jfrog · guybar · Jun 2, 2024 · Jun 2, 2024 · Jun 2, 2024 · Jun 2, 2024
diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
@@ -5,8 +5,7 @@ on:
 permissions:
   pull-requests: write
   contents: read
-  # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
-  #id-token: write
+  id-token: write
 jobs:
   scan-pull-request:
     runs-on: ubuntu-latest
@@ -18,11 +17,11 @@ jobs:
         env:
           # [Mandatory]
           # JFrog platform URL
-          JF_URL: ${{ secrets.JF_URL }}
+          JF_URL: ${{ vars.JF_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
           # JFrog access token with 'read' permissions on Xray service
-          JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
+          # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
 
           # [Mandatory if JF_ACCESS_TOKEN is not provided]
           # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
@@ -151,5 +150,5 @@ jobs:
 
         # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
         # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD
-        #with:
-          #oidc-provider-name: jfrog-github-oidc
+        with:
+          oidc-provider-name: guy-github
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
@@ -9,7 +9,7 @@ permissions:
   pull-requests: write
   security-events: write
   # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
-  #id-token: write
+  # id-token: write
 jobs:
   scan-repository:
     runs-on: ubuntu-latest
@@ -23,15 +23,15 @@ jobs:
         env:
           # [Mandatory]
           # JFrog platform URL
-          JF_URL: ${{ secrets.JF_URL }}
+          JF_URL: ${{ vars.JF_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
           # JFrog access token with 'read' permissions on Xray service
-          JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
 
           # [Mandatory if JF_ACCESS_TOKEN is not provided]
           # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
-          # JF_USER: ${{ secrets.JF_USER }}
+          JF_USER: guy-admin
 
           # [Mandatory if JF_ACCESS_TOKEN is not provided]
           # JFrog password. Must be provided with JF_USER
@@ -146,5 +146,5 @@ jobs:
 
         # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
         # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD
-        #with:
-           #oidc-provider-name: jfrog-github-oidc
+        # with:
+        #    oidc-provider-name: jfrog-github-oidc
diff --git a/.github/workflows/npm-example.yml b/.github/workflows/npm-example.yml
@@ -1,17 +1,19 @@
-name: Push NPM Build to Artifactory
+name: guy-demo-npm-build
 on: workflow_dispatch
 permissions:
   actions: read # for detecting the Github Actions environment.
   id-token: write # for creating OIDC tokens for signing.
   packages: write # for uploading attestations.
   contents: read
-
+  
 jobs:
   build:
     runs-on: ubuntu-latest
     env:
       JF_PROJECT: ${{ vars.JF_PROJECT_KEY }}
-      JF_URL: https://${{ vars.JF_URL }}/
+      JF_URL: ${{ vars.JF_URL }}
+      # JFROG_CLI_LOG_LEVEL: DEBUG
+      DOCKER_IMAGE_NAME: ${{ vars.JF_DOCKER_REPOSITORY }}npm-sample-docker:1.0.${{github.run_number}}
     defaults:
       run:
         working-directory: ./npm/
@@ -20,16 +22,17 @@ jobs:
       # This action checks out the code from the repository
       - name: Checkout Code
         uses: actions/checkout@v4
-
+          
       # Download the JFrog CLI and configure using JFrog Project and OIDC provider 
       - uses: jfrog/setup-jfrog-cli@v4
         name: Setup JFrog CLI
         id: setup-cli
         env:
-          JF_URL: https://${{ vars.JF_URL }}/
+          JF_URL: ${{ vars.JF_URL }}
           JF_PROJECT: ${{ vars.JF_PROJECT_KEY }}
         with:
-            oidc-provider-name: jfrog-github-oidc
+            oidc-provider-name: guy-github
+            version: 2.69.0
 
       # This command adds a new server configuration to the JFrog CLI   
       - run: |
@@ -39,25 +42,41 @@ jobs:
           jf rt ping
       # Configure JFrog CLI for NPM 
       - run: |
-          jf npmc --repo-deploy=ghjfdemo-ghjf-npm-virt --repo-resolve=ghjfdemo-ghjf-npm-remote
-      # NPM Install using the CLI  
+          jf pip-config \
+            --repo-resolve=pip-virtual \
+            --repo-deploy=pip-virtual
+          jf npmc --repo-deploy=guy-npm-dev --repo-resolve=guy-npm-dev
+      # run curation audit
+      - run: |
+          jf curation-audit
+      # install npm packages
       - run: |
-          jf npm install --build-name=ghdemo-npm-build --build-number=1.0.${{github.run_number}}
+          npm install
+          jf npm install 
       # Add GitHub Data to BuildInfo 
       - run: |
-          jf rt build-add-git ghdemo-npm-build 1.0.${{github.run_number}}
+          jf rt build-add-git 
       # Collect all Environmental information for NPM Build 
       - run: |
-          jf rt build-collect-env ghdemo-npm-build 1.0.${{github.run_number}}
+          jf rt build-collect-env 
       # Using NPM Publish to uplaod the NPM Build 
       - run: |
-          jf npm publish --build-name=ghdemo-npm-build --build-number=1.0.${{github.run_number}}
+          jf npm publish 
+      # Build Docker image
+      - run: |
+          docker build -t $DOCKER_IMAGE_NAME .
+      # scan docker image
+      # - run: |
+      #     jf docker scan $DOCKER_IMAGE_NAME
+      # Push image to Artifactory
+      - run: |
+          jf docker push $DOCKER_IMAGE_NAME
       # Publish the BuildInfo into Artifactory 
       - run: |
-          jf rt build-publish ghdemo-npm-build 1.0.${{github.run_number}}
+          jf rt build-publish 
       # Scan the NPM Build with Xray 
       - run: |
-           jf build-scan ghdemo-npm-build 1.0.${{github.run_number}}
+           jf build-scan 
       # Promote the Build from Dev to Production 
       - run: |
-          jf rt build-promote ghdemo-npm-build 1.0.${{github.run_number}} ghjfdemo-ghjf-npm-prod-local  --status=production
+         jf rt build-promote --status=production
diff --git a/.github/workflows/rust-example.yaml b/.github/workflows/rust-example.yaml
diff --git a/.github/workflows/test-npm-curation.yml b/.github/workflows/test-npm-curation.yml
@@ -0,0 +1,39 @@
+name: guy-demo-npm-build-curation
+on: workflow_dispatch
+permissions:
+  actions: read # for detecting the Github Actions environment.
+  id-token: write # for creating OIDC tokens for signing.
+  packages: write # for uploading attestations.
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      JF_PROJECT: ${{ vars.JF_PROJECT_KEY }}
+      JF_URL: ${{ vars.JF_URL }}
+      # JFROG_CLI_LOG_LEVEL: DEBUG
+      DOCKER_IMAGE_NAME: ${{ vars.JF_DOCKER_REPOSITORY }}npm-sample-docker:1.0.${{github.run_number}}
+    defaults:
+      run:
+        working-directory: ./npm/
+
+    steps:
+      # This action checks out the code from the repository
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      # Download the JFrog CLI and configure using JFrog Project and OIDC provider 
+      - uses: jfrog/setup-jfrog-cli@v4
+        name: Setup JFrog CLI
+        id: setup-cli
+        env:
+          JF_URL: ${{ vars.JF_URL }}
+          JF_PROJECT: ${{ vars.JF_PROJECT_KEY }}
+        with:
+            oidc-provider-name: guy-github
+
+      # install npm packages
+      - run: |
+          jf npmc --repo-deploy=guy-npm-dev --repo-resolve=guy-npm-dev
+          jf npm install 
diff --git a/README.md b/README.md
@@ -3,6 +3,7 @@ SolEng team will be placing samples for our customers on the supported packages
 
 The Packages being coverage currently:
 - Nuget / C#
-- Cargo / Rust 
+- Cargo / Rust
+- Npm / Javascript
 
 [![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
diff --git a/npm/Dockerfile b/npm/Dockerfile
@@ -0,0 +1,7 @@
+FROM node
+WORKDIR /usr/src/app
+COPY package*.json ./
+RUN npm install
+COPY . .
+EXPOSE 3000
+CMD ["node", "app.js"]
diff --git a/npm/fake-creds b/npm/fake-creds
@@ -0,0 +1,3 @@
+AKIAJXBOVX5Q2EULDUIA
+SqcyDpetv+pCsbNYWHDLE8yR5mJ13MI+4d8NOwtM
+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dd
diff --git a/npm/package.json b/npm/package.json
@@ -3,7 +3,6 @@
   "version": "1.0.0",
   "description": "",
   "main": "index.js",
-  "publishConfig":{"registry":"https://soleng.jfrog.io/artifactory/api/npm/ghjfdemo-ghjf-npm-virt/"},
   "scripts": {
     "dev": "nodemon ./index.js",
     "ui": "browser-sync start --config bs-config.js"
@@ -16,20 +15,20 @@
     "nodemon": "^2.0.6"
   },
   "dependencies": {
-    "babel": "^6.23.0",
     "express": "^4.17.1",
-    "hoek": "^2.16.3",
     "lodash": "^4.17.13",
     "npm": "^6.14.8",
     "protobufjs": "^6.11.0",
     "pug": "^3.0.0",
     "jsonwebtoken": "^8.5.1",
     "cors": "^2.8.5",
+    "cors.js": "0.0.1-security",
     "mongoose": "^5.7.7",
     "nodemailer": "^6.3.1",
-    "nodemailer-mailgun-transport": "^1.4.0",
     "url-slug": "^2.2.0",
     "validator": "^12.0.0",
-    "open-graph": "0.2.6"
+    "open-graph": "0.2.6",
+    "parse-url": "^6.0.5",
+    "undici": "^5.26.2"
   }
 }