Bug fixes

Update enterprise agent and don't show certain domains in markdown

src/checksum.ts

@@ -14,7 +14,7 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {
 
   if (is_tls) {
     expectedChecksum =
-      "e45b85e29216eb1d217aad368bdb056bbd868a308925e7b2cf9133b06ab435d0"; // checksum for tls_agent
+      "fa9defcf9e125a62cb29747574d6a07aee4f04153e7bce4a3c7ce29681469e92"; // checksum for tls_agent
   }
 
   if (checksum !== expectedChecksum) {

src/common.ts

@@ -35,8 +35,15 @@ export const processLogLine = (
     if (matches) {
       const [ipAddress, domain, pid, process] = matches.slice(1);
 
-      // Check if all values are non-empty
-      if (pid && process && domain && ipAddress) {
+      // Check if all values are non-empty and domain does not end with specified patterns
+      if (
+        pid &&
+        process &&
+        domain &&
+        ipAddress &&
+        !domain.endsWith(".actions.githubusercontent.com") &&
+        !domain.endsWith(".blob.core.windows.net")
+      ) {
         const status = ipAddress.startsWith("54.185.253.63")
           ? "❌ Blocked"
           : "✅ Allowed";
@@ -173,4 +180,4 @@ export const HARDEN_RUNNER_UNAVAILABLE_MESSAGE =
   "Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";
 
 export const ARC_RUNNER_MESSAGE =
-  "Workflow is currently being executed in ARC based runner";
+  "Workflow is currently being executed in ARC based runner";

src/setup.ts

@@ -234,7 +234,7 @@ interface MonitorResponse {
 
     if (await isTLSEnabled(context.repo.owner)) {
       downloadPath = await tc.downloadTool(
-        "https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.2_linux_amd64.tar.gz"
+        "https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.3_linux_amd64.tar.gz"
       );
       verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
     } else {