-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1778 from dearchap/add_frogbot
Feature: Add frogbot workflow
- Loading branch information
Showing
3 changed files
with
152 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: "Frogbot Scan and Fix" | ||
on: | ||
push: | ||
# Creating fix pull requests will be triggered by any push to one of the these branches. | ||
# You can add or replace to any branch you want to open fix pull requests for. | ||
branches: | ||
- "main" | ||
- "v1-maint" | ||
- "v2-maint" | ||
schedule: | ||
# The job will run once a day at 00:00 GMT. | ||
- cron: "0 0 * * *" | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
security-events: write | ||
jobs: | ||
create-fix-pull-requests: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
# Install prerequisites | ||
- name: Setup Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: 1.20.x | ||
|
||
- uses: jfrog/frogbot@v2 | ||
env: | ||
# [Mandatory] | ||
# JFrog platform URL | ||
JF_URL: ${{ secrets.JF_URL }} | ||
|
||
# [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
# JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD | ||
JF_USER: ${{ secrets.JF_USER }} | ||
|
||
# [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
# JFrog password. Must be provided with JF_USER | ||
JF_PASSWORD: ${{ secrets.JF_PASSWORD }} | ||
|
||
# [Manadatory] | ||
# The GitHub token automatically generated for the job | ||
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
name: "Frogbot Scan Pull Request" | ||
on: | ||
pull_request_target: | ||
types: [opened, synchronize] | ||
permissions: | ||
pull-requests: write | ||
contents: read | ||
jobs: | ||
scan-pull-request: | ||
runs-on: ubuntu-latest | ||
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the | ||
# "frogbot" GitHub environment can approve the pull request to be scanned. | ||
environment: frogbot | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
|
||
# Install prerequisites | ||
- name: Setup Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: 1.20.x | ||
|
||
- uses: jfrog/frogbot@v2 | ||
env: | ||
# [Mandatory] | ||
# JFrog platform URL | ||
JF_URL: ${{ secrets.JF_URL }} | ||
|
||
# [Mandatory if JF_USER and JF_PASSWORD are not provided] | ||
# JFrog access token with 'read' permissions on Xray service | ||
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | ||
|
||
# [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
# JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD | ||
# JF_USER: ${{ secrets.JF_USER }} | ||
|
||
# [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
# JFrog password. Must be provided with JF_USER | ||
# JF_PASSWORD: ${{ secrets.JF_PASSWORD }} | ||
|
||
# [Mandatory] | ||
# The GitHub token automatically generated for the job | ||
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
# [Optional, default: https://api.github.com] | ||
# API endpoint to GitHub | ||
# JF_GIT_API_ENDPOINT: https://github.example.com | ||
|
||
# [Optional] | ||
# If the machine that runs Frogbot has no access to the internet, set the name of a remote repository | ||
# in Artifactory, which proxies https://releases.jfrog.io | ||
# The 'frogbot' executable and other tools it needs will be downloaded through this repository. | ||
# JF_RELEASES_REPO: "" | ||
|
||
|
||
|
||
########################################################################## | ||
## If your project uses a 'frogbot-config.yml' file, you can define ## | ||
## the following variables inside the file, instead of here. ## | ||
########################################################################## | ||
|
||
# [Optional, default: "."] | ||
# Relative path to the root of the project in the Git repository | ||
# JF_WORKING_DIR: path/to/project/dir | ||
|
||
# [Optional] | ||
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches | ||
# JF_WATCHES: <watch-1>,<watch-2>...<watch-n> | ||
|
||
# [Optional] | ||
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects | ||
# JF_PROJECT: <project-key> | ||
|
||
# [Optional, default: "FALSE"] | ||
# Displays all existing vulnerabilities, including the ones that were added by the pull request. | ||
# JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" | ||
|
||
# [Optional, default: "TRUE"] | ||
# Fails the Frogbot task if any security issue is found. | ||
# JF_FAIL: "FALSE" | ||
|
||
# [Optional] | ||
# Frogbot will download the project dependencies if they're not cached locally. To download the | ||
# dependencies from a virtual repository in Artifactory, set the name of the repository. There's no | ||
# need to set this value, if it is set in the frogbot-config.yml file. | ||
# JF_DEPS_REPO: "" | ||
|
||
# [Optional, Default: "FALSE"] | ||
# If TRUE, Frogbot creates a single pull request with all the fixes. | ||
# If FALSE, Frogbot creates a separate pull request for each fix. | ||
# JF_GIT_AGGREGATE_FIXES: "FALSE" | ||
|
||
# [Optional, Default: "FALSE"] | ||
# Handle vulnerabilities with fix versions only | ||
# JF_FIXABLE_ONLY: "TRUE" | ||
|
||
# [Optional] | ||
# Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests | ||
# The following values are accepted: Low, Medium, High or Critical | ||
# JF_MIN_SEVERITY: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
mkdocs-git-revision-date-localized-plugin~=1.0 | ||
mkdocs-material-extensions~=1.0 | ||
mkdocs-material~=8.2 | ||
mkdocs~=1.3 | ||
pygments~=2.12 |