Merge pull request #1 from jfrog/master

Merge from upstream

.github/workflows/auto-build-publish-test.yml

@@ -0,0 +1,83 @@
+name: Auto Build Publish Test
+on:
+  push:
+    branches:
+      - master
+  # Triggers the workflow on labeled PRs only.
+  pull_request_target:
+    types: [ labeled ]
+# Ensures that only the latest commit is running for each PR at a time.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  Auto-Build-Publish-Test:
+    name: Auto-Build-Publish-Test (${{ matrix.os }}) - (CLI ${{ matrix.cli-version }})
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu, windows, macos ]
+        cli-version: [ "latest", "2.66.0" ]
+    runs-on: ${{ matrix.os }}-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
+
+      - name: Install local Artifactory
+        uses: jfrog/.github/actions/install-local-artifactory@main
+        with:
+          RTLIC: ${{ secrets.RTLIC }}
+
+      - name: Post Step to Test the Auto Build-Publish post step
+        uses: gacts/run-and-post-run@v1
+        with:
+          post: |
+            jf c add --artifactory-url http://localhost:8081/artifactory --user admin --password password; \
+            count=$(jf rt search "artifactory-build-info/${GITHUB_WORKFLOW}/${GITHUB_RUN_NUMBER}-*" --count 2>stderr.log); \
+            exit_code=$?; \
+            cat stderr.log; \
+            if [ $exit_code -ne 0 ]; then \
+              echo "Command failed with exit code $exit_code."; \
+              exit 1; \
+            fi; \
+            if [ "$count" -eq 0 ]; then \
+              echo "No build info found."; \
+              exit 1; \
+            fi
+
+      - name: Setup JFrog CLI
+        id: setup-jfrog-cli
+        uses: ./
+        with:
+          version: ${{ matrix.cli-version }}
+        env:
+          JF_URL: http://localhost:8081/
+          JF_USER: admin
+          JF_PASSWORD: password
+
+      - name: Create NPM Remote Repository JSON
+        uses: jsdaniell/[email protected]
+        with:
+          name: "npm-remote-template.json"
+          json: '{
+            "key": "npm-remote",
+            "rclass": "remote",
+            "packageType": "npm",
+            "url": "https://registry.npmjs.org"
+          }'
+
+      - name: Configure Artifactory NPM Remote Repository
+        run: jf rt repo-create npm-remote-template.json
+        shell: bash
+
+      - name: Add npm modules to local build-info
+        run: |
+          jf npm-config --repo-resolve npm-remote
+          jf npm install

.github/workflows/cla.yml

@@ -10,26 +10,10 @@ jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions-ecosystem/action-regex-match@v2
-        id: sign-or-recheck
+      - name: Run CLA Check
+        uses: jfrog/.github/actions/cla@main
         with:
-          text: ${{ github.event.comment.body }}
-          regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheck)\s*'
-
-      - name: "CLA Assistant"
-        if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
-        # Alpha Release
-        uses: cla-assistant/[email protected]
-        env:
-          # Generated and maintained by GitHub
+          event_comment_body: ${{ github.event.comment.body }}
+          event_name: ${{ github.event_name }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # JFrog organization secret
-          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }}
-        with:
-          path-to-signatures: "signed_clas.json"
-          path-to-document: "https://jfrog.com/cla/"
-          remote-organization-name: "jfrog"
-          remote-repository-name: "jfrog-signed-clas"
-          # branch should not be protected
-          branch: "master"
-          allowlist: bot*
+          CLA_SIGN_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }}

.github/workflows/frogbot-scan-pull-request.yml

@@ -1,7 +1,7 @@
 name: "Frogbot Scan Pull Request"
 on:
   pull_request_target:
-    types: [opened, synchronize]
+    types: [ opened, synchronize ]
 permissions:
   pull-requests: write
   contents: read
@@ -14,22 +14,16 @@ jobs:
     steps:
       - uses: jfrog/frogbot@v2
         env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+
           # [Mandatory]
-          # JFrog platform URL
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
           JF_URL: ${{ secrets.FROGBOT_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
           # JFrog access token with 'read' permissions on Xray service
           JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
 
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
-          # JF_USER: ${{ secrets.JF_USER }}
-
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog password. Must be provided with JF_USER
-          # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
-
           # [Mandatory]
           # The GitHub token is automatically generated for the job
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -57,15 +51,21 @@ jobs:
           # [Optional]
           # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans.
           # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
-          # JF_SMTP_SERVER: ""
+          JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}
 
           # [Mandatory if JF_SMTP_SERVER is set]
           # The username required for authenticating with the SMTP server.
-          # JF_SMTP_USER: ""
+          JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}
 
           # [Mandatory if JF_SMTP_SERVER is set]
           # The password associated with the username required for authentication with the SMTP server.
-          # JF_SMTP_PASSWORD: ""
+          JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}
+
+          # [Optional]
+          # List of comma separated email addresses to receive email notifications about secrets
+          # detected during pull request scanning. The notification is also sent to the email set
+          # in the committer git profile regardless of whether this variable is set or not.
+          JF_EMAIL_RECEIVERS: "[email protected]"
 
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
@@ -83,10 +83,6 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
-          # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
-          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
-          # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
-
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
@@ -99,10 +95,6 @@ jobs:
           # Displays all existing vulnerabilities, including the ones that were added by the pull request.
           # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
 
-          # [Optional, default: "FALSE"]
-          # When adding new comments on pull requests, keep old comments that were added by previous scans.
-          # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"
-
           # [Optional, default: "TRUE"]
           # Fails the Frogbot task if any security issue is found.
           # JF_FAIL: "FALSE"
@@ -127,22 +119,3 @@ jobs:
           # The following values are accepted: Low, Medium, High or Critical
           # JF_MIN_SEVERITY: ""
 
-          # [Optional]
-          # List of comma separated email addresses to receive email notifications about secrets
-          # detected during pull request scanning. The notification is also sent to the email set
-          # in the committer git profile regardless of whether this variable is set or not.
-          # JF_EMAIL_RECEIVERS: ""
-
-          # [Optional]
-          # Set the list of allowed licenses
-          # The full list of licenses can be found in:
-          # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
-          # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
-
-          # [Optional]
-          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
-          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-
-          # [Optional]
-          # Add a title to pull request comments generated by Frogbot.
-          # JF_PR_COMMENT_TITLE: ""

.github/workflows/frogbot-scan-repository.yml

@@ -10,16 +10,22 @@ permissions:
   security-events: write
 jobs:
   scan-repository:
+    name: Scan Repository (${{ matrix.branch }} branch)
     runs-on: ubuntu-latest
     strategy:
       matrix:
         # The repository scanning will be triggered periodically on the following branches.
-        branch: ["master"]
+        branch: [ "master" ]
     steps:
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
+
       - uses: jfrog/frogbot@v2
         env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+
           # [Mandatory]
-          # JFrog platform URL
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
           JF_URL: ${{ secrets.FROGBOT_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
@@ -71,10 +77,6 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
-          # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
-          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
-          # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
-
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
@@ -95,19 +97,19 @@ jobs:
 
           # [Optional]
           # Template for the branch name generated by Frogbot when creating pull requests with fixes.
-          # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_BRANCH_NAME_TEMPLATE: "frogbot-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"
+          # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"
 
           # [Optional]
           # Template for the commit message generated by Frogbot when creating pull requests with fixes
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
 
           # [Optional]
           # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
 
           # [Optional, Default: "FALSE"]
           # If TRUE, Frogbot creates a single pull request with all the fixes.
@@ -126,17 +128,3 @@ jobs:
           # [Optional, Default: [email protected]]
           # Set the email of the commit author
           # JF_GIT_EMAIL_AUTHOR: ""
-
-          # [Optional]
-          # Set the list of allowed licenses
-          # The full list of licenses can be found in:
-          # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
-          # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
-
-          # [Optional]
-          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
-          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-
-          # [Optional]
-          # Add a title to pull request comments generated by Frogbot.
-          # JF_PR_COMMENT_TITLE: ""

.github/workflows/oidc-test.yml

@@ -3,9 +3,7 @@ name: OpenID Connect Test
 on:
   push:
     branches:
-      - '**'
-    tags-ignore:
-      - '**'
+      - master
   # Triggers the workflow on labeled PRs only.
   pull_request_target:
     types: [ labeled ]
@@ -40,7 +38,7 @@ jobs:
         run: |
           curl -X POST "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc" -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}" -d '{
           "name": "${{ env.OIDC_PROVIDER_NAME }}",
-          "issuer_url": "https://token.actions.githubusercontent.com/",
+          "issuer_url": "https://token.actions.githubusercontent.com",
           "provider_type": "GitHub",
           "description": "This is a test configuration created for OIDC-Access integration test" }'
 
@@ -63,6 +61,7 @@ jobs:
           }'
 
       - name: Setup JFrog CLI
+        id: setup-jfrog-cli
         uses: ./
         env:
           JF_URL: ${{ secrets.JFROG_PLATFORM_URL }}
@@ -73,6 +72,14 @@ jobs:
         run: |
           jf rt s "some-repo/"
 
+      - name: Test User Output
+        shell: bash
+        run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-user }}"
+
+      - name: Test Token Output
+        shell: bash
+        run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-token }}"
+
       # Removing the OIDC integration will remove the Identity Mapping as well
       - name: Delete OIDC integration
         shell: bash

.github/workflows/test.yml

@@ -1,16 +1,22 @@
 name: "Test"
-on: [push, pull_request]
-
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+  pull_request:
 jobs:
   test:
+    name: Test (${{ matrix.os }}) - (CLI ${{ matrix.cli-version || 'default' }})
     runs-on: ${{ matrix.os }}
     env:
       JF_ENV_LOCAL: eyJ2ZXJzaW9uIjoxLCJ1cmwiOiJodHRwOi8vMTI3LjAuMC4xOjgwODEvYXJ0aWZhY3RvcnkvIiwidXNlciI6ImFkbWluIiwicGFzc3dvcmQiOiJBUEI3REVaUlBpSHFIRFRRb2tMa3g5aGh6S1QiLCJzZXJ2ZXJJZCI6ImxvY2FsIn0=
 
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macOS-latest]
-        version: ["", "latest", "1.46.4"]
+        os: [ ubuntu-latest, windows-latest, macos-13 ]
+        cli-version: [ "", "latest", "1.46.4" ]
       fail-fast: false
     steps:
       # Checkout and install prerequisites
@@ -23,12 +29,12 @@ jobs:
 
       # Run action according to the input version
       - name: Setup JFrog CLI
-        if: matrix.version != ''
+        if: matrix.cli-version != ''
         uses: ./
         with:
-          version: ${{ matrix.version }}
+          version: ${{ matrix.cli-version }}
       - name: Setup default JFrog CLI
-        if: matrix.version == ''
+        if: matrix.cli-version == ''
         uses: ./
 
       # Run --version