From b576a27ca53a120b45fa540cfdeb03218b97d7f5 Mon Sep 17 00:00:00 2001
From: sailikhith-stepsecurity <sailikhith@stepsecurity.io>
Date: Wed, 25 Mar 2026 11:56:29 +0530
Subject: [PATCH] feat: added banner and update subscription check to make
 maintained actions free for public repos

---
 README.md     |  2 ++
 action.yml    |  2 +-
 dist/index.js | 40 +++++++++++++++++++++++++++++++++++-----
 index.js      | 40 +++++++++++++++++++++++++++++++++++-----
 4 files changed, 73 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 2e19873..c3e611c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions)
+
 # `ssh-agent` GitHub Action
 
 This action
diff --git a/action.yml b/action.yml
index 8f32cc8..fa8f454 100644
--- a/action.yml
+++ b/action.yml
@@ -20,7 +20,7 @@ inputs:
         description: 'git command'
         required: false
 runs:
-    using: 'node20'
+    using: 'node24'
     main: 'dist/index.js'
     post: 'dist/cleanup.js'
     post-if: 'always()'
diff --git a/dist/index.js b/dist/index.js
index 96a9f00..0dbd1e1 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -11660,19 +11660,49 @@ const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = __nccwpck_require__(6644);
 
 
 async function validateSubscription() {
-  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`
+  const eventPath = process.env.GITHUB_EVENT_PATH
+  let repoPrivate
 
+  if (eventPath && fs.existsSync(eventPath)) {
+    const eventData = JSON.parse(fs.readFileSync(eventPath, 'utf8'))
+    repoPrivate = eventData && eventData.repository && eventData.repository.private
+  }
+
+  const upstream = 'webfactory/ssh-agent'
+  const action = process.env.GITHUB_ACTION_REPOSITORY
+  const docsUrl =
+    'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions'
+
+  core.info('')
+  core.info('\u001b[1;36mStepSecurity Maintained Action\u001b[0m')
+  core.info(`Secure drop-in replacement for ${upstream}`)
+  if (repoPrivate === false)
+    core.info('\u001b[32m\u2713 Free for public repositories\u001b[0m')
+  core.info(`\u001b[36mLearn more:\u001b[0m ${docsUrl}`)
+  core.info('')
+
+  if (repoPrivate === false) return
+
+  const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com'
+  const body = {action: action || ''}
+  if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl
   try {
-    await lib_axios.get(API_URL, { timeout: 3000 })
+    await lib_axios.post(
+      `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`,
+      body,
+      {timeout: 3000}
+    )
   } catch (error) {
     if (error.response && error.response.status === 403) {
       core.error(
-        'Subscription is not valid. Reach out to support@stepsecurity.io'
+        `\u001b[1;31mThis action requires a StepSecurity subscription for private repositories.\u001b[0m`
+      )
+      core.error(
+        `\u001b[31mLearn how to enable a subscription: ${docsUrl}\u001b[0m`
       )
       process.exit(1)
-    } else {
-      core.info('Timeout or API not reachable. Continuing to next step.')
     }
+    core.info('Timeout or API not reachable. Continuing to next step.')
   }
 }
 
diff --git a/index.js b/index.js
index 6af007e..349ca36 100644
--- a/index.js
+++ b/index.js
@@ -6,19 +6,49 @@ const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js');
 import axios from 'axios'
 
 async function validateSubscription() {
-  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`
+  const eventPath = process.env.GITHUB_EVENT_PATH
+  let repoPrivate
 
+  if (eventPath && fs.existsSync(eventPath)) {
+    const eventData = JSON.parse(fs.readFileSync(eventPath, 'utf8'))
+    repoPrivate = eventData && eventData.repository && eventData.repository.private
+  }
+
+  const upstream = 'webfactory/ssh-agent'
+  const action = process.env.GITHUB_ACTION_REPOSITORY
+  const docsUrl =
+    'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions'
+
+  core.info('')
+  core.info('\u001b[1;36mStepSecurity Maintained Action\u001b[0m')
+  core.info(`Secure drop-in replacement for ${upstream}`)
+  if (repoPrivate === false)
+    core.info('\u001b[32m\u2713 Free for public repositories\u001b[0m')
+  core.info(`\u001b[36mLearn more:\u001b[0m ${docsUrl}`)
+  core.info('')
+
+  if (repoPrivate === false) return
+
+  const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com'
+  const body = {action: action || ''}
+  if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl
   try {
-    await axios.get(API_URL, { timeout: 3000 })
+    await axios.post(
+      `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`,
+      body,
+      {timeout: 3000}
+    )
   } catch (error) {
     if (error.response && error.response.status === 403) {
       core.error(
-        'Subscription is not valid. Reach out to support@stepsecurity.io'
+        `\u001b[1;31mThis action requires a StepSecurity subscription for private repositories.\u001b[0m`
+      )
+      core.error(
+        `\u001b[31mLearn how to enable a subscription: ${docsUrl}\u001b[0m`
       )
       process.exit(1)
-    } else {
-      core.info('Timeout or API not reachable. Continuing to next step.')
     }
+    core.info('Timeout or API not reachable. Continuing to next step.')
   }
 }