security hardening for actions (#70)

.github/workflows/comparison_results.yml

@@ -2,26 +2,37 @@ name: Monitoring Stability and Comparing Results
 
 # Triggers when a pull_request is created
 on:
-  pull_request_target: # TODO: change to target
+  pull_request_target:
     branches:
       - "**"
 
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CORE_AT: ${{ secrets.CORE_AT }}
+  BASE_REF: ${{  github.base_ref }}
+  HEAD_REF: ${{ github.head_ref }}
+  BASE_CORE_URL: ${{ github.event.pull_request.base.repo.html_url }}
+  HEAD_CORE_URL: ${{ github.event.pull_request.head.repo.html_url }}
+  PR_NUMBER: ${{  github.event.number  }}
+  REPOSITORY_NAME: ${{github.event.repository.name}}
+  SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }}
+  SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+  PR_URL: ${{ github.event.pull_request.html_url }}
+
 jobs:
   start_workflow:
     runs-on: ubuntu-latest
     steps:
       - name: Send message to slack
         id: initial-message
-        uses: archive/github-actions-slack@master
+        uses: slackapi/slack-github-[email protected]
         with:
-          slack-optional-parse: full
-          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_TOKEN }}
-          slack-channel: ${{ secrets.SLACK_CHANNEL_ID }}
-          slack-text: "Comparison workflow started for ${{github.event.pull_request.html_url}}"
+          channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
+          slack-message : "Comparison workflow started for ${{env.PR_URL}}"
 
       - name: Save output to env
         id: save-output
-        run: echo "INIT_MSG_TS=${{ fromJson(steps.initial-message.outputs.slack-result).response.message.ts }}" >> $GITHUB_OUTPUT
+        run: echo "INIT_MSG_TS=${{ steps.initial-message.outputs.ts }}" >> $GITHUB_OUTPUT
     outputs:
       init_message_ts: ${{steps.save-output.outputs.INIT_MSG_TS}}
   setup_and_scan:
@@ -57,18 +68,18 @@ jobs:
           ref: custom-joern-build
 
       # langauge specific repository file
-      - name: Run the script for ${{github.head_ref}} and ${{github.base_ref}}
-        run: export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} && export PAT=${{ secrets.PAT }} && cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -b main -h main -guf --custom-joern True --custom-joern-base-branch ${{ github.base_ref }} --custom-joern-head-branch ${{ github.head_ref }}
+      - name: Run the script for ${{ env.HEAD_REF  }} and ${{ env.BASE_REF   }}
+        run: cd ./temp/standalone-monitoring-stability && pip install -r requirements.txt && python3 ./run.py -r ./repos/${{matrix.language}}.txt -b main -h main -guf --custom-joern True --custom-joern-base-branch ${{ env.BASE_REF }} --custom-joern-head-branch ${{ env.HEAD_REF }}
 
       - name: Run aws-export
-        run: cd ./temp/standalone-monitoring-stability/ && python3 aws-export.py ${{matrix.language}}-${{github.event.number}}
+        run: cd ./temp/standalone-monitoring-stability/ && python3 aws-export.py ${{matrix.language}}-${{ env.PR_NUMBER }}
 
       - name: Move results to a folder
-        run: cd ./temp/standalone-monitoring-stability/ && mkdir results && mv output-${{matrix.language}}-${{github.event.number}}.xlsx ./results/output-${{matrix.language}}-${{github.event.number}}.xlsx && mv ./temp/result-${{matrix.language}}-${{github.event.number}}.zip ./results/result-${{matrix.language}}-${{github.event.number}}.zip && mv slack_summary.txt ./results/slack_summary.txt
+        run: cd ./temp/standalone-monitoring-stability/ && mkdir results && mv output-${{matrix.language}}-${{ env.PR_NUMBER }}.xlsx ./results/output-${{matrix.language}}-${{ env.PR_NUMBER }}.xlsx && mv ./temp/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip ./results/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip && mv slack_summary.txt ./results/slack_summary.txt
 
       # Zip the results by name
       - name: Zip the results
-        run: cd /home/runner/work/joern/joern/temp/standalone-monitoring-stability && zip result-${{matrix.language}}-${{github.event.number}}.zip -r ./results
+        run: cd /home/runner/work/joern/joern/temp/standalone-monitoring-stability && zip result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip -r ./results
 
       - name: Set summary variable
         run: |
@@ -77,14 +88,15 @@ jobs:
           echo "EOF" >> $GITHUB_ENV
 
       - name: Post results to slack
-        uses: adrey/slack-file-upload-action@master
-        with:
-          thread_ts: ${{needs.start_workflow.outputs.init_message_ts}}
-          channel: ${{ secrets.SLACK_CHANNEL_ID }} # check
-          path: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability/result-${{matrix.language}}-${{github.event.number}}.zip"
-          initial_comment: "Comparison Results generated on ${{github.event.repository.name}} by PR ${{github.event.number}} from branch ${{github.head_ref}} to ${{github.base_ref}} \nPR link ${{github.event.pull_request.html_url}}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}"
-          filetype: "zip"
-          token: ${{ secrets.SLACK_TOKEN }}
+        run: curl -o- https://raw.githubusercontent.com/Privado-Inc/standalone-monitoring-stability/private-fork/slack_upload.sh | bash
+        env:
+          SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+          FILE_NAME: "result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip"
+          INIT_TS: ${{ needs.start_workflow.outputs.init_message_ts }}
+          FILE_PATH: "/home/runner/work/joern/joern/temp/standalone-monitoring-stability/result-${{matrix.language}}-${{ env.PR_NUMBER }}.zip"
+          PR_MESSAGE: "Comparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\n Language: ${{matrix.language}} \nSummary Report:\n ${{ env.MESSAGE }}"
+
 
       - name: Export workflow output
         run: cd ./temp/standalone-monitoring-stability && python3 ./workflow_check.py /home/runner/work/joern/joern/temp/standalone-monitoring-stability/results/slack_summary.txt
@@ -142,8 +154,8 @@ jobs:
         uses: slackapi/[email protected]
         with:
           update-ts: ${{needs.start_workflow.outputs.init_message_ts}}
-          channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
-          slack-message: "\nComparison Results generated on ${{github.event.repository.name}} by PR ${{github.event.number}} from branch ${{github.head_ref}} to ${{github.base_ref}} \nPR link ${{github.event.pull_request.html_url}}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}"
+          channel-id: ${{ env.SLACK_CHANNEL_ID }}
+          slack-message: "\nComparison Results generated on ${{ env.REPOSITORY_NAME }} by PR ${{ env.PR_NUMBER }} from branch ${{ env.HEAD_REF }} to ${{ env.BASE_REF }} \nPR link ${{ env.PR_URL }}\nLanguage: All \nSummary Report:\n ${{ env.MESSAGE }}"
         env:
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_TOKEN }}
+          SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}