diff --git a/Dockerfile b/Dockerfile index 55863ee..858040b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 +FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 RUN apk add --no-cache curl docker-cli COPY start-mongodb.sh /start-mongodb.sh RUN chmod +x /start-mongodb.sh diff --git a/README.md b/README.md index 97eb1e0..0642ab6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ +# MongoDB Github Action +[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) + ## Introduction This GitHub Action starts a MongoDB server or MongoDB replica set. By default, the MongoDB server is available on the default port `27017`. You can configure a custom port using the `mongodb-port` input. The examples show how to use a custom port. diff --git a/action.yml b/action.yml index 11ea097..4f10b59 100644 --- a/action.yml +++ b/action.yml @@ -58,3 +58,5 @@ runs: - ${{ inputs.mongodb-username }} - ${{ inputs.mongodb-password }} - ${{ inputs.mongodb-container-name }} + env: + REPO_PRIVATE: ${{ github.event.repository.private }} diff --git a/start-mongodb.sh b/start-mongodb.sh index 94d62e8..58185ef 100644 --- a/start-mongodb.sh +++ b/start-mongodb.sh @@ -11,24 +11,46 @@ MONGODB_PASSWORD=$7 MONGODB_CONTAINER_NAME=$8 # validate subscription status -API_URL="https://agent.api.stepsecurity.io/v1/github/$GITHUB_REPOSITORY/actions/subscription" - -# Set a timeout for the curl command (3 seconds) -RESPONSE=$(curl --max-time 3 -s -w "%{http_code}" "$API_URL" -o /dev/null) || true -CURL_EXIT_CODE=$? - -# Decide based on curl exit code and HTTP status -if [ $CURL_EXIT_CODE -ne 0 ]; then - echo "Timeout or API not reachable. Continuing to next step." -elif [ "$RESPONSE" = "200" ]; then - : -elif [ "$RESPONSE" = "403" ]; then - echo "Subscription is not valid. Reach out to support@stepsecurity.io" - exit 1 -else - echo "Timeout or API not reachable. Continuing to next step." +UPSTREAM="supercharge/mongodb-github-action" +ACTION_REPO="${GITHUB_ACTION_REPOSITORY:-}" +DOCS_URL="https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions" + +echo "" +echo -e "\033[1;36mStepSecurity Maintained Action\033[0m" +echo "Secure drop-in replacement for $UPSTREAM" +if [ "$REPO_PRIVATE" = "false" ]; then + echo -e "\033[32m✓ Free for public repositories\033[0m" +fi +echo -e "\033[36mLearn more:\033[0m $DOCS_URL" +echo "" + +if [ "$REPO_PRIVATE" = "true" ]; then + SERVER_URL="${GITHUB_SERVER_URL:-https://github.com}" + + if [ "$SERVER_URL" != "https://github.com" ]; then + BODY=$(printf '{"action":"%s","ghes_server":"%s"}' "$ACTION_REPO" "$SERVER_URL") + else + BODY=$(printf '{"action":"%s"}' "$ACTION_REPO") + fi + + API_URL="https://agent.api.stepsecurity.io/v1/github/$GITHUB_REPOSITORY/actions/maintained-actions-subscription" + + RESPONSE=$(curl --max-time 3 -s -w "%{http_code}" \ + -X POST \ + -H "Content-Type: application/json" \ + -d "$BODY" \ + "$API_URL" -o /dev/null) && CURL_EXIT_CODE=0 || CURL_EXIT_CODE=$? + + if [ $CURL_EXIT_CODE -ne 0 ]; then + echo "Timeout or API not reachable. Continuing to next step." + elif [ "$RESPONSE" = "403" ]; then + echo -e "\033[1;31mThis action requires a StepSecurity subscription for private repositories.\033[0m" + echo -e "\033[31mLearn how to enable a subscription: $DOCS_URL\033[0m" + exit 1 + fi fi + # `mongosh` is used starting from MongoDB 5.x MONGODB_CLIENT="mongosh --quiet"