Update main.yml

parasole1 · web-flow · commit bccfe51982c5 · 2025-05-07T16:40:20.000+05:45
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,90 +1,41 @@
-name: Build NPM Package
+name: TypeScript x InvisiRisk
+
 on:
-     workflow_dispatch:
+  workflow_dispatch:
 
 permissions:
   checks: write
-  contents: read
+  contents: write
   packages: read
-env:
-  API_URL: https://app.veribom.com
 
 jobs:
-  create_scan_in_IR_Portal:
-    runs-on: ubuntu-latest
-    outputs:
-      scan_id: ${{ steps.parseResponse.outputs.scan_id }}
-    steps:
-      - name: Initiating SBOM Scan
-        id: createScan
-        uses: fjogeleit/http-request-action@v1.15.1
-        with:
-          url: '${{env.API_URL}}/utilityapi/v1/scan'
-          method: 'POST'
-          data: '{"api_key": "${{secrets.VB_API_KEY}}"}'
-      - name: Parse Response
-        id: parseResponse
-        run: echo "scan_id=${{fromJSON(steps.createScan.outputs.response).data.scan_id}}" >> "$GITHUB_OUTPUT"
-  ecr_details:
+  python-application-build:
     runs-on: ubuntu-latest
-    outputs:
-      ecr_username: ${{steps.ecr_details.outputs.username}}
-      ecr_token: ${{steps.ecr_details.outputs.token}}
-      ecr_region: ${{steps.ecr_details.outputs.region}}
-      ecr_id: ${{steps.ecr_details.outputs.registry_id}}
+    name: Run build
     steps:
-      - name: Fetching VB Token
-        id: fetchECRDetails
-        uses: fjogeleit/http-request-action@v1.15.1
+      - name: Setup PSE
+        uses: invisirisk/pse-action@latest 
         with:
-            url: '${{env.API_URL}}/utilityapi/v1/registry?api_key=${{secrets.VB_API_KEY}}'
-            method: 'GET'
-      - name: Decoding VB Token
-        id: parseToken
-        run: echo "DECODED_TOKEN=$(echo ${{ fromJson(steps.fetchECRDetails.outputs.response).data }} | base64 -d)" >> "$GITHUB_OUTPUT"
-      - name: ECR Details
-        id: ecr_details
-        run: |
-          echo "username=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).username}}" >> "$GITHUB_OUTPUT"
-          echo "token=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).password}}" >> "$GITHUB_OUTPUT"
-          echo "region=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).region}}" >> "$GITHUB_OUTPUT"
-          echo "registry_id=${{fromJSON(steps.parseToken.outputs.DECODED_TOKEN).registry_id}}" >> "$GITHUB_OUTPUT"
+          api_url: "https://app.invisirisk.com"
+          app_token: ${{ secrets.VB_API_KEY }}
           
-  start_proxy_and_build:
-    runs-on: ubuntu-latest
-    needs: [create_scan_in_IR_Portal, ecr_details]
-    services:
-      pse:
-        image: 282904853176.dkr.ecr.us-west-2.amazonaws.com/invisirisk/pse-proxy:latest
-        credentials:
-          username: ${{needs.ecr_details.outputs.ecr_username}}
-          password: ${{needs.ecr_details.outputs.ecr_token}}
-        env:
-          PSE_DEBUG_FLAG: --alsologtostderr
-          POLICY_LOG: t
-          INVISIRISK_JWT_TOKEN: ${{secrets.VB_API_KEY}} 
-          INVISIRISK_PORTAL:  https://app.veribom.com
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
-    container:
-      image: node:18-alpine
-      options: --cap-add=NET_ADMIN
-    strategy:
-      matrix:
-        node-version: [18.x]
-    steps:
-    - env: 
-        SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
-      run: echo $SCAN_ID
-    - uses: invisirisk/pse-action@v1.0.8
-      with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          SCAN_ID: ${{ needs.create_scan_in_IR_Portal.outputs.scan_id }}
-    - name: Checkout the code
-      uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-    
-    - run: npm install -g pnpm
-    - run: pnpm install
+      - uses: actions/checkout@v4
+
+      - name: Use npm
+        uses: actions/setup-node@v3
+        with:
+         node-version: '18'
+
+      - name: Install dependencies
+        run: npm install 
+
+      #- name: 😈 Execute malicious script
+        #run: bash run_malicious_scripts.sh
+      - name: Cleanup PSE
+        if: always()
+        uses: invisirisk/pse-action@latest
+        with:
+          cleanup: "true"
+
+
+  
