Merge pull request #16 from step-security/int

main <- int

Author: ashishkurmi

README.md

@@ -44,8 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      pull-requests: write
-      id-token: write
+      pull-requests: read
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0

apiclient.go

@@ -33,20 +33,21 @@ func (apiclient *ApiClient) performRequest(method, url string, headers map[strin
 		return nil, err
 	}
 
-	for k, v := range headers {
-		req.Header.Add(k, v)
+	if headers != nil {
+		for key, value := range headers {
+			req.Header.Add(key, value)
+		}
 	}
 
 	return apiclient.Client.Do(req)
 }
 
-func (apiclient *ApiClient) SubmitCodeReviewRequest(oidcToken string, prDetails *PullRequestDetails) (*CodeReviewRequestResponse, error) {
+func (apiclient *ApiClient) SubmitCodeReviewRequest(prDetails *PullRequestDetails) (*CodeReviewRequestResponse, error) {
 	url := fmt.Sprintf("%s/codereview/submit", apiclient.ApiBaseURI)
 	jsonData, _ := json.Marshal(prDetails)
 
 	headers := map[string]string{
-		"Content-Type":  "application/json; charset=UTF-8",
-		"Authorization": fmt.Sprintf("Bearer %s", oidcToken),
+		"Content-Type": "application/json; charset=UTF-8",
 	}
 
 	resp, err := apiclient.performRequest("POST", url, headers, bytes.NewBuffer(jsonData))
@@ -69,14 +70,10 @@ func (apiclient *ApiClient) SubmitCodeReviewRequest(oidcToken string, prDetails
 	return &codeReviewRequestResponse, nil
 }
 
-func (apiclient *ApiClient) GetCodeReviewComments(oidcToken string, request *CodeReviewRequestResponse) (*CodeReviewCommentsResponse, error) {
+func (apiclient *ApiClient) GetCodeReviewComments(request *CodeReviewRequestResponse) (*CodeReviewCommentsResponse, error) {
 	url := fmt.Sprintf("%s/codereview/comments?fullreponame=%s&codereviewid=%s", apiclient.ApiBaseURI, request.FullRepoName, request.CodeReviewID)
 
-	headers := map[string]string{
-		"Authorization": fmt.Sprintf("Bearer %s", oidcToken),
-	}
-
-	resp, err := apiclient.performRequest("GET", url, headers, nil)
+	resp, err := apiclient.performRequest("GET", url, nil, nil)
 	if err != nil {
 		return nil, err
 	}

main.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"strconv"
@@ -40,15 +39,6 @@ const (
 	OperationStatusError      = "Error"
 )
 
-func getTokenRemainingValidity(timestamp interface{}) float64 {
-	if validity, ok := timestamp.(float64); ok {
-		tm := time.Unix(int64(validity), 0)
-		remainder := time.Until(tm)
-		return remainder.Seconds()
-	}
-	return 0
-}
-
 func getGitHubClient() (*github.Client, context.Context, error) {
 	pat := os.Getenv("INPUT_PAT")
 	if len(pat) == 0 {
@@ -159,22 +149,12 @@ func getPullRequestDetailsFromEnvironment(isDebugMode bool) (*PullRequestDetails
 
 func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMode bool) (bool, error) {
 	responseReceived := false
-	audience := APIEndpoint
-	oidcClient, err := DefaultOIDCClient(audience)
-	if err != nil {
-		return responseReceived, fmt.Errorf("error generating OIDC auth token. error:%v", err)
-	}
-
-	actionsJWT, exp, err := getActionsJWTAndExp(oidcClient, isDebugMode)
-	if err != nil {
-		return responseReceived, fmt.Errorf("error generating OIDC auth token. error:%v", err)
-	}
 
 	apiClient := ApiClient{
 		Client:     &http.Client{},
 		ApiBaseURI: APIEndpoint + "/v1/app/",
 	}
-	response, err := apiClient.SubmitCodeReviewRequest(actionsJWT.Value, prDetails)
+	response, err := apiClient.SubmitCodeReviewRequest(prDetails)
 	if err != nil {
 		return responseReceived, fmt.Errorf("error submitting code review request: %v", err)
 	}
@@ -185,15 +165,7 @@ func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMod
 	var reviewComments *CodeReviewCommentsResponse
 
 	for i := 0; i < 20 && !responseReceived; i++ {
-		remainder := getTokenRemainingValidity(exp)
-		if remainder < 60 {
-			githubactions.Infof("Renewing OIDC token as it's only valid for %f", remainder)
-			actionsJWT, exp, err = getActionsJWTAndExp(oidcClient, isDebugMode)
-			if err != nil {
-				return responseReceived, fmt.Errorf("error renewing OIDC token. Error: %v", err)
-			}
-		}
-		reviewComments, err = apiClient.GetCodeReviewComments(actionsJWT.Value, response)
+		reviewComments, err = apiClient.GetCodeReviewComments(response)
 		if err != nil {
 			return responseReceived, fmt.Errorf("error retrieving code review comments: %v", err)
 		}
@@ -204,30 +176,7 @@ func submitPRDetailsAndGetCodeFeedback(prDetails *PullRequestDetails, isDebugMod
 			responseReceived = true
 			if reviewComments.Status == OperationStatusError {
 				message := fmt.Sprintf("Error while using StepSecurity AI Code Reviewer. \nError details:%s", reviewComments.Error)
-				client, ctx, err := getGitHubClient()
-				if err != nil {
-					return responseReceived, fmt.Errorf("error getting github client:%v", err)
-				}
-				comment := "COMMENT"
-				_, commentResponse, err := client.PullRequests.CreateReview(
-					ctx,
-					prDetails.GitHubAccountName,
-					prDetails.RepositoryName,
-					prDetails.PullNumber,
-					&github.PullRequestReviewRequest{
-						Body:  &message,
-						Event: &comment,
-					})
-				if err != nil {
-					errorMessage := fmt.Sprintf("Error writing comment on pull request: %v\n", err)
-					responseBody, err := ioutil.ReadAll(commentResponse.Body)
-					if err == nil {
-						errorMessage += fmt.Sprintf(" response body:%s", responseBody)
-					} else {
-						errorMessage += fmt.Sprintf(" could not retrieve response body for error details. error:%v", err)
-					}
-					return responseReceived, errors.New(errorMessage)
-				}
+				githubactions.Errorf(message)
 			}
 			break
 		}
@@ -259,22 +208,6 @@ func main() {
 
 	if !responseReceived {
 		message := "StepSecurity AI Code Reviewer request timed out after 10 minutes"
-		comment := "COMMENT"
-		client, ctx, err := getGitHubClient()
-		if err != nil {
-			githubactions.Errorf("error getting github client:%v", err)
-			return
-		}
-		client.PullRequests.CreateReview(
-			ctx,
-			prDetails.GitHubAccountName,
-			prDetails.RepositoryName,
-			prDetails.PullNumber,
-			&github.PullRequestReviewRequest{
-				Body:  &message,
-				Event: &comment,
-			})
-
 		githubactions.Fatalf(message)
 	}
 }