feat(COD-5797): add link back to ui in markdown (#230)

Christiaan-de-Wet · web-flow · commit 3004ac9bc7e4 · 2025-09-23T15:58:40.000+01:00
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ This repository contains a GitHub Action for using FortiCNAPP's code security of
 
 ### Creating secrets
 
-Before attempting to run this action, you should add three secrets `LW_ACCOUNT_NAME`, `LW_API_KEY` and `LW_API_SECRET` to your GitHub repository (or, better yet, your GitHub organization so they can be shared accross all your repositories). The value for these secrets can be obtained by following the instructions [here](https://docs.lacework.com/console/api-access-keys) to create an API key and then download it.
+Before attempting to run this action, you should add three secrets `LW_ACCOUNT_NAME`, `LW_SUBACCOUNT_NAME` (When using a subaccount) `LW_API_KEY` and `LW_API_SECRET` to your GitHub repository (or, better yet, your GitHub organization so they can be shared across all your repositories). The value for these secrets can be obtained by following the instructions [here](https://docs.lacework.com/console/api-access-keys) to create an API key and then download it.
 
 ### Running on pull requests
 
@@ -24,6 +24,7 @@ permissions:
 
 env:
   LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
+  LW_SUBACCOUNT_NAME: ${{ secrets.LW_SUBACCOUNT_NAME }}
   LW_API_KEY: ${{ secrets.LW_API_KEY }}
   LW_API_SECRET: ${{ secrets.LW_API_SECRET }}
 
diff --git a/src/tool.ts b/src/tool.ts
@@ -4,7 +4,13 @@ import { existsSync, readFileSync } from 'fs'
 import { simpleGit, SimpleGitOptions } from 'simple-git'
 import { getPrApi } from './actions'
 import { LWJSON } from './lw-json'
-import { callLaceworkCli, debug, getOptionalEnvVariable, getRequiredEnvVariable } from './util'
+import {
+  callLaceworkCli,
+  debug,
+  generateUILink,
+  getOptionalEnvVariable,
+  getRequiredEnvVariable,
+} from './util'
 
 export function splitStringAtFirstSlash(inputString: string | undefined): [string, string] {
   if (inputString != null) {
@@ -193,6 +199,10 @@ export async function compareResults(
     '--deployment',
     'ci',
   ]
+
+  const uiLink = generateUILink()
+  if (uiLink) args.push(...['--ui-link', uiLink])
+
   if (debug()) args.push('--debug')
   await callLaceworkCli(...args)
   endGroup()
diff --git a/src/util.ts b/src/util.ts
@@ -1,6 +1,8 @@
 import { error, getInput, info, isDebug } from '@actions/core'
+import { context } from '@actions/github'
 import { spawn } from 'child_process'
 import { TelemetryCollector } from './telemetry'
+import { readFileSync } from 'fs'
 
 export const telemetryCollector = new TelemetryCollector()
 
@@ -83,3 +85,25 @@ export function getOrDefault(name: string, defaultValue: string) {
   if (setTo !== undefined && setTo.length > 0) return setTo
   return defaultValue
 }
+
+export function generateUILink() {
+  const eventPath = process.env.GITHUB_EVENT_PATH!
+  const eventData = JSON.parse(readFileSync(eventPath, 'utf8'))
+  const defaultBranch = eventData.repository?.default_branch
+
+  const targetBranch = getRequiredEnvVariable('GITHUB_BASE_REF')
+
+  if (targetBranch !== defaultBranch) return ''
+
+  let url =
+    `https://${process.env.LW_ACCOUNT_NAME}.lacework.net` +
+    `/ui/investigation/codesec/applications/repositories/` +
+    `${context.repo.owner}%2F${context.repo.repo}` +
+    `/${defaultBranch}`
+
+  if (process.env.LW_SUBACCOUNT_NAME) {
+    url += '?accountName=' + process.env.LW_SUBACCOUNT_NAME
+  }
+
+  return url
+}
