Update workflows templates (#340)

jfrog · May 21, 2023 · 7b24680 · 7b24680
1 parent 5118bc2
commit 7b24680
Show file tree

Hide file tree

Showing 12 changed files with 894 additions and 878 deletions.
diff --git a/.github/workflows/action-test.yml b/.github/workflows/action-test.yml
@@ -1,6 +1,9 @@
 name: "GitHub Action Test"
-on: [push, pull_request]
-
+on:
+  push:
+    tags-ignore:
+      - '**'
+  pull_request:
 jobs:
   test:
     runs-on: ${{ matrix.os }}

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -1,5 +1,9 @@
 name: "Static Analysis"
-on: [ "push", "pull_request" ]
+on:
+  push:
+    tags-ignore:
+      - '**'
+  pull_request:
 jobs:
   Static-Check:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml
@@ -3,6 +3,8 @@ on:
   push:
     branches:
       - "dev"
+    tags-ignore:
+      - '**'
   schedule:
     - cron: "0 0 * * *"
 permissions:

diff --git a/docs/install-azure-repos.md b/docs/install-azure-repos.md
@@ -38,7 +38,8 @@ To install Frogbot on Azure Repos repositories, follow these steps.
        - cron: "* */1 * * *"
          branches: 
            include: 
-             - "*"
+             - "main"
+             - "master"
   pool:
        vmImage: ubuntu-latest
   jobs:

diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-go.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-go.yml
@@ -1,13 +1,7 @@
 name: "Frogbot Scan and Fix"
 on:
-  push:
-    # Creating fix pull requests will be triggered by any push to one of these branches.
-    # You can add or replace to any branch you want to open fix pull requests for.
-    branches:
-      - "main"
-      - "master"
   schedule:
-    # The job will run once a day at 00:00 GMT.
+    # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
 permissions:
   contents: write
@@ -16,102 +10,108 @@ permissions:
 jobs:
   create-fix-pull-requests:
     runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      # Install prerequisites
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.19.x
-
-      - uses: jfrog/frogbot@v2
-        env:
-          # [Mandatory]
-          # JFrog platform URL
-          JF_URL: ${{ secrets.JF_URL }}
-
-          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
-          # JFrog access token with 'read' permissions on Xray service
-          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
-
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
-          # JF_USER: ${{ secrets.JF_USER }}
-
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog password. Must be provided with JF_USER
-          # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
-
-          # [Mandatory]
-          # The GitHub token automatically generated for the job
-          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-          # [Optional, default: https://api.github.com]
-          # API endpoint to GitHub
-          # JF_GIT_API_ENDPOINT: https://github.example.com
-
-          # [Optional]
-          # If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
-          # in Artifactory, which proxies https://releases.jfrog.io
-          # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
-          # JF_RELEASES_REPO: ""
-
-
-
-          ##########################################################################
-          ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
-          ##   the following variables inside the file, instead of here.          ##
-          ##########################################################################
-
-          # [Optional, default: "."]
-          # Relative path to the root of the project in the Git repository
-          # JF_WORKING_DIR: path/to/project/dir
-
-          # [Optional]
-          # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
-          # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
-
-          # [Optional]
-          # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
-          # JF_PROJECT: <project-key>
-
-          # [Optional, default: "TRUE"]
-          # Fails the Frogbot task if any security issue is found.
-          # JF_FAIL: "FALSE"
-
-          # [Optional]
-          # Frogbot will download the project dependencies, if they're not cached locally. To download the
-          # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
-          # need to set this value, if it is set in the frogbot-config.yml file.
-          # JF_DEPS_REPO: ""
-
-          # [Optional]
-          # Template for the branch name generated by Frogbot when creating pull requests with fixes.
-          # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
-          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
-          # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"
-
-          # [Optional]
-          # Template for the commit message generated by Frogbot when creating pull requests with fixes
-          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
-          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
-
-          # [Optional]
-          # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
-          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
-          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to to ${FIX_VERSION}"
-
-          # [Optional, Default: "FALSE"]
-          # If TRUE, Frogbot creates a single pull request with all the fixes.
-          # If FALSE, Frogbot creates a separate pull request for each fix.
-          # JF_GIT_AGGREGATE_FIXES: "FALSE"
-
-          # [Optional, Default: "FALSE"]
-          # Handle vulnerabilities with fix versions only
-          # JF_FIXABLE_ONLY: "TRUE"
-
-          # [Optional]
-          # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
-          # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: [ "dev" ]
+      steps:
+        - uses: actions/checkout@v3
+          with:
+            ref: ${{ matrix.branch }}
+
+        # Install prerequisites
+        - name: Setup Go
+          uses: actions/setup-go@v2
+          with:
+            go-version: 1.19.x
+
+        - uses: jfrog/frogbot@v2
+          env:
+            # [Mandatory]
+            # JFrog platform URL
+            JF_URL: ${{ secrets.JF_URL }}
+
+            # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+            # JFrog access token with 'read' permissions on Xray service
+            JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+            # [Mandatory if JF_ACCESS_TOKEN is not provided]
+            # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+            # JF_USER: ${{ secrets.JF_USER }}
+
+            # [Mandatory if JF_ACCESS_TOKEN is not provided]
+            # JFrog password. Must be provided with JF_USER
+            # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+            # [Mandatory]
+            # The GitHub token automatically generated for the job
+            JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            # [Optional, default: https://api.github.com]
+            # API endpoint to GitHub
+            # JF_GIT_API_ENDPOINT: https://github.example.com
+
+            # [Optional]
+            # If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
+            # in Artifactory, which proxies https://releases.jfrog.io
+            # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
+            # JF_RELEASES_REPO: ""
+
+
+
+            ##########################################################################
+            ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
+            ##   the following variables inside the file, instead of here.          ##
+            ##########################################################################
+
+            # [Optional, default: "."]
+            # Relative path to the root of the project in the Git repository
+            # JF_WORKING_DIR: path/to/project/dir
+
+            # [Optional]
+            # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+            # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+            # [Optional]
+            # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+            # JF_PROJECT: <project-key>
+
+            # [Optional, default: "TRUE"]
+            # Fails the Frogbot task if any security issue is found.
+            # JF_FAIL: "FALSE"
+
+            # [Optional]
+            # Frogbot will download the project dependencies, if they're not cached locally. To download the
+            # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+            # need to set this value, if it is set in the frogbot-config.yml file.
+            # JF_DEPS_REPO: ""
+
+            # [Optional]
+            # Template for the branch name generated by Frogbot when creating pull requests with fixes.
+            # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+            # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+            # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"
+
+            # [Optional]
+            # Template for the commit message generated by Frogbot when creating pull requests with fixes
+            # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+            # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
+
+            # [Optional]
+            # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
+            # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+            # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to to ${FIX_VERSION}"
+
+            # [Optional, Default: "FALSE"]
+            # If TRUE, Frogbot creates a single pull request with all the fixes.
+            # If FALSE, Frogbot creates a separate pull request for each fix.
+            # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+            # [Optional, Default: "FALSE"]
+            # Handle vulnerabilities with fix versions only
+            # JF_FIXABLE_ONLY: "TRUE"
+
+            # [Optional]
+            # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+            # The following values are accepted: Low, Medium, High or Critical
+            # JF_MIN_SEVERITY: ""