From 329b0b5b37509d4471115e568abfc6b0ca0d2b00 Mon Sep 17 00:00:00 2001 From: Michael Sverdlov Date: Thu, 3 Aug 2023 12:25:13 +0300 Subject: [PATCH] Add Frogbot Scan to Repository (#179) --- .github/workflows/frogbot-scan-and-fix.yml | 40 ++++++++++++++++++++++ .github/workflows/frogbot-scan-pr.yml | 33 ++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 .github/workflows/frogbot-scan-and-fix.yml create mode 100644 .github/workflows/frogbot-scan-pr.yml diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml new file mode 100644 index 00000000..aa34c12c --- /dev/null +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -0,0 +1,40 @@ +name: "Frogbot Scan and Fix" +on: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write +jobs: + create-fix-pull-requests: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: [ "dev" ] + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ matrix.branch }} + + # Install prerequisites + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: 1.20.x + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml new file mode 100644 index 00000000..2f932704 --- /dev/null +++ b/.github/workflows/frogbot-scan-pr.yml @@ -0,0 +1,33 @@ +name: "Frogbot Scan Pull Request" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write + contents: read +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + # Install prerequisites + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: 1.20.x + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}