From 0941f9058adad565a24ccb6b3b044b906cd087c8 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 11:26:36 +0200 Subject: [PATCH 01/38] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 449f546..490af4b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: Docker-build-with-evidence: runs-on: ubuntu-latest env: - REPO_NAME: evidence-demo-docker-dev + REPO_NAME: ptfl-oci-local-dev steps: - uses: actions/checkout@v4 From b26e743ae2125a6b04657966a854fb974a103664 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 11:37:09 +0200 Subject: [PATCH 02/38] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 490af4b..2be403a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,6 +12,7 @@ jobs: runs-on: ubuntu-latest env: REPO_NAME: ptfl-oci-local-dev + steps: - uses: actions/checkout@v4 From 743d0fa5f2c664d62f944aee7816d7e803c738f5 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 11:41:15 +0200 Subject: [PATCH 03/38] Update build.yml --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2be403a..7f9db0c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Docker-build-with-evidence +name: ptfl-build-with-evidence on: [workflow_dispatch] @@ -11,7 +11,7 @@ jobs: Docker-build-with-evidence: runs-on: ubuntu-latest env: - REPO_NAME: ptfl-oci-local-dev + REPO_NAME: ptfl-oci-dev-local steps: From 45091968d33773e66e326b69b424538b3e691394 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 11:58:10 +0200 Subject: [PATCH 04/38] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7f9db0c..0866593 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,7 @@ jobs: run: | URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') REPO_URL=${URL}/${REPO_NAME} + echo ${REPO_URL} docker build -t ${REPO_URL}/example-go-app:${{ github.run_number }} . jf docker push ${REPO_URL}/example-go-app:${{ github.run_number }} From ee2541458c9cb89d8ced661c11494418e1bb68f3 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 11:58:36 +0200 Subject: [PATCH 05/38] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0866593..2d656ac 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,6 +26,7 @@ jobs: - name: Build Docker image run: | URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') + echo ${URL} REPO_URL=${URL}/${REPO_NAME} echo ${REPO_URL} docker build -t ${REPO_URL}/example-go-app:${{ github.run_number }} . From deda6777c31281cd7a179db1e5aeb292329f29a5 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 12:05:34 +0200 Subject: [PATCH 06/38] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2d656ac..bf1604d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,6 +9,7 @@ permissions: jobs: Docker-build-with-evidence: + environment: Jfrog runs-on: ubuntu-latest env: REPO_NAME: ptfl-oci-dev-local From 25e64d08e2af257b20ad780010172a313d8bb363 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 12:16:17 +0200 Subject: [PATCH 07/38] Update promote.yml --- .github/workflows/promote.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index ee24af4..c3f38ca 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -11,6 +11,7 @@ permissions: jobs: Promote-to-qa-and-test: + environment: Jfrog runs-on: ubuntu-latest steps: From 8af4406eaac643169e1334761794bdf9daa5e6a6 Mon Sep 17 00:00:00 2001 From: petrofl Date: Tue, 7 Jan 2025 13:34:07 +0200 Subject: [PATCH 08/38] Update build.yml --- .github/workflows/build.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bf1604d..4fe840b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,10 +65,10 @@ jobs: VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY - # - name: Approve release-bundle - # run: | - # echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "approved": "true" }' > rbv2_approval_evidence.json - # jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ - # --release-bundle ${{ github.actor }}-evidence-training --release-bundle-version ${{ github.run_number }} \ - # --predicate ./rbv2_approval_evidence.json --predicate-type https://jfrog.com/evidence/approval/v1 - # echo 'Approval of Release bundle ${{ github.actor }}-evidence-training':'${{ github.run_number }} succeded' >> $GITHUB_STEP_SUMMARY + - name: Approve release-bundle + run: | + echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "approved": "true" }' > rbv2_approval_evidence.json + jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ + --release-bundle ${{ github.actor }}-evidence-training --release-bundle-version ${{ github.run_number }} \ + --predicate ./rbv2_approval_evidence.json --predicate-type https://jfrog.com/evidence/approval/v1 + echo 'Approval of Release bundle ${{ github.actor }}-evidence-training':'${{ github.run_number }} succeded' >> $GITHUB_STEP_SUMMARY From 1a97fa0845b5fd55fc85842f7d9bea00590ee269 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 11:39:20 +0200 Subject: [PATCH 09/38] Update promote.yml --- .github/workflows/promote.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index c3f38ca..e870699 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -13,6 +13,9 @@ jobs: Promote-to-qa-and-test: environment: Jfrog runs-on: ubuntu-latest + env: + PROMOTE_REPO_NAME: ptfl-oci-dev-local + JF_PROJECT: ptfl steps: - name: Checkout @@ -45,7 +48,7 @@ jobs: - name: Promote to Test run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true + jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${{JF_PROJECT}} echo "🚀 Succesfully promoted to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY else opa eval --input ./evidence_graph.json --data policy/policy.rego "data.policy.output" | jq '.result[0].expressions[0].value' From 67dfac91f2d3efa7a3f01f663f17beef5ef166c1 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 11:42:08 +0200 Subject: [PATCH 10/38] Update promote.yml --- .github/workflows/promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index e870699..60f9161 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -48,7 +48,7 @@ jobs: - name: Promote to Test run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${{JF_PROJECT}} + jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${{env.JF_PROJECT}} echo "🚀 Succesfully promoted to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY else opa eval --input ./evidence_graph.json --data policy/policy.rego "data.policy.output" | jq '.result[0].expressions[0].value' From 02fee8f18a79a77c1dde6d983f8fbc1c2f510f61 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 11:45:06 +0200 Subject: [PATCH 11/38] Update promote.yml --- .github/workflows/promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index 60f9161..b1db103 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -48,7 +48,7 @@ jobs: - name: Promote to Test run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${{env.JF_PROJECT}} + jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${JF_PROJECT} echo "🚀 Succesfully promoted to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY else opa eval --input ./evidence_graph.json --data policy/policy.rego "data.policy.output" | jq '.result[0].expressions[0].value' From bd2deec12908bc68311315fc82f3cdf7730cdcec Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 12:53:41 +0200 Subject: [PATCH 12/38] Update build.yml --- .github/workflows/build.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4fe840b..d05a0e7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,6 +13,7 @@ jobs: runs-on: ubuntu-latest env: REPO_NAME: ptfl-oci-dev-local + JF_PROJECT: ptfl steps: @@ -31,24 +32,24 @@ jobs: REPO_URL=${URL}/${REPO_NAME} echo ${REPO_URL} docker build -t ${REPO_URL}/example-go-app:${{ github.run_number }} . - jf docker push ${REPO_URL}/example-go-app:${{ github.run_number }} + jf docker push ${REPO_URL}/example-go-app:${{ github.run_number }} --project ${JF_PROJECT} - name: Evidence on docker run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --project ${JF_PROJECT}\ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '🔎 Evidence attached: `signature` 🔏 ' - name: Collecting Information from Git - run: jf rt build-add-git + run: jf rt build-add-git --project ${JF_PROJECT} - name: Collecting Environment Variables - run: jf rt build-collect-env + run: jf rt build-collect-env --project ${JF_PROJECT} - name: Publish build info - run: jfrog rt build-publish + run: jfrog rt build-publish --project ${JF_PROJECT} - name: Sign build evidence run: | @@ -61,7 +62,7 @@ jobs: - name: Create release bundle run: | echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json - jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true + jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From 62e55147246ec39ac67b75dbd15e5a8492ce1968 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 12:56:48 +0200 Subject: [PATCH 13/38] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d05a0e7..cb32568 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,7 +38,7 @@ jobs: run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --project ${JF_PROJECT}\ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '🔎 Evidence attached: `signature` 🔏 ' From bf7c4b5c0d52473fdfbb70f472089216db9bb364 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 13:06:24 +0200 Subject: [PATCH 14/38] Update build.yml --- .github/workflows/build.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb32568..ac0e6ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,9 +37,8 @@ jobs: - name: Evidence on docker run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ - --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 + cat ./echo.json + jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '🔎 Evidence attached: `signature` 🔏 ' - name: Collecting Information from Git From b209fccc99f479373338a7452055db26a3055ae6 Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 9 Jan 2025 13:51:21 +0200 Subject: [PATCH 15/38] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac0e6ba..b3cdebf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,7 +37,7 @@ jobs: - name: Evidence on docker run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - cat ./echo.json + cat ./sign.json jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '🔎 Evidence attached: `signature` 🔏 ' From a2ab232d7823e779eede38eec6f2bb3db7d16470 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 11:20:21 +0200 Subject: [PATCH 16/38] Update build.yml --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b3cdebf..66ffd83 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,7 +38,8 @@ jobs: run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json cat ./sign.json - jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 + jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 \ + --project ${JF_PROJECT} echo '🔎 Evidence attached: `signature` 🔏 ' - name: Collecting Information from Git From 0c316f3dc7bde01b5abb4b46ccc2703563b8d4bf Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 12:17:34 +0200 Subject: [PATCH 17/38] Update build.yml --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66ffd83..8b8a6b9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,8 +38,7 @@ jobs: run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json cat ./sign.json - jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 \ - --project ${JF_PROJECT} + jf evd create --package-name example-go-app --package-version ${{ github.run_number }} --package-repo-name ${REPO_NAME} --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 --project ${JF_PROJECT} echo '🔎 Evidence attached: `signature` 🔏 ' - name: Collecting Information from Git From fa13ab4f4c094fc768ea8512939ab371c131dccd Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 14:29:50 +0200 Subject: [PATCH 18/38] Update build.yml From ab7eb49c5e6421f01249528c487c62789ad2cc24 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 14:31:41 +0200 Subject: [PATCH 19/38] Update build.yml --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8b8a6b9..12a35de 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,7 @@ jobs: echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --build-name ${{ github.workflow }} --build-number ${{ github.run_number }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} + --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} --project ${JF_PROJECT} echo '🔎 Evidence attached: `build-signature` 🔏 ' >> $GITHUB_STEP_SUMMARY - name: Create release bundle @@ -70,5 +70,5 @@ jobs: echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "approved": "true" }' > rbv2_approval_evidence.json jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ --release-bundle ${{ github.actor }}-evidence-training --release-bundle-version ${{ github.run_number }} \ - --predicate ./rbv2_approval_evidence.json --predicate-type https://jfrog.com/evidence/approval/v1 + --predicate ./rbv2_approval_evidence.json --predicate-type https://jfrog.com/evidence/approval/v1 --project ${JF_PROJECT} echo 'Approval of Release bundle ${{ github.actor }}-evidence-training':'${{ github.run_number }} succeded' >> $GITHUB_STEP_SUMMARY From ef433034b1a57406d976958f1bf52930dec51552 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 15:40:10 +0200 Subject: [PATCH 20/38] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 12a35de..aa1fcb9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,7 +60,7 @@ jobs: - name: Create release bundle run: | - echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json + echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "${JF_PROJECT}" } ] }' > bundle-spec.json jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From 4b8678c64faa629a53355e054cf244415e4e01c4 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 15:42:37 +0200 Subject: [PATCH 21/38] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index aa1fcb9..7635eb1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,7 +60,7 @@ jobs: - name: Create release bundle run: | - echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "${JF_PROJECT}" } ] }' > bundle-spec.json + echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'" ${JF_PROJECT} "'" } ] }' > bundle-spec.json jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From c45be06715b313d667ccf99bd2844a89db6ba44d Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 15 Jan 2025 15:54:27 +0200 Subject: [PATCH 22/38] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7635eb1..aad727f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -61,6 +61,7 @@ jobs: - name: Create release bundle run: | echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'" ${JF_PROJECT} "'" } ] }' > bundle-spec.json + echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'" ${JF_PROJECT} "'" } ] }' jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From f0b000d55ec31ad91144e5e28d5e8a79c5a50bee Mon Sep 17 00:00:00 2001 From: petrofl Date: Thu, 16 Jan 2025 11:51:24 +0200 Subject: [PATCH 23/38] Update build.yml --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index aad727f..e93188c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,8 +60,8 @@ jobs: - name: Create release bundle run: | - echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'" ${JF_PROJECT} "'" } ] }' > bundle-spec.json - echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'" ${JF_PROJECT} "'" } ] }' + echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'"${JF_PROJECT}"'" } ] }' > bundle-spec.json + cat ./bundle-spec.json jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From 4ac7ab108f281498f3c89feb845be5eb01c46794 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 22 Jan 2025 11:03:59 +0200 Subject: [PATCH 24/38] Update build.yml --- .github/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e93188c..0319a27 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -62,14 +62,14 @@ jobs: run: | echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'"${JF_PROJECT}"'" } ] }' > bundle-spec.json cat ./bundle-spec.json - jf release-bundle-create ${{ github.actor }}-evidence-training ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} - VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evidence-training'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' - echo '📦 Release bundle ['${{ github.actor }}-evidence-training:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY + jf release-bundle-create ${{ github.actor }}-evd-flow ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} + VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evd-flow'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' + echo '📦 Release bundle ['${{ github.actor }}-evd-flow:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY - name: Approve release-bundle run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "approved": "true" }' > rbv2_approval_evidence.json jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias ${{ secrets.KEY_ALIAS }} \ - --release-bundle ${{ github.actor }}-evidence-training --release-bundle-version ${{ github.run_number }} \ + --release-bundle ${{ github.actor }}-evd-flow --release-bundle-version ${{ github.run_number }} \ --predicate ./rbv2_approval_evidence.json --predicate-type https://jfrog.com/evidence/approval/v1 --project ${JF_PROJECT} - echo 'Approval of Release bundle ${{ github.actor }}-evidence-training':'${{ github.run_number }} succeded' >> $GITHUB_STEP_SUMMARY + echo 'Approval of Release bundle ${{ github.actor }}-evd-flow':'${{ github.run_number }} succeded' >> $GITHUB_STEP_SUMMARY From ba44aac5ec92a69f21e6798e90746da806a7ba94 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 22 Jan 2025 11:04:31 +0200 Subject: [PATCH 25/38] Update promote.yml --- .github/workflows/promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index b1db103..1466ae3 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -48,7 +48,7 @@ jobs: - name: Promote to Test run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf release-bundle-promote ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${JF_PROJECT} + jf release-bundle-promote ${{ github.actor }}-evd-flow ${{ inputs.rb-version }} QA --signing-key ${{ secrets.RB_KEY }} --sync=true --project ${JF_PROJECT} echo "🚀 Succesfully promoted to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY else opa eval --input ./evidence_graph.json --data policy/policy.rego "data.policy.output" | jq '.result[0].expressions[0].value' From b2af39155817e83adc51f03575eedfe640df7809 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 22 Jan 2025 11:10:49 +0200 Subject: [PATCH 26/38] Update promote.yml --- .github/workflows/promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index 1466ae3..f15aa6a 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -35,7 +35,7 @@ jobs: - name: Call GraphQL run: | - ./scripts/graphql.sh ${{ vars.ARTIFACTORY_URL }} ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} release-bundles-v2 ${{ github.actor }}-evidence-training ${{ inputs.rb-version }} + ./scripts/graphql.sh ${{ vars.ARTIFACTORY_URL }} ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} release-bundles-v2 ${{ github.actor }}-evd-flow ${{ inputs.rb-version }} cat evidence_graph.json - name: Run policy From 89408b4e7756bc86eac95572f4d52297da027611 Mon Sep 17 00:00:00 2001 From: petrofl Date: Wed, 22 Jan 2025 11:58:37 +0200 Subject: [PATCH 27/38] Update promote.yml --- .github/workflows/promote.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index f15aa6a..a26f6e2 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -35,7 +35,7 @@ jobs: - name: Call GraphQL run: | - ./scripts/graphql.sh ${{ vars.ARTIFACTORY_URL }} ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} release-bundles-v2 ${{ github.actor }}-evd-flow ${{ inputs.rb-version }} + ./scripts/graphql.sh ${{ vars.ARTIFACTORY_URL }} ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} ${JF_PROJECT}-release-bundles-v2 ${{ github.actor }}-evd-flow ${{ inputs.rb-version }} cat evidence_graph.json - name: Run policy From 39d057136fbd0170e1da924ce98136473853ca8b Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 19:29:22 +0200 Subject: [PATCH 28/38] Create jf_build.yml --- .github/workflows/jf_build.yml | 52 ++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/jf_build.yml diff --git a/.github/workflows/jf_build.yml b/.github/workflows/jf_build.yml new file mode 100644 index 0000000..6eb2928 --- /dev/null +++ b/.github/workflows/jf_build.yml @@ -0,0 +1,52 @@ +name: ptfl-build-with-evidence + +on: + [workflow_dispatch] + +permissions: + id-token: write + contents: read + +jobs: + Docker-build-with-evidence: + environment: Jfrog-US + runs-on: ubuntu-latest + env: + REPO_NAME: ptfl2-docker + JF_PROJECT: ptfl1 + + steps: + + - uses: actions/checkout@v4 + + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + + - name: Build Docker image + run: | + URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') + echo ${URL} + REPO_URL=${URL}/${REPO_NAME} + echo ${REPO_URL} + docker build -t ${REPO_URL}/example-go-app:${{ github.run_number }} . + jf docker push ${REPO_URL}/example-go-app:${{ github.run_number }} --project ${JF_PROJECT} + + - name: Collecting Information from Git + run: jf rt build-add-git --project ${JF_PROJECT} + + - name: Collecting Environment Variables + run: jf rt build-collect-env --project ${JF_PROJECT} + + - name: Publish build info + run: jfrog rt build-publish --project ${JF_PROJECT} + + - name: Create release bundle + run: | + echo '{ "files": [ {"build": "'"${{ github.workflow }}/${{ github.run_number }}"'" , "project" : "'"${JF_PROJECT}"'" } ] }' > bundle-spec.json + cat ./bundle-spec.json + jf release-bundle-create ${{ github.actor }}-evd-flow ${{ github.run_number }} --signing-key ${{ secrets.RB_KEY }} --spec bundle-spec.json --sync=true --project ${JF_PROJECT} + VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ github.actor }}-evidence-training'&bundleToFlash='${{ github.actor }}-evd-flow'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' + echo '📦 Release bundle ['${{ github.actor }}-evd-flow:${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY From d46efe75aa01b050bc63f8cf271fa1e361ce5339 Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 19:30:15 +0200 Subject: [PATCH 29/38] Update jf_build.yml --- .github/workflows/jf_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jf_build.yml b/.github/workflows/jf_build.yml index 6eb2928..07a60df 100644 --- a/.github/workflows/jf_build.yml +++ b/.github/workflows/jf_build.yml @@ -1,4 +1,4 @@ -name: ptfl-build-with-evidence +name: ptfl1-build-with-rb on: [workflow_dispatch] From 812c501d04e1a4ef831c211e7f7631e62b95c8cf Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 19:31:34 +0200 Subject: [PATCH 30/38] Update jf_build.yml --- .github/workflows/jf_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jf_build.yml b/.github/workflows/jf_build.yml index 07a60df..f622266 100644 --- a/.github/workflows/jf_build.yml +++ b/.github/workflows/jf_build.yml @@ -12,7 +12,7 @@ jobs: environment: Jfrog-US runs-on: ubuntu-latest env: - REPO_NAME: ptfl2-docker + REPO_NAME: ptfl1-docker JF_PROJECT: ptfl1 steps: From 11ad0f188eab7daee3bc6500215d35b914af1b47 Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 21:25:48 +0200 Subject: [PATCH 31/38] Create distribute.yaml --- .github/workflows/distribute.yml | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/distribute.yml diff --git a/.github/workflows/distribute.yml b/.github/workflows/distribute.yml new file mode 100644 index 0000000..5ebe34e --- /dev/null +++ b/.github/workflows/distribute.yml @@ -0,0 +1,34 @@ +name: Promote-to-qa +on: + workflow_dispatch: + inputs: + rb-version: + description: 'Release bundle version' + required: true +permissions: + id-token: write + contents: read + +jobs: + Promote-to-qa-and-test: + environment: Jfrog + runs-on: ubuntu-latest + env: + PROMOTE_REPO_NAME: ptfl1-docker + JF_PROJECT: ptfl1 + steps: + + - name: Checkout + uses: actions/checkout@v4 + + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + + - name: Distribute to Edge nodes + run: | + echo '{ "distribution_rules": [ {"site_name": "SolEngEdgeSaaS"} ] }' > distr-rule.json + jf release-bundle-distribute --sync=true --project ${JF_PROJECT} --dist-rules=distr-rule.json ${{ github.actor }}-evd-flow ${{ inputs.rb-version }} --sync=true --project ${JF_PROJECT} + echo "🚀 Succesfully promoted to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY From b43c1ebe7b15de296e2bd9eaf21687c292b3c5b1 Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 21:26:55 +0200 Subject: [PATCH 32/38] Update distribute.yml --- .github/workflows/distribute.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/distribute.yml b/.github/workflows/distribute.yml index 5ebe34e..f694986 100644 --- a/.github/workflows/distribute.yml +++ b/.github/workflows/distribute.yml @@ -1,4 +1,4 @@ -name: Promote-to-qa +name: distribute-to-edge-nodes on: workflow_dispatch: inputs: From 2d55fe378f287978b21bab5099fcc0a3a9480c2b Mon Sep 17 00:00:00 2001 From: petrofl Date: Mon, 17 Feb 2025 21:28:15 +0200 Subject: [PATCH 33/38] Update distribute.yml --- .github/workflows/distribute.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/distribute.yml b/.github/workflows/distribute.yml index f694986..b10e37b 100644 --- a/.github/workflows/distribute.yml +++ b/.github/workflows/distribute.yml @@ -11,7 +11,7 @@ permissions: jobs: Promote-to-qa-and-test: - environment: Jfrog + environment: Jfrog-US runs-on: ubuntu-latest env: PROMOTE_REPO_NAME: ptfl1-docker From 96e4d8ebb51d4ecdc02de5fe2ad3d657b14776c9 Mon Sep 17 00:00:00 2001 From: petrofl Date: Sun, 6 Apr 2025 10:59:36 +0300 Subject: [PATCH 34/38] Create frogbot-scan-fix.yaml --- .github/workflows/frogbot-scan-fix.yaml | 135 ++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 .github/workflows/frogbot-scan-fix.yaml diff --git a/.github/workflows/frogbot-scan-fix.yaml b/.github/workflows/frogbot-scan-fix.yaml new file mode 100644 index 0000000..5f213ab --- /dev/null +++ b/.github/workflows/frogbot-scan-fix.yaml @@ -0,0 +1,135 @@ +name: "Frogbot Scan and Fix" +on: + schedule: + # The repository will be scanned based on the following cron expression + - cron: "0 0 * 1 *" + workflow_dispatch: + inputs: + run_reason: + required: false + type: string + default: "On-demand workflow run" + description: "Reason for manually triggering the workflow" +permissions: + contents: write + pull-requests: write + security-events: write + id-token: write +jobs: + create-fix-pull-requests: + environment: Jfrog + runs-on: ubuntu-latest + env: + REPO_NAME: ptfl1-docker + JF_PROJECT: ptfl1 + + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: [ "main" ] + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ matrix.branch }} + + # Install prerequisites + - name: Setup Frogbot + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: https://${{ vars.ARTIFACTORY_URL}}/ + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + JFROG_CLI_LOG_LEVEL: "DEBUG" + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Optional] + # If the machine that runs Frogbot has no access to the internet, set the name of a remote repository + # in Artifactory, which proxies https://releases.jfrog.io + # The 'frogbot' executable and other tools it needs will be downloaded through this repository. + # JF_RELEASES_REPO: "" + + + + ########################################################################## + ## If your project uses a 'frogbot-config.yml' file, you can define ## + ## the following variables inside the file, instead of here. ## + ########################################################################## + + # [Mandatory if the two conditions below are met] + # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies + # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. + # + # The command that installs the project dependencies (e.g "nuget restore") + # JF_INSTALL_DEPS_CMD: "" + + # [Optional, default: "."] + # Relative path to the root of the project in the Git repository + # JF_WORKING_DIR: path/to/project/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + JF_PROJECT: ${JF_PROJECT} + + # [Optional, default: "TRUE"] + # Fails the Frogbot task if any security issue is found. + # JF_FAIL: "FALSE" + + # [Optional] + # Frogbot will download the project dependencies if they're not cached locally. To download the + # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no + # need to set this value, if it is set in the frogbot-config.yml file. + # JF_DEPS_REPO: "" + + # [Optional] + # Template for the branch name generated by Frogbot when creating pull requests with fixes. + # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique. + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}" + + # [Optional] + # Template for the commit message generated by Frogbot when creating pull requests with fixes + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}" + + # [Optional] + # Template for the pull request title generated by Frogbot when creating pull requests with fixes. + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to to ${FIX_VERSION}" + + # [Optional, Default: "FALSE"] + # If TRUE, Frogbot creates a single pull request with all the fixes. + # If FALSE, Frogbot creates a separate pull request for each fix. + # JF_GIT_AGGREGATE_FIXES: "FALSE" + + # [Optional, Default: "FALSE"] + # Handle vulnerabilities with fix versions only + # JF_FIXABLE_ONLY: "TRUE" + + # [Optional] + # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests + # The following values are accepted: Low, Medium, High or Critical + JF_MIN_SEVERITY: "High" From aec3ab6e0844b8f98e9db74fb718366731ce03a4 Mon Sep 17 00:00:00 2001 From: petrofl Date: Sun, 6 Apr 2025 11:01:52 +0300 Subject: [PATCH 35/38] Update frogbot-scan-fix.yaml --- .github/workflows/frogbot-scan-fix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-fix.yaml b/.github/workflows/frogbot-scan-fix.yaml index 5f213ab..b27c90b 100644 --- a/.github/workflows/frogbot-scan-fix.yaml +++ b/.github/workflows/frogbot-scan-fix.yaml @@ -34,7 +34,7 @@ jobs: # Install prerequisites - name: Setup Frogbot - - uses: jfrog/frogbot@v2 + uses: jfrog/frogbot@v2 env: # [Mandatory] # JFrog platform URL From cdaae64ea3ca4e37d34326253d15299ec2736e2d Mon Sep 17 00:00:00 2001 From: petrofl Date: Sun, 6 Apr 2025 11:03:25 +0300 Subject: [PATCH 36/38] Update frogbot-scan-fix.yaml --- .github/workflows/frogbot-scan-fix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-fix.yaml b/.github/workflows/frogbot-scan-fix.yaml index b27c90b..7cbbcf6 100644 --- a/.github/workflows/frogbot-scan-fix.yaml +++ b/.github/workflows/frogbot-scan-fix.yaml @@ -38,7 +38,7 @@ jobs: env: # [Mandatory] # JFrog platform URL - JF_URL: https://${{ vars.ARTIFACTORY_URL}}/ + JF_URL: ${{ vars.ARTIFACTORY_URL}} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} JFROG_CLI_LOG_LEVEL: "DEBUG" From a293ed53d2dc13897c8ff525d0354f1d8e0fbf43 Mon Sep 17 00:00:00 2001 From: petrofl Date: Sun, 6 Apr 2025 17:12:36 +0300 Subject: [PATCH 37/38] Update frogbot-scan-fix.yaml --- .github/workflows/frogbot-scan-fix.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-fix.yaml b/.github/workflows/frogbot-scan-fix.yaml index 7cbbcf6..2133275 100644 --- a/.github/workflows/frogbot-scan-fix.yaml +++ b/.github/workflows/frogbot-scan-fix.yaml @@ -31,7 +31,9 @@ jobs: - uses: actions/checkout@v4 with: ref: ${{ matrix.branch }} - + - uses: actions/setup-go@v5 + with: + go-version: '^1.13.1' # The Go version to download (if necessary) and use. # Install prerequisites - name: Setup Frogbot uses: jfrog/frogbot@v2 From 6a144fbe72c3ad530bcf2bf513f33cf84ad65781 Mon Sep 17 00:00:00 2001 From: petrofl Date: Sun, 6 Apr 2025 17:14:09 +0300 Subject: [PATCH 38/38] Update frogbot-scan-fix.yaml --- .github/workflows/frogbot-scan-fix.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/frogbot-scan-fix.yaml b/.github/workflows/frogbot-scan-fix.yaml index 2133275..9517952 100644 --- a/.github/workflows/frogbot-scan-fix.yaml +++ b/.github/workflows/frogbot-scan-fix.yaml @@ -31,9 +31,9 @@ jobs: - uses: actions/checkout@v4 with: ref: ${{ matrix.branch }} - - uses: actions/setup-go@v5 - with: - go-version: '^1.13.1' # The Go version to download (if necessary) and use. + - uses: actions/setup-go@v5 + with: + go-version: '^1.23.3' # The Go version to download (if necessary) and use. # Install prerequisites - name: Setup Frogbot uses: jfrog/frogbot@v2