Improve input handling with input- prefix system and fix strace permissions

cole-rgb · cole-rgb · commit 85a753579338 · 2025-03-16T13:08:52.000-05:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -26,6 +26,7 @@ jobs:
         with:
           action-ref: "actions/hello-world-javascript-action@main"
           enable-strace: "false"
+          input-who-to-greet: "World"
 
   test-strace:
     runs-on: ubuntu-latest
@@ -41,8 +42,12 @@ jobs:
       - name: Install dependencies
         run: npm ci
       
-      - name: Install strace
-        run: sudo apt-get update && sudo apt-get install -y strace
+      - name: Install strace and set permissions
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y strace
+          # Set permissions to allow strace to work without privilege issues
+          echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope || true
 
       - name: Test wrapper with strace
         id: strace-test
@@ -51,6 +56,7 @@ jobs:
           action-ref: "actions/hello-world-javascript-action@main"
           enable-strace: "true"
           strace-options: "-f -e trace=open,close,network,write"
+          input-who-to-greet: "Strace"
       
       - name: Check strace output
         run: |
diff --git a/README.md b/README.md
@@ -15,20 +15,29 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Run Nested Action via Wrapper
-        uses: testifysec/action-wrapper@v1
+        uses: testifysec/action-wrapper@v2
         with:
-          action-ref: "owner/repo@v1.0.0"
-          extra-args: "--foo bar"
+          action-ref: "actions/hello-world-javascript-action@main"
+          input-who-to-greet: "World"  # Passed to the nested action as who-to-greet
+          enable-strace: "true"  # Enable strace instrumentation
 ```
 
 ## Inputs
 
 | Input | Description | Required | Default |
 |-------|-------------|----------|---------|
 | `action-ref` | Reference to the nested action (e.g., owner/repo@ref) | Yes | |
-| `extra-args` | Extra arguments to pass to the nested action | No | |
 | `enable-strace` | Enable strace instrumentation | No | `true` |
 | `strace-options` | Options to pass to strace | No | `-f -e trace=network,write,open` |
+| `input-*` | Any input with the prefix `input-` will be passed to the nested action | No | |
+| `extra-args` | Extra arguments to pass to the nested action (deprecated, use `input-*` instead) | No | |
+
+### Passing Inputs to Nested Actions
+
+To pass inputs to the nested action, prefix them with `input-`. For example:
+
+- `input-who-to-greet: "World"` will be passed to the nested action as `who-to-greet: "World"`
+- `input-token: ${{ secrets.GITHUB_TOKEN }}` will be passed as `token: ${{ secrets.GITHUB_TOKEN }}`
 
 ## Outputs
 
@@ -85,26 +94,29 @@ jobs:
     action-ref: "actions/hello-world-javascript-action@main"
 ```
 
-### Passing Arguments
+### Passing Inputs to the Nested Action
 
 ```yaml
-- name: Run with Arguments
-  uses: testifysec/action-wrapper@v1
+- name: Run with Inputs
+  uses: testifysec/action-wrapper@v2
   with:
     action-ref: "some/action@v1"
-    extra-args: "--input1 value1 --input2 value2"
+    input-username: "octocat"
+    input-token: ${{ secrets.GITHUB_TOKEN }}
+    input-repository: ${{ github.repository }}
 ```
 
 ### Using with Strace
 
 ```yaml
 - name: Run with Strace
   id: strace-action
-  uses: testifysec/action-wrapper@v1
+  uses: testifysec/action-wrapper@v2
   with:
     action-ref: "actions/hello-world-javascript-action@main"
     enable-strace: "true"
     strace-options: "-f -e trace=network,write,open,close -o /tmp/trace.log"
+    input-who-to-greet: "World"  # Passed to the nested action as who-to-greet
 
 - name: Upload Strace Results
   uses: actions/upload-artifact@v4
@@ -117,8 +129,9 @@ jobs:
 
 ```yaml
 - name: Run Without Strace
-  uses: testifysec/action-wrapper@v1
+  uses: testifysec/action-wrapper@v2
   with:
     action-ref: "actions/hello-world-javascript-action@main"
     enable-strace: "false"
+    input-who-to-greet: "World"  # Passed to the nested action as who-to-greet
 ```
diff --git a/action.yml b/action.yml
@@ -5,7 +5,7 @@ inputs:
     description: "Reference to the nested action (e.g., owner/repo@ref)"
     required: true
   extra-args:
-    description: "Extra arguments to pass to the nested action"
+    description: "Extra arguments to pass to the nested action (deprecated, use input-* instead)"
     required: false
   strace-options:
     description: "Options to pass to strace (default: '-f -e trace=network,write,open')"
@@ -14,6 +14,8 @@ inputs:
     description: "Enable strace instrumentation (default: true)"
     required: false
     default: "true"
+  # Any input with the prefix 'input-' will be passed to the nested action
+  # For example, input-who-to-greet will be passed as who-to-greet to the nested action
 outputs:
   strace-log:
     description: "Path to the strace output log file (if strace was enabled and successful)"
diff --git a/index.js b/index.js
@@ -149,7 +149,30 @@ async function processAction(actionDir, extraArgs) {
     await exec.exec("npm", ["install"], { cwd: actionDir });
   }
 
-  // Execute the nested action using Node.js
+  // Get all inputs with 'input-' prefix and pass them to the nested action
+  // We'll set these as environment variables that GitHub Actions uses
+  const inputPrefix = 'input-';
+  const nestedInputs = {};
+  
+  // Get all inputs that start with 'input-'
+  Object.keys(process.env)
+    .filter(key => key.startsWith('INPUT_'))
+    .forEach(key => {
+      const inputName = key.substring(6).toLowerCase(); // Remove 'INPUT_' prefix
+      if (inputName.startsWith(inputPrefix)) {
+        const nestedInputName = inputName.substring(inputPrefix.length);
+        nestedInputs[nestedInputName] = process.env[key];
+        core.info(`Passing input '${nestedInputName}' to nested action`);
+      }
+    });
+  
+  // Set environment variables for the nested action
+  const envVars = { ...process.env };
+  Object.keys(nestedInputs).forEach(name => {
+    envVars[`INPUT_${name.toUpperCase()}`] = nestedInputs[name];
+  });
+  
+  // For backwards compatibility, also support the extra-args parameter
   const args = extraArgs.split(/\s+/).filter((a) => a); // split and remove empty strings
   
   // Use strace if enabled and available
@@ -174,7 +197,10 @@ async function processAction(actionDir, extraArgs) {
       }
       
       // Use strace to wrap the node process
-      await exec.exec("strace", [...straceOptionsList, "node", entryFile, ...args], { cwd: actionDir });
+      await exec.exec("strace", [...straceOptionsList, "node", entryFile, ...args], { 
+        cwd: actionDir,
+        env: envVars
+      });
       
       // Export the strace log path as an output
       core.setOutput("strace-log", stracelLogFile);
@@ -183,12 +209,18 @@ async function processAction(actionDir, extraArgs) {
       // If strace is not available, fall back to running without it
       core.warning(`Strace is not available: ${error.message}`);
       core.info(`Executing nested action without strace: node ${entryFile} ${args.join(" ")}`);
-      await exec.exec("node", [entryFile, ...args], { cwd: actionDir });
+      await exec.exec("node", [entryFile, ...args], { 
+        cwd: actionDir,
+        env: envVars
+      });
     }
   } else {
     // Run without strace
     core.info(`Strace disabled. Executing nested action: node ${entryFile} ${args.join(" ")}`);
-    await exec.exec("node", [entryFile, ...args], { cwd: actionDir });
+    await exec.exec("node", [entryFile, ...args], { 
+      cwd: actionDir,
+      env: envVars
+    });
   }
 }
 
