mnsboev · mnsboev · Jul 20, 2025 · Jul 20, 2025 · Jul 20, 2025 · Jul 20, 2025
diff --git a/.github/workflows/anchore-sbom-evidence-example.yaml b/.github/workflows/anchore-sbom-evidence-example.yaml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   package-docker-image-with-anchore-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_DOMAIN: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-anchore-repo'

diff --git a/.github/workflows/anchore-scan-evidence-example.yaml b/.github/workflows/anchore-scan-evidence-example.yaml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   package-docker-image-with-anchore-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_DOMAIN: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-anchore-repo'

diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -1,22 +1,30 @@
 name: Build and deploy with evidence
 
 on:
-  [push, workflow_dispatch]
+  [ push, workflow_dispatch ]
 
 permissions:
   id-token: write
   contents: read
 
 jobs:
   Docker-build-with-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
+    environment: evidence
     steps:
       - name: Install jfrog cli
         uses: jfrog/setup-jfrog-cli@v4
         env:
           JF_URL: ${{ vars.ARTIFACTORY_URL }}
           JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
 
+      - name: Override jf tool
+        run: |
+          rm -f /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf
+          cp /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf
+          echo "jfrog cli tool overridden with jf"
+          jf -v
+
       - uses: actions/checkout@v4
 
       - name: Log in to Artifactory Docker Registry
@@ -46,17 +54,20 @@ jobs:
 
       - name: Evidence on docker
         run: |
+          jf -v
+          /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create -h
           echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json
-          jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \
-            --key "${{ secrets.PRIVATE_KEY }}"  --key-alias KEY-ALIAS \
+          /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \
+            --key "${{ secrets.PRIVATE_KEY }}"  --key-alias MISHAS-KEY \
             --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 
           echo '🔎 Evidence attached: `signature` 🔏 ' 
 
       - name: Upload readme file
         run: |
+          jf -v
           jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }}
-          jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \
-            --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS  \
+          /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \
+            --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY  \
             --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1
 
       - name: Collecting Information from Git
@@ -70,10 +81,11 @@ jobs:
 
       - name: Sign build evidence
         run: |
+          jf -v
           echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json
-          jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \
+          /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \
             --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \
-            --key "${{ secrets.PRIVATE_KEY }}"  --key-alias KEY-ALIAS
+            --key "${{ secrets.PRIVATE_KEY }}"  --key-alias MISHAS-KEY
           echo '🔎 Evidence attached: `build-signature` 🔏 ' >> $GITHUB_STEP_SUMMARY
 
       - name: Create release bundle
@@ -82,20 +94,24 @@ jobs:
           jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true
           NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion'
           VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion'
+          jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \
+            --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \
+            --predicate ./sign.json --predicate-type https://jfrog.com/evidence/release-bundle-signature/v1
           echo '📦 Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY
 
 
   Promote-to-qa-and-test:
-    needs: Docker-build-with-evidence    
-    runs-on: ubuntu-latest
+    needs: Docker-build-with-evidence
+    runs-on: self-hosted
+    environment: evidence
     steps:
-    
+
       - name: Install jfrog cli
         uses: jfrog/setup-jfrog-cli@v4
         env:
           JF_URL: ${{ vars.ARTIFACTORY_URL }}
           JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
-          
+
       - name: Promote to QA
         run: |
           jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} QA --signing-key PGP-RSA-2048 --sync=true
@@ -106,23 +122,24 @@ jobs:
           echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "test": "CI test", "result": "success" }' > test_evidence.json
           JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion'
           echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY
-          jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \
+          /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \
             --predicate ./test_evidence.json --predicate-type https://jfrog.com/evidence/testing-results/v1 \
-            --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS
+            --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY
           echo '🔎 Evidence attached: integration-test 🧪 ' >> $GITHUB_STEP_SUMMARY
 
 
   Policy-check-and-promote-to-prod:
-    needs: Promote-to-qa-and-test    
-    runs-on: ubuntu-latest
+    needs: Promote-to-qa-and-test
+    runs-on: self-hosted
+    environment: evidence
     steps:
-    
+
       - name: Install jfrog cli
         uses: jfrog/setup-jfrog-cli@v4
         env:
           JF_URL: ${{ vars.ARTIFACTORY_URL }}
           JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
-    
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -147,7 +164,7 @@ jobs:
       - name: Promote to Production
         run: |
           if [ "${{ env.RESULT }}" == "true" ]; then
-            jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \
+            /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \
               --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \
               --predicate ./policy.json --predicate-type https://jfrog.com/evidence/approval/v1
             jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} PROD --signing-key PGP-RSA-2048  --sync=true
@@ -156,4 +173,3 @@ jobs:
             echo "Fail promotion policy check" >> $GITHUB_STEP_SUMMARY
             exit 1
           fi
-
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   Docker-build-with-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Install jfrog cli
         uses: jfrog/setup-jfrog-cli@v4

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   CLAssistant:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - uses: actions-ecosystem/action-regex-match@v2
         id: sign-or-recheck

diff --git a/.github/workflows/codeql-evidence-example.yml b/.github/workflows/codeql-evidence-example.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   codeql:
     name: Analyse
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true
     strategy:

diff --git a/.github/workflows/cypress-evidence-example.yml b/.github/workflows/cypress-evidence-example.yml
@@ -7,7 +7,7 @@ permissions:
   actions: read
 jobs:
   package-docker-image-with-cypress-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_URL: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-cypress-repo'

diff --git a/.github/workflows/dependabot-evidence-example.yml b/.github/workflows/dependabot-evidence-example.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   dependabot-evidence-example:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env: 
       REPO_NAME: 'dependabot-docker-local'
       IMAGE_NAME: 'dependabot-docker-image'

diff --git a/.github/workflows/jira-evidence-example.yml b/.github/workflows/jira-evidence-example.yml
@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   docker-build-with-jira-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       DOCKER_REPO: 'test-docker-local'
       IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'

diff --git a/.github/workflows/katalon-evidence-example.yml b/.github/workflows/katalon-evidence-example.yml
@@ -10,7 +10,8 @@ permissions:
 
 jobs:
   package-docker-image-with-katalon-evidence:
-    runs-on: windows-latest
+    runs-on: self-hosted
+    environment: evidence
     env:
       REGISTRY_URL: ${{ vars.JF_URL}}
       REPO_NAME: 'docker-katalon-repo'

diff --git a/.github/workflows/promote-to-prod.yml b/.github/workflows/promote-to-prod.yml
@@ -16,7 +16,7 @@ permissions:
 
 jobs:  
   policy-check-and-promote-to-prod:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
 
       - name: Install jfrog cli

diff --git a/.github/workflows/scorecard-evidence-example.yml b/.github/workflows/scorecard-evidence-example.yml
@@ -6,7 +6,7 @@ permissions: read-all
 
 jobs:
   ossf-scorecard-analysis:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_DOMAIN: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-scorecard-repo'

diff --git a/.github/workflows/semgrep-evidence-example.yml b/.github/workflows/semgrep-evidence-example.yml
@@ -5,7 +5,7 @@ on:
 jobs:
   semgrep_scan:
     name: semgrep/ci
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     container:
       image: semgrep/semgrep
     env:

diff --git a/.github/workflows/simple-evidence.yml b/.github/workflows/simple-evidence.yml
@@ -9,7 +9,7 @@ permissions:
 
 jobs:
   docker-build-with-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Install jfrog cli
         id:   setup-cli

diff --git a/.github/workflows/simple-flow.yml b/.github/workflows/simple-flow.yml
@@ -9,7 +9,7 @@ permissions:
 
 jobs:
   Docker-build:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Install jfrog cli
         uses: jfrog/setup-jfrog-cli@v4

diff --git a/.github/workflows/sonar-evidence-example.yml b/.github/workflows/sonar-evidence-example.yml
@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   docker-build-with-sonar-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       DOCKER_REPO: 'test-docker-local'
       IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'

diff --git a/.github/workflows/testRail-evidence-example.yml b/.github/workflows/testRail-evidence-example.yml
@@ -7,7 +7,7 @@ permissions:
   actions: read
 jobs:
   testRail-evidence-example:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_URL: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-testrail-repo'

diff --git a/.github/workflows/tfsec-evidence-example.yml b/.github/workflows/tfsec-evidence-example.yml
@@ -9,7 +9,7 @@ permissions:
 
 jobs:
   package-terraform-with-tfsec-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true
     steps:

diff --git a/.github/workflows/trivy-evidence-example.yml b/.github/workflows/trivy-evidence-example.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   package-docker-image-with-trivy-evidence:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       REGISTRY_DOMAIN: ${{ vars.JF_URL }}
       REPO_NAME: 'docker-trivy-repo'

diff --git a/.github/workflows/zap-evidence-example.yml b/.github/workflows/zap-evidence-example.yml
@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   zap-evidence-example:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       DOCKER_REPO: 'test-docker-local'
       IMAGE_NAME: 'my-very-cool-image'