diff --git a/.frogbot/frogbot-config.yml b/.frogbot/frogbot-config.yml new file mode 100644 index 0000000..9979b54 --- /dev/null +++ b/.frogbot/frogbot-config.yml @@ -0,0 +1,49 @@ +- params: + git: + repoName: jfrog-github-example + branches: + - byron-test + - main + # Frogbot scanning parameters + scan: + # [Default: false] + # Frogbot displays all existing vulnerabilities, including the ones that were not added by the pull request + # includeAllVulnerabilities: true + + # [Default: true] + # Frogbot does not fail the task if security issues are found and this parameter is set to false + # failOnSecurityIssues: false + + # List of subprojects / project dirs inside the Git repository + #projects: + # [Mandatory for projects which use npm, yarn 2, nuget and dotnet to download their dependencies] + # Installation command (e.g. npm i, nuget restore) + # - installCommand: "" + + # [Default: root directory] + # List of relative path's to the projects directories in the git repository + # workingDirs: + # - "." + + # [Mandatory for pip only if using requirements file, Default: pip install .] + # The requirements file name that used to install dependencies in case of pip package manager + # pipRequirementsFile: "" + + # [Default: true] + # Use Gradle Wrapper (gradlew/gradlew.bat) to run Gradle + # useWrapper: true + + # [Optional] + # Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from + # repository: "" + + # JFrog Platform parameters + #jfrogPlatform: + # [Optional] + # JFrog project key. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Projects) + # jfrogProjectKey: "" + + # [Optional] + # Xray Watches. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) + # watches: + # - "" diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 06ec1f1..abe5154 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -12,9 +12,9 @@ jobs: build-publish-python: runs-on: ubuntu-latest env: - DOCKER_REPO: 'codeninjas-proj-docker-local' - IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' - JF_URL: https://${{ vars.JF_URL }}/ + DOCKER_REPO: 'jfrog-example' + IMAGE_NAME: 'jfrog-example-image:${{ github.run_number }}' + JF_URL: ${{ vars.JF_URL }} DOCKER_CLI_EXPERIMENTAL: enabled steps: # Use the specific setup-cli branch @@ -22,15 +22,11 @@ jobs: uses: jfrog/setup-jfrog-cli@v4 id: setup-cli env: - JF_URL: https://${{ vars.JF_URL }}/ + JF_URL: ${{ vars.JF_URL }} JF_PROJECT: ${{ vars.JF_PROJECT }} - with: - oidc-provider-name: jfrog-github-oidc - + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - name: Checkout the repository uses: actions/checkout@v4 - - - name: configure jfrog environment run: | # Use a curated repository for python dependencies resolution @@ -52,9 +48,13 @@ jobs: - name: publish python package run: | - jf rt u dist/ codeninjas-proj-python-virtual/example-projects/ --module=jfrog-python-example + jf rt u dist/ byron-py-pypi/ --module=jfrog-python-example + - name: Publish Build info With JFrog CLI + run: | + jf rt build-collect-env + jf rt build-add-git + jf rt build-publish - - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -62,8 +62,8 @@ jobs: uses: docker/login-action@v3 with: registry: ${{ vars.JF_URL }} - username: ${{ steps.setup-cli.outputs.oidc-user }} - password: ${{ steps.setup-cli.outputs.oidc-token }} + username: ${{ vars.JF_USER }} + password: ${{ secrets.JF_ACCESS_TOKEN }} - name: Setup buildx instance uses: docker/setup-buildx-action@v3 @@ -76,12 +76,12 @@ jobs: run: | docker buildx ls jf docker --version - jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --platform linux/amd64,linux/arm64 --metadata-file metadata.json --push . + jf docker build --tag ${{ vars.JF_URL_NO_HTTP }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --platform linux/amd64,linux/arm64 --metadata-file metadata.json --push . - name: docker scan run: | - jf docker pull ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} - jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} + jf docker pull ${{ vars.JF_URL_NO_HTTP }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} + jf docker scan ${{ vars.JF_URL_NO_HTTP }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} #- name: docker build # run: | # jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-amd64 --platform linux/amd64 --load . @@ -109,7 +109,7 @@ jobs: echo "----------------" digest=$(cat metadata.json | jq '.["containerimage.digest"]') echo "digest=$digest" - echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@$digest" > metadata.json + echo "${{ vars.JF_URL_NO_HTTP }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@$digest" > metadata.json jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json - name: publish build info diff --git a/.github/workflows/byron-test-build.yml b/.github/workflows/byron-test-build.yml new file mode 100644 index 0000000..3680b07 --- /dev/null +++ b/.github/workflows/byron-test-build.yml @@ -0,0 +1,41 @@ +name: Byron Build and Tag Docker Image + +on: + push: + branches: + - main + +jobs: + build-and-tag: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + - name: Build Tag and push Docker Image + env: + IMAGE_NAME: infomagnus.jfrog.io/byron-im-docker/jfrog-docker-example-image:${{ github.run_number }} + run: | + jf docker build -t $IMAGE_NAME . + jf docker push $IMAGE_NAME + + - name: Publish Build info With JFrog CLI + env: + # Generated and maintained by GitHub + JFROG_CLI_BUILD_NAME: jfrog-docker-build-example + # JFrog organization secret + JFROG_CLI_BUILD_NUMBER : ${{ github.run_number }} + run: | + # Export the build name and build nuber + # Collect environment variables for the build + jf rt build-collect-env + # Collect VCS details from git and add them to the build + jf rt build-add-git + # Publish build info + jf rt build-publish diff --git a/.github/workflows/forgbot-scan-repository.yml b/.github/workflows/forgbot-scan-repository.yml new file mode 100644 index 0000000..6dabcb6 --- /dev/null +++ b/.github/workflows/forgbot-scan-repository.yml @@ -0,0 +1,50 @@ +name: "Frogbot Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write + # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # id-token: write +jobs: + scan-repository: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: ["byron-test"] + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ vars.JF_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which Frogbot will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} + + # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD + # with: + # oidc-provider-name: "byron-juice-shop" diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml index f34595c..199af0a 100644 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -1,73 +1,26 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. -# Frogbot Scan and Fix does the following: -# Automatically creates pull requests with fixes for vulnerable project dependencies. -# Uses JFrog Xray to scan the project. -# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot - -# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - name: "Frogbot Scan and Fix" on: push: - branches: [ "main" ] + branches: [ "main", "byron-test" ] permissions: contents: write pull-requests: write security-events: write - id-token: write + # id-token: write jobs: create-fix-pull-requests: runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: ["byron-test"] steps: - uses: actions/checkout@v4 - # IMPORTANT: - # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix - # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - - uses: jfrog/frogbot@v2 - with: - oidc-provider-name: jfrog-github-oidc env: - # [Mandatory if the two conditions below are met] - # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies - # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. - # - # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") - # JF_INSTALL_DEPS_CMD: "" - - # [Mandatory] - # JFrog platform URL - JF_URL: https://${{ vars.JF_URL }}/ - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - #JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD - # JF_USER: ${{ secrets.JF_USER }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog password. Must be provided with JF_USER - # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} - - # [Mandatory] - # The GitHub token automatically generated for the job + JF_URL: ${{ vars.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # [Optional] - # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository - # in Artifactory, which proxies https://releases.jfrog.io/artifactory - # The 'frogbot' executable and other tools it needs will be downloaded through this repository. - # JF_RELEASES_REPO: "" - - # [Optional] - # Frogbot will download the project dependencies, if they're not cached locally. To download the - # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no - # need to set this value, if it is set in the frogbot-config.yml file. - # JF_DEPS_REPO: "" - JF_PROJECT: ${{ vars.JF_PROJECT }} + #JF_PROJECT: ${{ vars.JF_PROJECT }} + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index fc3f6ab..4549d74 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -34,8 +34,8 @@ jobs: # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - uses: jfrog/frogbot@v2 - with: - oidc-provider-name: jfrog-github-oidc + # with: + # oidc-provider-name: "byron-juice-shop" env: JFROG_CLI_LOG_LEVEL: DEBUG # [Mandatory if the two conditions below are met] @@ -47,11 +47,11 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: https://${{ vars.JF_URL }}/ + JF_URL: ${{ vars.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service - #JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD @@ -76,4 +76,4 @@ jobs: # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no # need to set this value, if it is set in the frogbot-config.yml file. # JF_DEPS_REPO: "" - JF_PROJECT: ${{ vars.JF_PROJECT }} + #JF_PROJECT: ${{ vars.JF_PROJECT }} diff --git a/pythonExample/pythonProj.py b/pythonExample/pythonProj.py index 6051547..57b64b8 100644 --- a/pythonExample/pythonProj.py +++ b/pythonExample/pythonProj.py @@ -16,5 +16,5 @@ def arc4_encrypt_password(key, password): return hashlib.md5(encrypted_password).hexdigest() # Now you can call printme function -printme("Hello from JFROG"); +printme("Hello from JFROG and InfoMagnus!"); printme("this is a log line that is monitored by the team and will cause alerts") diff --git a/requirements.txt b/requirements.txt index 411c6bd..dcdd61f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ PyYAML>3.11 -nltk -redis == 4.6.0 \ No newline at end of file + diff --git a/setup.py b/setup.py index 366b5ea..6bbc88f 100644 --- a/setup.py +++ b/setup.py @@ -10,5 +10,5 @@ author_email='jfrog@jfrog.com', url='https://github.com/carmithersh/carmit-testing', packages=['pythonExample'], - install_requires=['PyYAML>3.11', 'nltk'], + install_requires=['PyYAML>3.11'], )