-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: oumkale <[email protected]>
- Loading branch information
Showing
6 changed files
with
6 additions
and
229 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| - [ ] All [tests](https://github.com/jfrog/jfrog-registry-operator#tests) passed. If this feature is not already covered by the tests, I added new tests. | ||
| - [ ] This pull request is on the dev branch. | ||
| - [ ] This pull request is on the main branch. | ||
| - [ ] I used gofmt for formatting the code before submitting the pull request. | ||
| --- | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,112 +12,13 @@ jobs: | |
| # "jfrog-registry-operator" GitHub environment can approve the pull request to be scanned. | ||
| environment: jfrog-registry-operator | ||
| steps: | ||
| - uses: jfrog/jfrog-registry-operator@v2 | ||
| - uses: jfrog/jfrog-registry-operator | ||
| env: | ||
| JFROG_CLI_LOG_LEVEL: "DEBUG" | ||
| # [Mandatory] | ||
| # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) | ||
| JF_URL: ${{ secrets.OPERATOR_URL }} | ||
|
|
||
| # [Mandatory if JF_USER and JF_PASSWORD are not provided] | ||
| # JFrog access token with 'read' permissions on Xray service | ||
| JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }} | ||
|
|
||
| # [Mandatory] | ||
| # The GitHub token is automatically generated for the job | ||
| JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # [Optional, default: https://api.github.com] | ||
| # API endpoint to GitHub | ||
| # JF_GIT_API_ENDPOINT: https://github.example.com | ||
|
|
||
| # [Optional] | ||
| # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools | ||
| # needed from https://releases.jfrog.io | ||
| # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the | ||
| # executable to be downloaded from an Artifactory instance, which the machine has access to: | ||
| # | ||
| # 1. Login to the Artifactory UI, with a user who has admin credentials. | ||
| # 2. Create a Remote Repository with the following properties set. | ||
| # Under the 'Basic' tab: | ||
| # Package Type: Generic | ||
| # URL: https://releases.jfrog.io | ||
| # Under the 'Advanced' tab: | ||
| # Uncheck the 'Store Artifacts Locally' option | ||
| # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. | ||
| # JF_RELEASES_REPO: "" | ||
|
|
||
| # [Optional] | ||
| # Configure the SMTP server to enable jfrog-registry-operator to send emails with detected secrets in pull request scans. | ||
| # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080) | ||
| JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }} | ||
|
|
||
| # [Mandatory if JF_SMTP_SERVER is set] | ||
| # The username required for authenticating with the SMTP server. | ||
| JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }} | ||
|
|
||
| # [Mandatory if JF_SMTP_SERVER is set] | ||
| # The password associated with the username required for authentication with the SMTP server. | ||
| JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }} | ||
|
|
||
| # [Optional] | ||
| # List of comma separated email addresses to receive email notifications about secrets | ||
| # detected during pull request scanning. The notification is also sent to the email set | ||
| # in the committer git profile regardless of whether this variable is set or not. | ||
| JF_EMAIL_RECEIVERS: "[email protected]" | ||
|
|
||
| ########################################################################## | ||
| ## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ## | ||
| ## the following variables inside the file, instead of here. ## | ||
| ########################################################################## | ||
|
|
||
| # [Mandatory if the two conditions below are met] | ||
| # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies | ||
| # 2. The `installCommand` variable isn't set in your jfrog-registry-operator-config.yml file. | ||
| # | ||
| # The command that installs the project dependencies (e.g "nuget restore") | ||
| # JF_INSTALL_DEPS_CMD: "" | ||
|
|
||
| # [Optional, default: "."] | ||
| # Relative path to the root of the project in the Git repository | ||
| # JF_WORKING_DIR: path/to/project/dir | ||
|
|
||
| # [Optional] | ||
| # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches | ||
| # JF_WATCHES: <watch-1>,<watch-2>...<watch-n> | ||
|
|
||
| # [Optional] | ||
| # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects | ||
| # JF_PROJECT: <project-key> | ||
|
|
||
| # [Optional, default: "FALSE"] | ||
| # Displays all existing vulnerabilities, including the ones that were added by the pull request. | ||
| # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" | ||
|
|
||
| # [Optional, default: "FALSE"] | ||
| # When adding new comments on pull requests, keep old comments that were added by previous scans. | ||
| # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE" | ||
|
|
||
| # [Optional, default: "TRUE"] | ||
| # Fails the jfrog-registry-operator task if any security issue is found. | ||
| # JF_FAIL: "FALSE" | ||
|
|
||
| # [Optional] | ||
| # Jfrog-registry-operator will download the project dependencies if they're not cached locally. To download the | ||
| # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no | ||
| # need to set this value, if it is set in the jfrog-registry-operator-config.yml file. | ||
| # JF_DEPS_REPO: "" | ||
|
|
||
| # [Optional, Default: "FALSE"] | ||
| # If TRUE, Jfrog-registry-operator creates a single pull request with all the fixes. | ||
| # If false, Jfrog-registry-operator creates a separate pull request for each fix. | ||
| # JF_GIT_AGGREGATE_FIXES: "FALSE" | ||
|
|
||
| # [Optional, Default: "FALSE"] | ||
| # Handle vulnerabilities with fix versions only | ||
| # JF_FIXABLE_ONLY: "TRUE" | ||
|
|
||
| # [Optional] | ||
| # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests | ||
| # The following values are accepted: Low, Medium, High or Critical | ||
| # JF_MIN_SEVERITY: "" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,18 +15,11 @@ jobs: | |
| strategy: | ||
| matrix: | ||
| # The repository scanning will be triggered periodically on the following branches. | ||
| branch: [ "dev" ] | ||
| branch: [ "main" ] | ||
| steps: | ||
| - uses: jfrog/jfrog-registry-operator@v2 | ||
| - uses: jfrog/jfrog-registry-operator | ||
| env: | ||
| JFROG_CLI_LOG_LEVEL: "DEBUG" | ||
| # [Mandatory] | ||
| # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) | ||
| JF_URL: ${{ secrets.OPERATOR_URL }} | ||
|
|
||
| # [Mandatory if JF_USER and JF_PASSWORD are not provided] | ||
| # JFrog access token with 'read' permissions on Xray service | ||
| JF_ACCESS_TOKEN: ${{ secrets.OPERATOR_ACCESS_TOKEN }} | ||
|
|
||
| # [Mandatory] | ||
| # The GitHub token is automatically generated for the job | ||
|
|
@@ -35,84 +28,3 @@ jobs: | |
| # [Mandatory] | ||
| # The name of the branch on which jfrog-registry-operator will perform the scan | ||
| JF_GIT_BASE_BRANCH: ${{ matrix.branch }} | ||
|
|
||
| # [Optional, default: https://api.github.com] | ||
| # API endpoint to GitHub | ||
| # JF_GIT_API_ENDPOINT: https://github.example.com | ||
|
|
||
| # [Optional] | ||
| # By default, the jfrog-registry-operator workflows download the jfrog-registry-operator executable as well as other tools | ||
| # needed from https://releases.jfrog.io | ||
| # If the machine that runs jfrog-registry-operator has no access to the internet, follow these steps to allow the | ||
| # executable to be downloaded from an Artifactory instance, which the machine has access to: | ||
| # | ||
| # 1. Login to the Artifactory UI, with a user who has admin credentials. | ||
| # 2. Create a Remote Repository with the following properties set. | ||
| # Under the 'Basic' tab: | ||
| # Package Type: Generic | ||
| # URL: https://releases.jfrog.io | ||
| # Under the 'Advanced' tab: | ||
| # Uncheck the 'Store Artifacts Locally' option | ||
| # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. | ||
| # JF_RELEASES_REPO: "" | ||
|
|
||
| ########################################################################## | ||
| ## If your project uses a 'jfrog-registry-operator-config.yml' file, you can define ## | ||
| ## the following variables inside the file, instead of here. ## | ||
| ########################################################################## | ||
|
|
||
| # [Optional, default: "."] | ||
| # Relative path to the root of the project in the Git repository | ||
| # JF_WORKING_DIR: path/to/project/dir | ||
|
|
||
| # [Optional] | ||
| # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches | ||
| # JF_WATCHES: <watch-1>,<watch-2>...<watch-n> | ||
|
|
||
| # [Optional] | ||
| # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects | ||
| # JF_PROJECT: <project-key> | ||
|
|
||
| # [Optional, default: "TRUE"] | ||
| # Fails the jfrog-registry-operator task if any security issue is found. | ||
| # JF_FAIL: "FALSE" | ||
|
|
||
| # [Optional] | ||
| # jfrog-registry-operator will download the project dependencies, if they're not cached locally. To download the | ||
| # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no | ||
| # need to set this value, if it is set in the jfrog-registry-operator-config.yml file. | ||
| # JF_DEPS_REPO: "" | ||
|
|
||
| # [Optional] | ||
| # Template for the branch name generated by jfrog-registry-operator when creating pull requests with fixes. | ||
| # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique. | ||
| # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. | ||
| # JF_BRANCH_NAME_TEMPLATE: "jfrog-registry-operator-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}" | ||
|
|
||
| # [Optional] | ||
| # Template for the commit message generated by jfrog-registry-operator when creating pull requests with fixes | ||
| # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. | ||
| # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" | ||
|
|
||
| # [Optional] | ||
| # Template for the pull request title generated by jfrog-registry-operator when creating pull requests with fixes. | ||
| # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables. | ||
| # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Jfrog Registry Operator] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}" | ||
|
|
||
| # [Optional, Default: "FALSE"] | ||
| # If TRUE, jfrog-registry-operator creates a single pull request with all the fixes. | ||
| # If FALSE, jfrog-registry-operator creates a separate pull request for each fix. | ||
| # JF_GIT_AGGREGATE_FIXES: "FALSE" | ||
|
|
||
| # [Optional, Default: "FALSE"] | ||
| # Handle vulnerabilities with fix versions only | ||
| # JF_FIXABLE_ONLY: "TRUE" | ||
|
|
||
| # [Optional] | ||
| # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests | ||
| # The following values are accepted: Low, Medium, High or Critical | ||
| # JF_MIN_SEVERITY: "" | ||
|
|
||
| # [Optional, Default: [email protected]] | ||
| # Set the email of the commit author | ||
| # JF_GIT_EMAIL_AUTHOR: "" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters