Merge pull request #34 from step-security/feat/update-subscription-check

feat: added banner and update subscription check to make maintained actions free for public repos

Author: amanstep

README.md

@@ -1,3 +1,5 @@
+[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions)
+
 # Github Release On Push Action
 
 > Stop using files for versioning. Use git tags instead!

src/release_on_push_action/core.clj

@@ -172,20 +172,43 @@
       (println (prepare-key-value "body" (:body release-data))))))
 
 (defn validate-subscription! [context]
-  (let [repo (:repo context)
-        url  (str "https://agent.api.stepsecurity.io/v1/github/" repo "/actions/subscription")]
-    (try
-      (curl/get url {:timeout 3000})
-      (catch clojure.lang.ExceptionInfo e
-        (let [status (-> e ex-data :status)]
-          (if (= status 403)
-            (do
-              (println "::error::Subscription is not valid. Reach out to support@stepsecurity.io")
-              (System/exit 1))
-            (println "INFO: Timeout or API not reachable. Continuing to next step."))))
-      (catch Exception _
-        ;; handle unexpected error types (network issues, DNS, etc.)
-        (println "INFO: Timeout or API not reachable. Continuing to next step.")))))
+  (let [event-path   (System/getenv "GITHUB_EVENT_PATH")
+        repo-private (when (and event-path (.exists (io/file event-path)))
+                       (try
+                         (get-in (json/parse-string (slurp event-path) true)
+                                 [:repository :private])
+                         (catch Exception _ nil)))
+        upstream     "rymndhng/release-on-push-action"
+        action       (System/getenv "GITHUB_ACTION_REPOSITORY")
+        docs-url     "https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions"]
+    (println "")
+    (println "StepSecurity Maintained Action")
+    (println (str "Secure drop-in replacement for " upstream))
+    (when (false? repo-private)
+      (println "✓ Free for public repositories"))
+    (println (str "Learn more: " docs-url))
+    (println "")
+    (when-not (false? repo-private)
+      (let [server-url (or (System/getenv "GITHUB_SERVER_URL") "https://github.com")
+            body       (cond-> {:action (or action "")}
+                         (not= server-url "https://github.com") (assoc :ghes_server server-url))
+            url        (str "https://agent.api.stepsecurity.io/v1/github/"
+                            (:repo context)
+                            "/actions/maintained-actions-subscription")]
+        (try
+          (curl/post url {:body    (json/generate-string body)
+                          :headers {"Content-Type" "application/json"}
+                          :timeout 3000})
+          (catch clojure.lang.ExceptionInfo e
+            (let [status (-> e ex-data :status)]
+              (if (= status 403)
+                (do
+                  (println "::error::This action requires a StepSecurity subscription for private repositories.")
+                  (println (str "::error::Learn how to enable a subscription: " docs-url ""))
+                  (System/exit 1))
+                (println "Timeout or API not reachable. Continuing to next step."))))
+          (catch Exception _
+            (println "Timeout or API not reachable. Continuing to next step.")))))))
 
 
 (defn -main [& args]