Merge branch 'dev' of https://github.com/jfrog/build-info-go into sim…

…ple-defer

# Conflicts:
#	build/utils/yarn.go
#	go.mod
#	go.sum

.github/workflows/analysis.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Go
         uses: actions/setup-go@v3
         with:
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Go
         uses: actions/setup-go@v3
         with:
@@ -36,3 +36,13 @@ jobs:
         uses: securego/gosec@master
         with:
           args: -exclude G107,G204,G301,G302,G304,G306 -tests -exclude-dir \.*test\.* ./...
+
+  ShellCheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        with:
+          ignore_paths: '*test*'

.github/workflows/frogbot-scan-and-fix.yml

@@ -0,0 +1,40 @@
+name: "Frogbot Scan and Fix"
+on:
+  schedule:
+    # The repository will be scanned once a day at 00:00 GMT.
+    - cron: "0 0 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  create-fix-pull-requests:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: [ "dev" ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ matrix.branch }}
+
+      # Install prerequisites
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          # JFrog platform URL
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/frogbot-scan-pr.yml

@@ -0,0 +1,33 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [ opened, synchronize ]
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
+    # "frogbot" GitHub environment can approve the pull request to be scanned.
+    environment: frogbot
+    steps:
+      # Install prerequisites
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -18,7 +18,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu, windows, macOS ]
+        os: [ ubuntu, windows, macos ]
         node: [ 14, 16, 16.9 ]
         include:
           - node: "14"
@@ -29,15 +29,15 @@ jobs:
             python: "3.x"
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
           go-version: 1.20.x
 
       - name: Setup Python3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python }}
 
@@ -51,7 +51,7 @@ jobs:
           check-latest: true
 
       - name: Go Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}

.gitignore

@@ -15,5 +15,5 @@ build-info-go.exe
 bi
 bi.exe
 
-# Dependency directories (remove the comment below to include it)
-# vendor/
+# Gradle
+.gradle

.jfrog/jfrog-apps-config.yml

@@ -0,0 +1,16 @@
+version: "1.0"
+modules:
+  - exclude_patterns:
+      - "**/.git/**"
+      - "**/node_modules/**"
+
+      # Included in .gitignore:
+      - "**/.vscode/**"
+      - "**/.idea/**"
+    exclude_scanners:
+      - "iac"
+      - "sast"
+    scanners:
+      secrets:
+        exclude_patterns:
+          - "**/build/utils/dotnet/configfiletemplate.go**"

README.md

@@ -395,14 +395,6 @@ bi pipenv [pipenv command] [command options]
 
 Note: checksums calculation is not yet supported for pipenv projects.
 
-#### poetry
-
-```shell
-bi poetry [poetry command] [command options]
-```
-
-Note: checksums calculation is not yet supported for poetry projects.
-
 #### Dotnet
 
 ```shell

build/build.go

@@ -28,6 +28,7 @@ const (
 type Build struct {
 	buildName         string
 	buildNumber       string
+	buildTimestamp    time.Time
 	projectKey        string
 	tempDirPath       string
 	logger            utils.Log
@@ -38,13 +39,14 @@ type Build struct {
 	buildUrl          string
 }
 
-func NewBuild(buildName, buildNumber, projectKey, tempDirPath string, logger utils.Log) *Build {
+func NewBuild(buildName, buildNumber string, buildTimestamp time.Time, projectKey, tempDirPath string, logger utils.Log) *Build {
 	return &Build{
-		buildName:   buildName,
-		buildNumber: buildNumber,
-		projectKey:  projectKey,
-		tempDirPath: tempDirPath,
-		logger:      logger,
+		buildName:      buildName,
+		buildNumber:    buildNumber,
+		buildTimestamp: buildTimestamp,
+		projectKey:     projectKey,
+		tempDirPath:    tempDirPath,
+		logger:         logger,
 	}
 }
 
@@ -85,7 +87,7 @@ func (b *Build) AddMavenModule(srcPath string) (*MavenModule, error) {
 
 // AddGradleModule adds a Gradle module to this Build. Pass srcPath as an empty string if the root of the Gradle project is the working directory.
 func (b *Build) AddGradleModule(srcPath string) (*GradleModule, error) {
-	return newGradleModule(b, srcPath)
+	return newGradleModule(b, srcPath), nil
 }
 
 // AddNpmModule adds a Npm module to this Build. Pass srcPath as an empty string if the root of the Npm project is the working directory.
@@ -336,8 +338,8 @@ func (b *Build) readPartialBuildInfoFiles() (entities.Partials, error) {
 	return partials, nil
 }
 
-func (b *Build) readBuildInfoGeneralDetails() (*entities.General, error) {
-	partialsBuildDir, err := utils.GetPartialsBuildDir(b.buildName, b.buildNumber, b.projectKey, b.tempDirPath)
+func ReadBuildInfoGeneralDetails(buildName, buildNumber, projectKey, buildsDirPath string) (*entities.General, error) {
+	partialsBuildDir, err := utils.GetPartialsBuildDir(buildName, buildNumber, projectKey, buildsDirPath)
 	if err != nil {
 		return nil, err
 	}
@@ -348,10 +350,10 @@ func (b *Build) readBuildInfoGeneralDetails() (*entities.General, error) {
 	}
 	if !fileExists {
 		var buildString string
-		if b.projectKey != "" {
-			buildString = fmt.Sprintf("build-name: <%s>, build-number: <%s> and project: <%s>", b.buildName, b.buildNumber, b.projectKey)
+		if projectKey != "" {
+			buildString = fmt.Sprintf("build-name: <%s>, build-number: <%s> and project: <%s>", buildName, buildNumber, projectKey)
 		} else {
-			buildString = fmt.Sprintf("build-name: <%s> and build-number: <%s>", b.buildName, b.buildNumber)
+			buildString = fmt.Sprintf("build-name: <%s> and build-number: <%s>", buildName, buildNumber)
 		}
 		return nil, errors.New("Failed to construct the build-info to be published. " +
 			"This may be because there were no previous commands, which collected build-info for " + buildString)
@@ -368,10 +370,18 @@ func (b *Build) readBuildInfoGeneralDetails() (*entities.General, error) {
 	return details, nil
 }
 
+func (b *Build) readBuildInfoGeneralDetails() (*entities.General, error) {
+	return ReadBuildInfoGeneralDetails(b.buildName, b.buildNumber, b.projectKey, b.tempDirPath)
+}
+
 func (b *Build) buildNameAndNumberProvided() bool {
 	return len(b.buildName) > 0 && len(b.buildNumber) > 0
 }
 
+func (b *Build) GetBuildTimestamp() time.Time {
+	return b.buildTimestamp
+}
+
 type partialModule struct {
 	moduleType   entities.ModuleType
 	artifacts    map[string]entities.Artifact

build/dotnet.go

@@ -84,7 +84,7 @@ func (dm *DotnetModule) CalcDependencies() error {
 	if err != nil {
 		return err
 	}
-	sol, err := solution.Load(dm.solutionPath, slnFile, dm.containingBuild.logger)
+	sol, err := solution.Load(dm.solutionPath, slnFile, "", dm.containingBuild.logger)
 	if err != nil {
 		return err
 	}

build/golang.go

@@ -164,12 +164,12 @@ func (gm *GoModule) getPackagePathIfExists(cachePath, encodedDependencyId string
 func populateZip(packageId, zipPath string) (zipDependency entities.Dependency, err error) {
 	// Zip file dependency for the build-info
 	zipDependency = entities.Dependency{Id: packageId}
-	md5, sha1, sha2, err := utils.GetFileChecksums(zipPath)
+	checksums, err := utils.GetFileChecksums(zipPath)
 	if err != nil {
 		return
 	}
 	zipDependency.Type = "zip"
-	zipDependency.Checksum = entities.Checksum{Sha1: sha1, Md5: md5, Sha256: sha2}
+	zipDependency.Checksum = entities.Checksum{Sha1: checksums[utils.SHA1], Md5: checksums[utils.MD5], Sha256: checksums[utils.SHA256]}
 	return
 }