step-security
diff --git a/‎.github/workflows/canary.yml
+6 b/‎.github/workflows/canary.yml
+6
diff --git a/‎.github/workflows/recurring-int-tests.yml
+15 b/‎.github/workflows/recurring-int-tests.yml
+15
diff --git a/‎dist/pre/index.js
+132-46 b/‎dist/pre/index.js
+132-46
diff --git a/‎dist/pre/index.js.map
+1-1 b/‎dist/pre/index.js.map
+1-1
diff --git a/‎src/checksum.ts
+7-2 b/‎src/checksum.ts
+7-2
diff --git a/‎src/configs.ts
+5 b/‎src/configs.ts
+5
diff --git a/‎src/interfaces.ts
+1 b/‎src/interfaces.ts
+1
@@ -41,3 +41,9 @@ jobs:
       env:
         PAT: ${{ secrets.PAT }}
         canary: true
+
+    - name: Canary TLS test
+      uses: docker://ghcr.io/step-security/integration-test/int:latest
+      env:
+        PAT: ${{ secrets.PAT }}
+        canary-tls: true
@@ -22,3 +22,18 @@ jobs:
       env:
         PAT: ${{ secrets.PAT }}
         canary: true
+
+  int-tls-tests:
+    name: int tls tests
+    runs-on: ubuntu-latest
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - name: Canary test
+      uses: docker://ghcr.io/step-security/integration-test/int:latest
+      env:
+        PAT: ${{ secrets.PAT }}
+        canary-tls: true
@@ -2,16 +2,21 @@ import * as core from "@actions/core";
 import * as crypto from "crypto";
 import * as fs from "fs";
 
-export function verifyChecksum(downloadPath: string) {
+export function verifyChecksum(downloadPath: string, is_tls: boolean) {
   const fileBuffer: Buffer = fs.readFileSync(downloadPath);
   const checksum: string = crypto
     .createHash("sha256")
     .update(fileBuffer)
     .digest("hex"); // checksum of downloaded file
 
-  const expectedChecksum: string =
+  let expectedChecksum: string =
     "ceb925c78e5c79af4f344f08f59bbdcf3376d20d15930a315f9b24b6c4d0328a"; // checksum for v0.13.5
 
+  if (is_tls) {
+    expectedChecksum =
+      "204c82116e8c0eebf5409bb2b81aa5d96fe32f0c5abc1cb0364ee70937c32056"; // checksum for tls_agent
+  }
+
   if (checksum !== expectedChecksum) {
     core.setFailed(
       `Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`
 
@@ -0,0 +1,5 @@
+export const STEPSECURITY_ENV = "agent"; // agent or int
+
+export const STEPSECURITY_API_URL = `https://${STEPSECURITY_ENV}.api.stepsecurity.io/v1`;
+
+export const STEPSECURITY_WEB_URL = "https://app.stepsecurity.io";
@@ -9,6 +9,7 @@ export interface Configuration {
   disable_telemetry: boolean;
   disable_sudo: boolean;
   disable_file_monitoring: boolean;
+  is_github_hosted: boolean;
   private: string;
 }
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ export interface Configuration {`
`9`	`9`	`disable_telemetry: boolean;`
`10`	`10`	`disable_sudo: boolean;`
`11`	`11`	`disable_file_monitoring: boolean;`
	`12`	`+ is_github_hosted: boolean;`
`12`	`13`	`private: string;`
`13`	`14`	`}`
`14`	`15`