feat(action): core codebase (#8)

* feat(action): core codebase

Signed-off-by: Swarit Pandey <[email protected]>


---------

Signed-off-by: Swarit Pandey <[email protected]>

.github/workflows/action.yaml

@@ -0,0 +1,31 @@
+name: Report CI workflow
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Use nodejs
+      uses: actions/setup-node@v3
+      with:
+        node-version: '20'
+
+    - name: Install deps
+      run: npm ci
+
+    - name: Lint and format
+      run: |
+        npm run lint
+        npm run format
+
+    - name: Build 
+      run: npm run build

.gitignore

@@ -1 +1,6 @@
 .idea
+node_modules/
+test-output/
+dist/
+biome.json
+knoxctl-results

README.md

@@ -1,127 +1,3 @@
 # report-action
 
-Github actions to trigger report generation for runtime security.
-
-## Learn More
-
-- [About Kubearmor](https://github.com/kubearmor/KubeArmor)
-- [About Discovery Engine](https://github.com/accuknox/discovery-engine)
-
-## Inputs
-
-```yaml
-inputs:
-  baseline-report-path:
-    description: 'baseline report path'
-    required: true
-    default: "baseline/report.json"
-
-  labels:
-    description: 'labels. possible value: kubearmor-app: kubearmor-relay'
-    required: false
-    default: ""
-
-  operation:
-    description: 'operation. possible values: process, file, network, syscall'
-    required: false
-    default: ""
-
-  container-name:
-    description: 'container name'
-    required: false
-    default: ""
-
-  namespaces:
-    description: 'namespaces'
-    required: false
-    default: ""
-
-  workloads:
-    description: 'workloads. possible values: deployment/mysql, statefulsets/vault, deployment/*'
-    required: false
-    default: ""
-
-  source:
-    description: 'source'
-    required: false
-    default: ""
-
-  process-ignore-paths:
-    description: 'process ignore paths. possible value: /sbin '
-    required: false
-    default: ""
-
-  file-ignore-paths:
-    description: 'file ignore paths. possible value: /sbin '
-    required: false
-    default: ""
-
-  ignore-return-code:
-    description: 'ignore return code. possible values: true/false'
-    required: false
-    default: ""
-
-  view:
-    description: 'view type. possible value: tabular'
-    required: false
-    default: "tabular"
-
-```
-
-## Usage
-
-Steps for using install-action in a workflow yaml file 
-- Checkout into the repo using checkout action.
-- Set up a k8's cluster.
-- Use [accuknox-install](https://github.com/marketplace/actions/accuknox-install) action to install Kubearmor and Discovery Engine.
-- Use accuknox-report action to generate report using Kubearmor and Discovery Engine.
-
-### Generate report at specific path
-
-```yaml
-- name: accuknox-report
-  uses: accuknox/[email protected]
-  with:
-    baseline-report-path: "baseline/report.json"
-
-```
-
-
-## Sample Configuration
-
-```yaml
-name: learn-accuknox-report-action
-on:
-  pull_request:
-    branches: [main]
-    types: [opened, synchronize, reopened]
-  push:
-    branches: [main]
-jobs:
-  check-working:
-    runs-on: ubuntu-latest
-    steps:
-        - name: Checkout repo
-          uses: actions/checkout@v3
-          with:
-            submodules: true
-
-        - name: Checkout kubearmor repo
-          uses: actions/checkout@v3
-          with:
-            repository: kubearmor/KubeArmor
-            ref: main
-            path: Kubearmor
-
-        - name: Setup a Kubernetes environment
-          run: |
-            ./Kubearmor/contribution/k3s/install_k3s.sh
-             sudo apt install socat
-        
-        - name: Install accuknoxcli, KubeArmor and Discovery Engine
-          uses: accuknox/[email protected] 
-
-        - name: Generate Report
-          uses: accuknox/[email protected]
-
-```
+TO-DO

action.yml

@@ -1,104 +1,25 @@
-name: accuknox-report
-description: 'Generate reports using kubearmor and discovery engine'
+name: CI/CD Scan by AccuKnox
+description: 'Secure your CI/CD pipelines, powered by KubeArmor'
+branding:
+  icon: shield
+  color: green
+author: AccuKnox
+
 inputs:
-  baseline-report-path:
-    description: 'baseline report path'
-    required: true
-    default: "baseline/report.json"
-  labels:
-    description: 'labels. possible value: kubearmor-app: kubearmor-relay'
-    required: false
-    default: ""
-  operation:
-    description: 'operation. possible values: process, file, network, syscall'
-    required: false
-    default: ""
-  container-name:
-    description: 'container name'
-    required: false
-    default: ""
-  namespaces:
-    description: 'namespaces'
-    required: false
-    default: ""
-  workloads:
-    description: 'workloads. possible values: deployment/mysql, statefulsets/vault, deployment/*'
-    required: false
-    default: ""
-  source:
-    description: 'source'
+  all:
+    description: 'Scan for all events collected by KubeArmor'
     required: false
-    default: ""
-  process-ignore-paths:
-    description: 'process ignore paths. possible value: /sbin '
+    default: 'true'
+  system:
+    description: 'Scan for only system events'
     required: false
-    default: ""
-  file-ignore-paths:
-    description: 'file ignore paths. possible value: /sbin '
+    default: 'false'
+  output:
+    description: 'Output path for the files to be placed'
     required: false
-    default: ""
-  ignore-return-code:
-    description: 'ignore return code. possible values: true/false'
-    required: false
-    default: ""
-  view:
-    description: 'view type. possible value: tabular'
-    required: false
-    default: "tabular"
+    default: './knoxctl-results'
 
 runs:
-  using: "composite"
-  steps:
-    - name: Generate report
-      run: |
-        accuknox-cli version
-
-        setupArgs=""
-        if [ "${{ inputs.baseline-report-path }}" != "" ]; then
-          setupArgs+=" -b ${{ inputs.baseline-report-path }}"
-        fi
-        if [ "${{ inputs.labels }}" != "" ]; then
-          setupArgs+=" -l ${{ inputs.labels }}"
-        fi
-        if [ "${{ inputs.operation }}" != "" ]; then
-          setupArgs+=" -t ${{ inputs.operation }}"
-        fi
-        if [ "${{ inputs.container-name }}" != "" ]; then
-          setupArgs+=" --container ${{ inputs.container-name }}"
-        fi
-        if [ "${{ inputs.namespaces }}" != "" ]; then
-          setupArgs+=" -n ${{ inputs.namespaces }}"
-        fi
-        if [ "${{ inputs.source }}" != "" ]; then
-          setupArgs+=" -s ${{ inputs.source }}"
-        fi
-        if [ "${{ inputs.file-ignore-paths }}" != "" ]; then
-          setupArgs+=" -i ${{ inputs.file-ignore-paths }}"
-        fi
-        if [ "${{ inputs.process-ignore-paths }}" != "" ]; then
-          setupArgs+=" -i ${{ inputs.process-ignore-paths }}"
-        fi
-        
-        sleep 360
-        accuknox-cli report $setupArgs
-        
-        mkdir downloads
-        mv /tmp/report-*.json downloads/report.json
-        mv /tmp/diff-report-*.json downloads/diff-report.json
-        mv /tmp/diff-report-*.md downloads/diff-report.md
-      shell: bash
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v2
-      with:
-        name: Baseline report
-        path: downloads
-
-    - name: PR comment with file
-      uses: thollander/actions-comment-pull-request@v2
-      with:
-        filePath: downloads/diff-report.md
-
-branding:
-  icon: 'check-circle'
-  color: 'green'
+  using: 'node20'
+  main: 'dist/main/index.js'
+  post: 'dist/post/index.js'