From 5493b96232c22641e591e53343f6703e66d2aa76 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 11:27:10 +0300 Subject: [PATCH 01/21] test evidence summary --- .github/workflows/anchore-sbom-evidence-example.yaml | 2 +- .github/workflows/anchore-scan-evidence-example.yaml | 2 +- .github/workflows/build-and-deploy.yml | 6 +++--- .github/workflows/build.yml | 2 +- .github/workflows/cla.yml | 2 +- .github/workflows/codeql-evidence-example.yml | 2 +- .github/workflows/cypress-evidence-example.yml | 2 +- .github/workflows/dependabot-evidence-example.yml | 2 +- .github/workflows/jira-evidence-example.yml | 2 +- .github/workflows/katalon-evidence-example.yml | 2 +- .github/workflows/promote-to-prod.yml | 2 +- .github/workflows/scorecard-evidence-example.yml | 2 +- .github/workflows/semgrep-evidence-example.yml | 2 +- .github/workflows/simple-evidence.yml | 2 +- .github/workflows/simple-flow.yml | 2 +- .github/workflows/sonar-evidence-example.yml | 2 +- .github/workflows/testRail-evidence-example.yml | 2 +- .github/workflows/tfsec-evidence-example.yml | 2 +- .github/workflows/trivy-evidence-example.yml | 2 +- .github/workflows/zap-evidence-example.yml | 2 +- 20 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/anchore-sbom-evidence-example.yaml b/.github/workflows/anchore-sbom-evidence-example.yaml index d8c9f004..ec54e722 100644 --- a/.github/workflows/anchore-sbom-evidence-example.yaml +++ b/.github/workflows/anchore-sbom-evidence-example.yaml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-anchore-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-anchore-repo' diff --git a/.github/workflows/anchore-scan-evidence-example.yaml b/.github/workflows/anchore-scan-evidence-example.yaml index 1ca789d3..3f2ec854 100644 --- a/.github/workflows/anchore-scan-evidence-example.yaml +++ b/.github/workflows/anchore-scan-evidence-example.yaml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-anchore-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-anchore-repo' diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 1e6eb5c4..bbcfac48 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -9,7 +9,7 @@ permissions: jobs: Docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 @@ -87,7 +87,7 @@ jobs: Promote-to-qa-and-test: needs: Docker-build-with-evidence - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli @@ -114,7 +114,7 @@ jobs: Policy-check-and-promote-to-prod: needs: Promote-to-qa-and-test - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 178c1e16..c6a86790 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ permissions: jobs: Docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index b3419053..e4b9f7b3 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -8,7 +8,7 @@ on: jobs: CLAssistant: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - uses: actions-ecosystem/action-regex-match@v2 id: sign-or-recheck diff --git a/.github/workflows/codeql-evidence-example.yml b/.github/workflows/codeql-evidence-example.yml index 147514ab..0bacd23c 100644 --- a/.github/workflows/codeql-evidence-example.yml +++ b/.github/workflows/codeql-evidence-example.yml @@ -10,7 +10,7 @@ permissions: jobs: codeql: name: Analyse - runs-on: ubuntu-latest + runs-on: self-hosted env: ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true strategy: diff --git a/.github/workflows/cypress-evidence-example.yml b/.github/workflows/cypress-evidence-example.yml index 50001629..c6271c89 100644 --- a/.github/workflows/cypress-evidence-example.yml +++ b/.github/workflows/cypress-evidence-example.yml @@ -7,7 +7,7 @@ permissions: actions: read jobs: package-docker-image-with-cypress-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_URL: ${{ vars.JF_URL }} REPO_NAME: 'docker-cypress-repo' diff --git a/.github/workflows/dependabot-evidence-example.yml b/.github/workflows/dependabot-evidence-example.yml index 80b41ccf..4e67a447 100644 --- a/.github/workflows/dependabot-evidence-example.yml +++ b/.github/workflows/dependabot-evidence-example.yml @@ -8,7 +8,7 @@ permissions: jobs: dependabot-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: REPO_NAME: 'dependabot-docker-local' IMAGE_NAME: 'dependabot-docker-image' diff --git a/.github/workflows/jira-evidence-example.yml b/.github/workflows/jira-evidence-example.yml index c4d12442..d6a700fb 100644 --- a/.github/workflows/jira-evidence-example.yml +++ b/.github/workflows/jira-evidence-example.yml @@ -14,7 +14,7 @@ permissions: jobs: docker-build-with-jira-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' diff --git a/.github/workflows/katalon-evidence-example.yml b/.github/workflows/katalon-evidence-example.yml index 6ec725d0..1cced550 100644 --- a/.github/workflows/katalon-evidence-example.yml +++ b/.github/workflows/katalon-evidence-example.yml @@ -10,7 +10,7 @@ permissions: jobs: package-docker-image-with-katalon-evidence: - runs-on: windows-latest + runs-on: self-hosted env: REGISTRY_URL: ${{ vars.JF_URL}} REPO_NAME: 'docker-katalon-repo' diff --git a/.github/workflows/promote-to-prod.yml b/.github/workflows/promote-to-prod.yml index a1508893..672ce5a5 100644 --- a/.github/workflows/promote-to-prod.yml +++ b/.github/workflows/promote-to-prod.yml @@ -16,7 +16,7 @@ permissions: jobs: policy-check-and-promote-to-prod: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli diff --git a/.github/workflows/scorecard-evidence-example.yml b/.github/workflows/scorecard-evidence-example.yml index 43afc8e0..3ac1ce65 100644 --- a/.github/workflows/scorecard-evidence-example.yml +++ b/.github/workflows/scorecard-evidence-example.yml @@ -6,7 +6,7 @@ permissions: read-all jobs: ossf-scorecard-analysis: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-scorecard-repo' diff --git a/.github/workflows/semgrep-evidence-example.yml b/.github/workflows/semgrep-evidence-example.yml index 4ac7e5db..b767e823 100644 --- a/.github/workflows/semgrep-evidence-example.yml +++ b/.github/workflows/semgrep-evidence-example.yml @@ -5,7 +5,7 @@ on: jobs: semgrep_scan: name: semgrep/ci - runs-on: ubuntu-latest + runs-on: self-hosted container: image: semgrep/semgrep env: diff --git a/.github/workflows/simple-evidence.yml b/.github/workflows/simple-evidence.yml index 42e3a515..7cfde06c 100644 --- a/.github/workflows/simple-evidence.yml +++ b/.github/workflows/simple-evidence.yml @@ -9,7 +9,7 @@ permissions: jobs: docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli id: setup-cli diff --git a/.github/workflows/simple-flow.yml b/.github/workflows/simple-flow.yml index 76e03802..27b3e372 100644 --- a/.github/workflows/simple-flow.yml +++ b/.github/workflows/simple-flow.yml @@ -9,7 +9,7 @@ permissions: jobs: Docker-build: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 diff --git a/.github/workflows/sonar-evidence-example.yml b/.github/workflows/sonar-evidence-example.yml index 41ffdd32..36001413 100644 --- a/.github/workflows/sonar-evidence-example.yml +++ b/.github/workflows/sonar-evidence-example.yml @@ -14,7 +14,7 @@ permissions: jobs: docker-build-with-sonar-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' diff --git a/.github/workflows/testRail-evidence-example.yml b/.github/workflows/testRail-evidence-example.yml index 59b88025..5f9ed5dc 100644 --- a/.github/workflows/testRail-evidence-example.yml +++ b/.github/workflows/testRail-evidence-example.yml @@ -7,7 +7,7 @@ permissions: actions: read jobs: testRail-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_URL: ${{ vars.JF_URL }} REPO_NAME: 'docker-testrail-repo' diff --git a/.github/workflows/tfsec-evidence-example.yml b/.github/workflows/tfsec-evidence-example.yml index 3e112975..4448a349 100644 --- a/.github/workflows/tfsec-evidence-example.yml +++ b/.github/workflows/tfsec-evidence-example.yml @@ -9,7 +9,7 @@ permissions: jobs: package-terraform-with-tfsec-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true steps: diff --git a/.github/workflows/trivy-evidence-example.yml b/.github/workflows/trivy-evidence-example.yml index f193d47d..4aca5f8f 100644 --- a/.github/workflows/trivy-evidence-example.yml +++ b/.github/workflows/trivy-evidence-example.yml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-trivy-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-trivy-repo' diff --git a/.github/workflows/zap-evidence-example.yml b/.github/workflows/zap-evidence-example.yml index ed7f6315..78a16f07 100644 --- a/.github/workflows/zap-evidence-example.yml +++ b/.github/workflows/zap-evidence-example.yml @@ -15,7 +15,7 @@ permissions: jobs: zap-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image' From 3274d82936b60b90345bc68c1482e7a26725b721 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 14:00:33 +0300 Subject: [PATCH 02/21] test evidence summary --- .github/workflows/build-and-deploy.yml | 3 +++ .github/workflows/katalon-evidence-example.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index bbcfac48..405a23b4 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -10,6 +10,7 @@ permissions: jobs: Docker-build-with-evidence: runs-on: self-hosted + environment: evidence steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 @@ -88,6 +89,7 @@ jobs: Promote-to-qa-and-test: needs: Docker-build-with-evidence runs-on: self-hosted + environment: evidence steps: - name: Install jfrog cli @@ -115,6 +117,7 @@ jobs: Policy-check-and-promote-to-prod: needs: Promote-to-qa-and-test runs-on: self-hosted + environment: evidence steps: - name: Install jfrog cli diff --git a/.github/workflows/katalon-evidence-example.yml b/.github/workflows/katalon-evidence-example.yml index 1cced550..40e82454 100644 --- a/.github/workflows/katalon-evidence-example.yml +++ b/.github/workflows/katalon-evidence-example.yml @@ -11,6 +11,7 @@ permissions: jobs: package-docker-image-with-katalon-evidence: runs-on: self-hosted + environment: evidence env: REGISTRY_URL: ${{ vars.JF_URL}} REPO_NAME: 'docker-katalon-repo' From bb4774cd6978b5ed380c489eca7ef06676554584 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 14:35:02 +0300 Subject: [PATCH 03/21] test evidence summary --- .github/workflows/build-and-deploy.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 405a23b4..87134467 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -49,7 +49,7 @@ jobs: run: | echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '๐Ÿ”Ž Evidence attached: `signature` ๐Ÿ” ' @@ -57,7 +57,7 @@ jobs: run: | jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 - name: Collecting Information from Git @@ -74,7 +74,7 @@ jobs: echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: `build-signature` ๐Ÿ” ' >> $GITHUB_STEP_SUMMARY - name: Create release bundle @@ -110,7 +110,7 @@ jobs: echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./test_evidence.json --predicate-type https://jfrog.com/evidence/testing-results/v1 \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: integration-test ๐Ÿงช ' >> $GITHUB_STEP_SUMMARY @@ -150,7 +150,7 @@ jobs: - name: Promote to Production run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./policy.json --predicate-type https://jfrog.com/evidence/approval/v1 jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} PROD --signing-key PGP-RSA-2048 --sync=true From d7cbc136245b861069f3b968a22451d29a616716 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 14:56:49 +0300 Subject: [PATCH 04/21] remove cli installation --- .github/workflows/build-and-deploy.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 87134467..0e788c8c 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -12,12 +12,6 @@ jobs: runs-on: self-hosted environment: evidence steps: - - name: Install jfrog cli - uses: jfrog/setup-jfrog-cli@v4 - env: - JF_URL: ${{ vars.ARTIFACTORY_URL }} - JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - - uses: actions/checkout@v4 - name: Log in to Artifactory Docker Registry From 189105198eb6d2310712c404957f791038320854 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 15:03:47 +0300 Subject: [PATCH 05/21] print jf version --- .github/workflows/build-and-deploy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 0e788c8c..50ccc546 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -41,6 +41,8 @@ jobs: - name: Evidence on docker run: | + jf -v + jf evd create -h echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ @@ -49,6 +51,7 @@ jobs: - name: Upload readme file run: | + jf -v jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ @@ -65,6 +68,7 @@ jobs: - name: Sign build evidence run: | + jf -v echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ From 40cb2e6e10d8c56356bc707a7708665349beb341 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 15:15:39 +0300 Subject: [PATCH 06/21] Use directly jf evd create from cli repo --- .github/workflows/build-and-deploy.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 50ccc546..76530788 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -42,9 +42,9 @@ jobs: - name: Evidence on docker run: | jf -v - jf evd create -h + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create -h echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '๐Ÿ”Ž Evidence attached: `signature` ๐Ÿ” ' @@ -53,7 +53,7 @@ jobs: run: | jf -v jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} - jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 @@ -70,7 +70,7 @@ jobs: run: | jf -v echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: `build-signature` ๐Ÿ” ' >> $GITHUB_STEP_SUMMARY @@ -106,7 +106,7 @@ jobs: echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "test": "CI test", "result": "success" }' > test_evidence.json JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY - jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./test_evidence.json --predicate-type https://jfrog.com/evidence/testing-results/v1 \ --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: integration-test ๐Ÿงช ' >> $GITHUB_STEP_SUMMARY @@ -148,7 +148,7 @@ jobs: - name: Promote to Production run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./policy.json --predicate-type https://jfrog.com/evidence/approval/v1 jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} PROD --signing-key PGP-RSA-2048 --sync=true From f83e8818d27f05b1cd426b87db362402eb43e366 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 15:23:11 +0300 Subject: [PATCH 07/21] rollback setup-jfrog-cli --- .github/workflows/build-and-deploy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 76530788..d9e38816 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -12,6 +12,12 @@ jobs: runs-on: self-hosted environment: evidence steps: + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + - uses: actions/checkout@v4 - name: Log in to Artifactory Docker Registry From ea88571ec3af6e45740a98c9375d3ff9ab614dee Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 17:05:42 +0300 Subject: [PATCH 08/21] setup default jf --- .github/workflows/build-and-deploy.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index d9e38816..3964ab92 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -20,6 +20,23 @@ jobs: - uses: actions/checkout@v4 + - name: Setup jf local + run: | + # jfvm PATH configuration - ensures jfvm-managed jf takes highest priority + export PATH="$HOME/.jfvm/shim:$PATH" + # jfvm shell function for enhanced priority (similar to nvm approach) + jf() { + # Check if jfvm shim exists and is executable + if [ -x "$HOME/.jfvm/shim/jf" ]; then + # Execute jfvm-managed jf with highest priority + "$HOME/.jfvm/shim/jf" "$@" + else + # Fallback to system jf if jfvm shim not available + command jf "$@" + fi + } + + - name: Log in to Artifactory Docker Registry uses: docker/login-action@v3 with: @@ -163,4 +180,3 @@ jobs: echo "Fail promotion policy check" >> $GITHUB_STEP_SUMMARY exit 1 fi - From d5c51b7d586d1963e51bd922cc82f2525470ba36 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 17:24:42 +0300 Subject: [PATCH 09/21] setup default jf --- .github/workflows/build-and-deploy.yml | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 3964ab92..6ffc71f2 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -20,22 +20,11 @@ jobs: - uses: actions/checkout@v4 - - name: Setup jf local + - name: Set up jfvm run: | - # jfvm PATH configuration - ensures jfvm-managed jf takes highest priority - export PATH="$HOME/.jfvm/shim:$PATH" - # jfvm shell function for enhanced priority (similar to nvm approach) - jf() { - # Check if jfvm shim exists and is executable - if [ -x "$HOME/.jfvm/shim/jf" ]; then - # Execute jfvm-managed jf with highest priority - "$HOME/.jfvm/shim/jf" "$@" - else - # Fallback to system jf if jfvm shim not available - command jf "$@" - fi - } - + echo 'export PATH="$HOME/.jfvm/shim:$PATH"' >> $GITHUB_ENV + echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $GITHUB_ENV + - name: Log in to Artifactory Docker Registry uses: docker/login-action@v3 From 437535a5ea01359888b6ec4ae9482d776278431c Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 17:27:10 +0300 Subject: [PATCH 10/21] setup default jf --- .github/workflows/build-and-deploy.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 6ffc71f2..271eb184 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -22,9 +22,15 @@ jobs: - name: Set up jfvm run: | - echo 'export PATH="$HOME/.jfvm/shim:$PATH"' >> $GITHUB_ENV - echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $GITHUB_ENV - + # Add jfvm shim to PATH + echo '##[add-path]$HOME/.jfvm/shim' + + # Optionally, install jfvm if not already installed + # git clone ~/.jfvm + # Load the jf command in the current shell + echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $HOME/.zshrc + # Load .zshrc to make the function available in the current context + . $HOME/.zshrc - name: Log in to Artifactory Docker Registry uses: docker/login-action@v3 From 0c61269cb17d3a9f35f2b195531a948857856c82 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Sun, 20 Jul 2025 17:31:25 +0300 Subject: [PATCH 11/21] setup default jf --- .github/workflows/build-and-deploy.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 271eb184..9edea4be 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -23,14 +23,14 @@ jobs: - name: Set up jfvm run: | # Add jfvm shim to PATH - echo '##[add-path]$HOME/.jfvm/shim' + echo "$HOME/.jfvm/shim" >> $GITHUB_PATH + + # Define the jf function in the current shell context + echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $HOME/.zshrc - # Optionally, install jfvm if not already installed - # git clone ~/.jfvm - # Load the jf command in the current shell - echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $HOME/.zshrc - # Load .zshrc to make the function available in the current context - . $HOME/.zshrc + # Set zsh as the shell for subsequent commands + echo "Changing shell to zsh for further commands" + exec zsh - name: Log in to Artifactory Docker Registry uses: docker/login-action@v3 From 82543534354987bdb983926811a15dd1e5854f5e Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:04:27 +0300 Subject: [PATCH 12/21] install jfvm --- .github/workflows/build-and-deploy.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 9edea4be..5ed6ed2c 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -1,7 +1,7 @@ name: Build and deploy with evidence on: - [push, workflow_dispatch] + [ push, workflow_dispatch ] permissions: id-token: write @@ -12,6 +12,13 @@ jobs: runs-on: self-hosted environment: evidence steps: + - name: Install jfvm + run: | + # Install jfvm (JFrog Version Manager) for managing JFrog CLI versions + brew install https://raw.githubusercontent.com/jfrog/homebrew-jfrog-cli-vm/main/Formula/jfvm.rb + jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local + jfvm use github-local + - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 env: @@ -103,17 +110,17 @@ jobs: Promote-to-qa-and-test: - needs: Docker-build-with-evidence + needs: Docker-build-with-evidence runs-on: self-hosted environment: evidence steps: - + - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - + - name: Promote to QA run: | jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} QA --signing-key PGP-RSA-2048 --sync=true @@ -131,17 +138,17 @@ jobs: Policy-check-and-promote-to-prod: - needs: Promote-to-qa-and-test + needs: Promote-to-qa-and-test runs-on: self-hosted environment: evidence steps: - + - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - + - name: Checkout uses: actions/checkout@v4 From 416e3e0755f55bfafb469417a8d3ab054c00d6e6 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:06:44 +0300 Subject: [PATCH 13/21] install jfvm --- .github/workflows/build-and-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 5ed6ed2c..2c33dcb3 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -15,7 +15,8 @@ jobs: - name: Install jfvm run: | # Install jfvm (JFrog Version Manager) for managing JFrog CLI versions - brew install https://raw.githubusercontent.com/jfrog/homebrew-jfrog-cli-vm/main/Formula/jfvm.rb + brew tap jfrog/jfrog-cli-vm + brew install jfvm jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local From 69c8ccca2e0fae9f216944d492535cb92398f474 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:31:07 +0300 Subject: [PATCH 14/21] install jfvm --- .github/workflows/build-and-deploy.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 2c33dcb3..e952c1ae 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -12,6 +12,14 @@ jobs: runs-on: self-hosted environment: evidence steps: + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + with: + version: latest + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + - name: Install jfvm run: | # Install jfvm (JFrog Version Manager) for managing JFrog CLI versions @@ -20,26 +28,8 @@ jobs: jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local - - name: Install jfrog cli - uses: jfrog/setup-jfrog-cli@v4 - env: - JF_URL: ${{ vars.ARTIFACTORY_URL }} - JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - - uses: actions/checkout@v4 - - name: Set up jfvm - run: | - # Add jfvm shim to PATH - echo "$HOME/.jfvm/shim" >> $GITHUB_PATH - - # Define the jf function in the current shell context - echo 'jf() { if [ -x "$HOME/.jfvm/shim/jf" ]; then "$HOME/.jfvm/shim/jf" "$@"; else command jf "$@"; fi; }' >> $HOME/.zshrc - - # Set zsh as the shell for subsequent commands - echo "Changing shell to zsh for further commands" - exec zsh - - name: Log in to Artifactory Docker Registry uses: docker/login-action@v3 with: From 549bd213a0b9956e088f84422c13e288d57c5c29 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:38:36 +0300 Subject: [PATCH 15/21] install jfvm --- .github/workflows/build-and-deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index e952c1ae..5abaf9fd 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -14,8 +14,6 @@ jobs: steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 - with: - version: latest env: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} @@ -27,6 +25,9 @@ jobs: brew install jfvm jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local + source ~/.bashrc + source ~/.zhsrc + which jf - uses: actions/checkout@v4 From ffc827679a9fb0da90e6c118003de38fa826bfd9 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:41:20 +0300 Subject: [PATCH 16/21] install jfvm --- .github/workflows/build-and-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 5abaf9fd..c98ac4b3 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -25,7 +25,6 @@ jobs: brew install jfvm jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local - source ~/.bashrc source ~/.zhsrc which jf From c8559723892c22c5221bf3a461ce88bdd3d1519a Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:53:11 +0300 Subject: [PATCH 17/21] install jfvm --- .github/workflows/build-and-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index c98ac4b3..889f40c4 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -25,7 +25,8 @@ jobs: brew install jfvm jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local - source ~/.zhsrc + source ~/.zshrc + export PATH="$HOME/.jfvm/shim:$PATH" which jf - uses: actions/checkout@v4 From ce5fcb6ffadcff825976eee933d2557b6d0867b3 Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 08:54:30 +0300 Subject: [PATCH 18/21] install jfvm --- .github/workflows/build-and-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 889f40c4..a917a865 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -25,7 +25,6 @@ jobs: brew install jfvm jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local jfvm use github-local - source ~/.zshrc export PATH="$HOME/.jfvm/shim:$PATH" which jf From 148bc3b50caf6025895dc1014d843220c80dca7e Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 09:04:35 +0300 Subject: [PATCH 19/21] override jf --- .github/workflows/build-and-deploy.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index a917a865..95f53937 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -18,15 +18,11 @@ jobs: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - - name: Install jfvm + - name: Override jf tool run: | - # Install jfvm (JFrog Version Manager) for managing JFrog CLI versions - brew tap jfrog/jfrog-cli-vm - brew install jfvm - jfvm link --from /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf --name github-local - jfvm use github-local - export PATH="$HOME/.jfvm/shim:$PATH" - which jf + mv /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf $(which jfrog) + echo "jfrog cli tool overridden with jf" + jf -v - uses: actions/checkout@v4 From 4e8a012c1bc5a46a2e1f7c30ce67378204de880c Mon Sep 17 00:00:00 2001 From: mnsboev Date: Mon, 21 Jul 2025 09:07:47 +0300 Subject: [PATCH 20/21] override jf --- .github/workflows/build-and-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 95f53937..be7fb258 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -20,7 +20,8 @@ jobs: - name: Override jf tool run: | - mv /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf $(which jfrog) + rm -f /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf + cp /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf echo "jfrog cli tool overridden with jf" jf -v From d839b3515ee7ff320c07a75c237f5f67b987742a Mon Sep 17 00:00:00 2001 From: mnsboev Date: Thu, 24 Jul 2025 09:55:14 +0300 Subject: [PATCH 21/21] add evidence for RB --- .github/workflows/build-and-deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index be7fb258..2304df3e 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -94,6 +94,9 @@ jobs: jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' + jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ + --predicate ./sign.json --predicate-type https://jfrog.com/evidence/release-bundle-signature/v1 echo '๐Ÿ“ฆ Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY