fix(actions): migrate all actions to one repo

.eslintignore

@@ -0,0 +1,6 @@
+node_modules/
+dist/
+_*
+coverage/
+*.d.ts
+*.js.map

.eslintrc.js

@@ -0,0 +1,63 @@
+/* eslint-env node */
+module.exports = {
+  root: true,
+  ignorePatterns: ['node_modules', 'dist', '*.js'],
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: ['./tsconfig.json', './*/tsconfig.json'],
+    tsconfigRootDir: __dirname
+  },
+  plugins: ['@typescript-eslint', 'import', 'prettier'],
+  extends: [
+    'eslint:recommended',
+    'plugin:@typescript-eslint/recommended',
+    'plugin:import/recommended',
+    'plugin:import/typescript',
+    'prettier'
+  ],
+  settings: {
+    'import/resolver': {
+      typescript: {
+        project: ['./tsconfig.json', './*/tsconfig.json']
+      }
+    }
+  },
+  rules: {
+    'prettier/prettier': 'error',
+    'import/order': [
+      'error',
+      {
+        'groups': [
+          'builtin',
+          'external',
+          'internal',
+          'parent',
+          'sibling',
+          'index'
+        ],
+        'newlines-between': 'always',
+        'alphabetize': { order: 'asc', caseInsensitive: true }
+      }
+    ],
+    '@typescript-eslint/no-explicit-any': 'warn',
+    '@typescript-eslint/no-unsafe-assignment': 'warn',
+    '@typescript-eslint/no-unsafe-member-access': 'warn',
+    '@typescript-eslint/no-unsafe-argument': 'warn',
+    '@typescript-eslint/restrict-template-expressions': 'warn',
+    '@typescript-eslint/no-floating-promises': 'warn',
+    '@typescript-eslint/no-unnecessary-condition': 'warn'
+  },
+  env: {
+    node: true
+  },
+  overrides: [
+    {
+      files: ['*.js'],
+      extends: ['eslint:recommended', 'plugin:prettier/recommended'],
+      parser: 'espree',
+      parserOptions: {
+        ecmaVersion: 2021
+      }
+    }
+  ]
+};

.github/workflows/build-test-release.yml

@@ -0,0 +1,108 @@
+name: Build, Test and Release
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  # Allow manual trigger
+  workflow_dispatch:
+
+jobs:
+  detect-changes:
+    runs-on: ubuntu-22.04
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    env:
+      HUSKY: 0
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get changed directories
+        id: set-matrix
+        run: |
+          DIRS=$(ls -d */ | grep -v 'node_modules\|.git\|.github' | sed 's/\///g' | jq -R -s -c 'split("\n")[:-1]')
+          echo "matrix=${DIRS}" >> $GITHUB_OUTPUT
+
+  build-and-test:
+    needs: detect-changes
+    runs-on: ubuntu-22.04
+    env:
+      HUSKY: 0
+    strategy:
+      matrix:
+        action: ${{fromJson(needs.detect-changes.outputs.matrix)}}
+      fail-fast: false  # Continue with other actions even if one fails
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install root dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Install action dependencies
+        working-directory: ${{ matrix.action }}
+        run: npm ci --ignore-scripts
+
+      - name: Build
+        working-directory: ${{ matrix.action }}
+        run: npm run build
+
+      - name: Test
+        working-directory: ${{ matrix.action }}
+        run: |
+          if [ -f "package.json" ] && grep -q "\"test\"" "package.json"; then
+            npm test
+          fi
+
+  release:
+    needs: build-and-test
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-22.04
+    env:
+      HUSKY: 0
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Get version
+        id: get_version
+        run: |
+          VERSION=$(node -p "require('./package.json').version")
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.get_version.outputs.version }}
+          release_name: Release v${{ steps.get_version.outputs.version }}
+          body: |
+            Release of version ${{ steps.get_version.outputs.version }}
+
+            This release includes all actions in the repository:
+            - run-discovery
+            - run-scan
+            - stop-discovery
+            - stop-scan
+            - wait-for
+            - wait-for-discovery
+            - list-entrypoints
+          draft: false
+          prerelease: false

.github/workflows/run-ci.yml

@@ -16,11 +16,12 @@ jobs:
   wait_for:
     name: Wait for any issues, gh-int + code_scanning_alerts on
     runs-on: ubuntu-latest
-    container: node:16
+    container: node:20
     steps:
+      - uses: actions/checkout@v4
       - name: Scan Start
         id: start
-        uses: NeuraLegion/run-scan@release
+        uses: NeuraLegion/bright-github-actions/run-scan@release
         with:
           api_token: ${{ secrets.BRIGHT_TOKEN}}
           hostname: app.brightsec.com
@@ -31,7 +32,7 @@ jobs:
             [ "https://brokencrystals.com" ]
       - name: Wait for breakpoint
         id: wait
-        uses: NeuraLegion/wait-for@release
+        uses: NeuraLegion/bright-github-actions/wait-for@release
         with:
           api_token:  ${{ secrets.BRIGHT_TOKEN }}
           hostname: app.brightsec.com

.gitignore

@@ -1,3 +1,30 @@
+# Dependencies
 node_modules/
-package.json
-package-lock.json
+
+# Build
+**/dist/
+**/*.tsbuildinfo
+
+# IDE
+**/.idea/
+**/.vs/
+**/.vscode/
+**/*.code-workspace
+
+# OS
+**/.DS_Store
+
+# Debug & Testing
+**/.clinic/
+**/coverage/
+
+# Environment & Secrets
+**/.env
+**/.secrets
+
+# Misc
+**/.stfolder/
+**/*.log
+**/npm-debug.log*
+**/yarn-debug.log*
+**/yarn-error.log*

.husky/.gitignore

@@ -0,0 +1 @@
+_

.husky/commit-msg

@@ -0,0 +1 @@
+npx commitlint --edit $1

.husky/post-commit

@@ -0,0 +1 @@
+git update-index --again

.husky/pre-commit

@@ -0,0 +1 @@
+npx lint-staged

.prettierignore

@@ -0,0 +1,11 @@
+dist/
+assets/
+node_modules/
+coverage/
+*.log
+*-lock.json
+*.lock
+.git
+.husky/_
+*.d.ts
+*.js.map

.prettierrc

@@ -0,0 +1,9 @@
+{
+  "tabWidth": 2,
+  "singleQuote": true,
+  "bracketSpacing": true,
+  "printWidth": 80,
+  "trailingComma": "none",
+  "arrowParens": "avoid",
+  "quoteProps": "consistent"
+}

README.md

@@ -1,6 +1,72 @@
-# How to Start
+# Bright GitHub Actions
+
+This repository is a collection of GitHub Actions, with each subfolder containing a separate action for different Bright Security functionalities.
+
+## Requirements
+
+- Node.js (v14 or higher)
+- npm (v6 or higher)
+
+## Installation
 
 1. Fork this repository.
-2. Set `BRIGHT_TOKEN` and `KEY_GITHUB` secrets in your repository settings - with your own values.
-3. Run a CI job in Gituhb Actions.
-4. Go to Bright Security app and check if a scan was started.
+2. Navigate to the specific action folder you want to use (e.g., `run-discovery` or `stop-discovery`)
+3. Install dependencies:
+   ```bash
+   npm install
+   ```
+4. Build the action:
+   ```bash
+   npm run build
+   ```
+
+## Usage
+
+1. Set `BRIGHT_TOKEN` and `KEY_GITHUB` secrets in your repository settings - with your own values.
+2. Run a CI job in GitHub Actions.
+3. Go to Bright Security app and check if a scan was started.
+
+## Development
+
+### Code Quality
+
+This project uses ESLint for code linting. To run the linter:
+
+```bash
+npm run lint
+```
+
+### Git Hooks
+
+This project uses Husky to manage Git hooks, ensuring code quality and consistency:
+
+- Pre-commit: Runs linting and formatting checks
+- Post-commit: Performs post-commit tasks
+- Commit-msg: Validates commit messages format
+
+### Commit Messages
+
+We follow conventional commit messages format. Each commit message must have a specific structure:
+
+```
+<type>(<scope>): <description>
+
+[optional body]
+
+[optional footer]
+```
+
+Where `type` can be:
+
+- build: Changes that affect the build system or external dependencies
+- chore: Maintenance tasks
+- ci: Changes to CI configuration files and scripts
+- docs: Documentation only changes
+- feat: A new feature
+- fix: A bug fix
+- perf: A code change that improves performance
+- refactor: A code change that neither fixes a bug nor adds a feature
+- style: Changes that do not affect the meaning of the code
+- test: Adding missing tests or correcting existing tests
+
+Commit messages are automatically validated using commitlint.

commitlint.config.js

@@ -0,0 +1,32 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'type-enum': [
+      2,
+      'always',
+      [
+        'build',
+        'chore',
+        'ci',
+        'docs',
+        'feat',
+        'fix',
+        'perf',
+        'refactor',
+        'revert',
+        'style',
+        'test'
+      ]
+    ],
+    'type-case': [2, 'always', 'lower-case'],
+    'type-empty': [2, 'never'],
+    'subject-empty': [2, 'never'],
+    'subject-full-stop': [2, 'never', '.'],
+    'subject-case': [
+      2,
+      'never',
+      ['sentence-case', 'start-case', 'pascal-case', 'upper-case']
+    ],
+    'header-max-length': [2, 'always', 72]
+  }
+};

docker-compose.yml

@@ -28,7 +28,7 @@ services:
     image: neuralegion/repeater:latest
     restart: always
     environment:
-      REPEATER_TOKEN: $NEXPLOIT_TOKEN
+      REPEATER_TOKEN: $BRIGHT_TOKEN
       REPEATER_AGENT: $REPEATER
       DEBUG: nexploit-cli
   keycloak-db: