diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index 856c1f3..790063a 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -5,8 +5,7 @@ on: permissions: pull-requests: write contents: read - # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] - #id-token: write + id-token: write jobs: scan-pull-request: runs-on: ubuntu-latest @@ -18,11 +17,11 @@ jobs: env: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: ${{ vars.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD @@ -151,5 +150,5 @@ jobs: # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD - #with: - #oidc-provider-name: jfrog-github-oidc + with: + oidc-provider-name: guy-github diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index d870262..999db04 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -9,7 +9,7 @@ permissions: pull-requests: write security-events: write # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] - #id-token: write + # id-token: write jobs: scan-repository: runs-on: ubuntu-latest @@ -23,15 +23,15 @@ jobs: env: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: ${{ vars.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD - # JF_USER: ${{ secrets.JF_USER }} + JF_USER: guy-admin # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog password. Must be provided with JF_USER @@ -146,5 +146,5 @@ jobs: # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD - #with: - #oidc-provider-name: jfrog-github-oidc + # with: + # oidc-provider-name: jfrog-github-oidc diff --git a/.github/workflows/npm-example.yml b/.github/workflows/npm-example.yml index 773cfd6..7c69089 100644 --- a/.github/workflows/npm-example.yml +++ b/.github/workflows/npm-example.yml @@ -1,17 +1,19 @@ -name: Push NPM Build to Artifactory +name: guy-demo-npm-build on: workflow_dispatch permissions: actions: read # for detecting the Github Actions environment. id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. contents: read - + jobs: build: runs-on: ubuntu-latest env: JF_PROJECT: ${{ vars.JF_PROJECT_KEY }} - JF_URL: https://${{ vars.JF_URL }}/ + JF_URL: ${{ vars.JF_URL }} + # JFROG_CLI_LOG_LEVEL: DEBUG + DOCKER_IMAGE_NAME: ${{ vars.JF_DOCKER_REPOSITORY }}npm-sample-docker:1.0.${{github.run_number}} defaults: run: working-directory: ./npm/ @@ -20,16 +22,17 @@ jobs: # This action checks out the code from the repository - name: Checkout Code uses: actions/checkout@v4 - + # Download the JFrog CLI and configure using JFrog Project and OIDC provider - uses: jfrog/setup-jfrog-cli@v4 name: Setup JFrog CLI id: setup-cli env: - JF_URL: https://${{ vars.JF_URL }}/ + JF_URL: ${{ vars.JF_URL }} JF_PROJECT: ${{ vars.JF_PROJECT_KEY }} with: - oidc-provider-name: jfrog-github-oidc + oidc-provider-name: guy-github + version: 2.69.0 # This command adds a new server configuration to the JFrog CLI - run: | @@ -39,25 +42,41 @@ jobs: jf rt ping # Configure JFrog CLI for NPM - run: | - jf npmc --repo-deploy=ghjfdemo-ghjf-npm-virt --repo-resolve=ghjfdemo-ghjf-npm-remote - # NPM Install using the CLI + jf pip-config \ + --repo-resolve=pip-virtual \ + --repo-deploy=pip-virtual + jf npmc --repo-deploy=guy-npm-dev --repo-resolve=guy-npm-dev + # run curation audit + - run: | + jf curation-audit + # install npm packages - run: | - jf npm install --build-name=ghdemo-npm-build --build-number=1.0.${{github.run_number}} + npm install + jf npm install # Add GitHub Data to BuildInfo - run: | - jf rt build-add-git ghdemo-npm-build 1.0.${{github.run_number}} + jf rt build-add-git # Collect all Environmental information for NPM Build - run: | - jf rt build-collect-env ghdemo-npm-build 1.0.${{github.run_number}} + jf rt build-collect-env # Using NPM Publish to uplaod the NPM Build - run: | - jf npm publish --build-name=ghdemo-npm-build --build-number=1.0.${{github.run_number}} + jf npm publish + # Build Docker image + - run: | + docker build -t $DOCKER_IMAGE_NAME . + # scan docker image + # - run: | + # jf docker scan $DOCKER_IMAGE_NAME + # Push image to Artifactory + - run: | + jf docker push $DOCKER_IMAGE_NAME # Publish the BuildInfo into Artifactory - run: | - jf rt build-publish ghdemo-npm-build 1.0.${{github.run_number}} + jf rt build-publish # Scan the NPM Build with Xray - run: | - jf build-scan ghdemo-npm-build 1.0.${{github.run_number}} + jf build-scan # Promote the Build from Dev to Production - run: | - jf rt build-promote ghdemo-npm-build 1.0.${{github.run_number}} ghjfdemo-ghjf-npm-prod-local --status=production + jf rt build-promote --status=production diff --git a/.github/workflows/rust-example.yaml b/.github/workflows/rust-example.yaml deleted file mode 100644 index aea6d8c..0000000 --- a/.github/workflows/rust-example.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: Rust & Cargo Build and Deploy -on: workflow_dispatch - -env: - CARGO_TERM_COLOR: always - CARGO_REGISTRIES_CRATES_TOKEN: ${{ secrets.RUST_EXAMPLE_AUTHENTICATION_TOKEN }} - CARGO_REGISTRIES_INNERSOURCE_TOKEN: ${{ secrets.RUST_EXAMPLE_AUTHENTICATION_TOKEN }} - CARGO_REGISTRIES_JFROGQUOTES_TOKEN: ${{ secrets.RUST_EXAMPLE_AUTHENTICATION_TOKEN }} - -jobs: - build-and-publish: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Validate Cargo installation - run: cargo --version - - - name: Build Library - working-directory: ./rust/jfrog_quotes - run: cargo build --release --verbose - - - name: Publish Library To Artifactory - working-directory: ./rust/jfrog_quotes - run: cargo publish --token "Bearer ${{ secrets.RUST_EXAMPLE_AUTHENTICATION_TOKEN }}" - - - name: Build Application - working-directory: ./rust/jfrog_app - run: cargo build --release --verbose - - - name: Publish Application To Artifactory - working-directory: ./rust/jfrog_app - run: cargo publish --token "Bearer ${{ secrets.RUST_EXAMPLE_AUTHENTICATION_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/test-npm-curation.yml b/.github/workflows/test-npm-curation.yml new file mode 100644 index 0000000..028b564 --- /dev/null +++ b/.github/workflows/test-npm-curation.yml @@ -0,0 +1,39 @@ +name: guy-demo-npm-build-curation +on: workflow_dispatch +permissions: + actions: read # for detecting the Github Actions environment. + id-token: write # for creating OIDC tokens for signing. + packages: write # for uploading attestations. + contents: read + +jobs: + build: + runs-on: ubuntu-latest + env: + JF_PROJECT: ${{ vars.JF_PROJECT_KEY }} + JF_URL: ${{ vars.JF_URL }} + # JFROG_CLI_LOG_LEVEL: DEBUG + DOCKER_IMAGE_NAME: ${{ vars.JF_DOCKER_REPOSITORY }}npm-sample-docker:1.0.${{github.run_number}} + defaults: + run: + working-directory: ./npm/ + + steps: + # This action checks out the code from the repository + - name: Checkout Code + uses: actions/checkout@v4 + + # Download the JFrog CLI and configure using JFrog Project and OIDC provider + - uses: jfrog/setup-jfrog-cli@v4 + name: Setup JFrog CLI + id: setup-cli + env: + JF_URL: ${{ vars.JF_URL }} + JF_PROJECT: ${{ vars.JF_PROJECT_KEY }} + with: + oidc-provider-name: guy-github + + # install npm packages + - run: | + jf npmc --repo-deploy=guy-npm-dev --repo-resolve=guy-npm-dev + jf npm install diff --git a/README.md b/README.md index 2a5242a..9aeea4e 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ SolEng team will be placing samples for our customers on the supported packages The Packages being coverage currently: - Nuget / C# -- Cargo / Rust +- Cargo / Rust +- Npm / Javascript [![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot) diff --git a/npm/Dockerfile b/npm/Dockerfile new file mode 100644 index 0000000..93c5d0c --- /dev/null +++ b/npm/Dockerfile @@ -0,0 +1,7 @@ +FROM node +WORKDIR /usr/src/app +COPY package*.json ./ +RUN npm install +COPY . . +EXPOSE 3000 +CMD ["node", "app.js"] diff --git a/npm/fake-creds b/npm/fake-creds new file mode 100644 index 0000000..8c0c9a7 --- /dev/null +++ b/npm/fake-creds @@ -0,0 +1,3 @@ +AKIAJXBOVX5Q2EULDUIA +SqcyDpetv+pCsbNYWHDLE8yR5mJ13MI+4d8NOwtM +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dd diff --git a/npm/package.json b/npm/package.json index 6e8864d..4afa337 100644 --- a/npm/package.json +++ b/npm/package.json @@ -3,7 +3,6 @@ "version": "1.0.0", "description": "", "main": "index.js", - "publishConfig":{"registry":"https://soleng.jfrog.io/artifactory/api/npm/ghjfdemo-ghjf-npm-virt/"}, "scripts": { "dev": "nodemon ./index.js", "ui": "browser-sync start --config bs-config.js" @@ -16,20 +15,20 @@ "nodemon": "^2.0.6" }, "dependencies": { - "babel": "^6.23.0", "express": "^4.17.1", - "hoek": "^2.16.3", "lodash": "^4.17.13", "npm": "^6.14.8", "protobufjs": "^6.11.0", "pug": "^3.0.0", "jsonwebtoken": "^8.5.1", "cors": "^2.8.5", + "cors.js": "0.0.1-security", "mongoose": "^5.7.7", "nodemailer": "^6.3.1", - "nodemailer-mailgun-transport": "^1.4.0", "url-slug": "^2.2.0", "validator": "^12.0.0", - "open-graph": "0.2.6" + "open-graph": "0.2.6", + "parse-url": "^6.0.5", + "undici": "^5.26.2" } }