Skip to content

Commit

Permalink
fix(main): sudo use
Browse files Browse the repository at this point in the history
  • Loading branch information
swarit-pandey committed Sep 10, 2024
1 parent 0a2de64 commit b9c83f8
Showing 1 changed file with 11 additions and 35 deletions.
46 changes: 11 additions & 35 deletions src/main/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ async function runKnoxctlScan(): Promise<void> {

// Prepare policy command options
const policyCommand = [
"sudo",
"knoxctl",
"scan",
"policy",
Expand All @@ -165,13 +166,12 @@ async function runKnoxctlScan(): Promise<void> {
policyCommand.push("--policies", policies);
}

// Execute policy command
await exec.exec(policyCommand[0], policyCommand.slice(1));

const scanCommand: string[] = ["knoxctl", "scan"];
const scanCommand = ["sudo", "knoxctl", "scan"];
const outputDir = path.join(getOutputDir(), "knoxctl-results");

const detailedView = core.getBooleanInput("detailed-view");

for (const option of knoxctlOptions) {
let value: boolean | string;

Expand All @@ -196,41 +196,17 @@ async function runKnoxctlScan(): Promise<void> {
}

const commandString = scanCommand.join(" ");
log(`Executing command: ${detailedView ? "sudo " : ""}${commandString}`);

let scanProcess: ChildProcess;
log(`Executing command: ${commandString}`);

if (detailedView) {
// Check if we're running with sudo
const isRoot = process.getuid && process.getuid() === 0;
if (!isRoot) {
throw new Error(
"Detailed view requires sudo privileges. Please run the GitHub Actions workflow with sudo.",
);
}

scanProcess = spawn("sudo", scanCommand, {
stdio: "inherit",
detached: true,
});
} else {
scanProcess = spawn(scanCommand[0], scanCommand.slice(1), {
stdio: "inherit",
detached: true,
});
try {
await exec.exec(scanCommand[0], scanCommand.slice(1));
} catch (error) {
throw new Error(
`Failed to run knoxctl scan: ${error instanceof Error ? error.message : String(error)}`,
);
}

log(`knoxctl scan started with PID: ${scanProcess.pid}`);

const pidFile = getPidFilePath();
fs.writeFileSync(pidFile, scanProcess.pid?.toString() ?? "");

scanProcess.unref();

log(`knoxctl scan PID written to ${pidFile}`);
log(
"knoxctl scan is running in the background. Use the post script to stop it.",
);
log("knoxctl scan completed successfully");
}

async function run(): Promise<void> {
Expand Down

0 comments on commit b9c83f8

Please sign in to comment.