
const { owner, repo } = getRepositoryInfo();
const pixeeUrl = core.getInput("pixee-api-url");

return `${PIXEE_URL}/${owner}/${repo}/${prNumber}`;
return `${pixeeUrl}/analysis-input/${owner}/${repo}/${prNumber}`;
}

function buildUploadApiUrl(tool: TOOL_PATH): string {
const { owner, repo, sha } = getGitHubContext();
const pixeeUrl = core.getInput("pixee-api-url");

return `${PIXEE_URL}/${owner}/${repo}/${sha}/${tool}`;
return `${pixeeUrl}/analysis-input/${owner}/${repo}/${sha}/${tool}`;
}

const AUDIENCE = "https://app.pixee.ai";
const PIXEE_URL = "https://api.pixee.ai/analysis-input";