Merge branch 'master' into apptrust-auth-config

Author: dortam888

.github/dependabot.yml

@@ -1,5 +1,5 @@
- version: 2
- updates:
+version: 2
+updates:
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
@@ -18,5 +18,6 @@
     groups:
       github-actions:
         update-types:
+          - major
           - minor
-          - patch
+          - patch

.github/workflows/dependabot-auto-merge.yml

@@ -13,11 +13,45 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'jfrog/jfrog-cli-core'
     steps:
+      - name: Checkout PR code
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Add 'ignore for release' label
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --add-label "ignore for release"
+        env:
+          GH_TOKEN: ${{ secrets.CLI_ACTION_TOKEN }}
+
+      - name: Approve PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.CLI_ACTION_TOKEN}}
+
       - name: Dependabot metadata
         id: metadata
         uses: dependabot/[email protected]
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Run make update-all for go dependencies
+        if: steps.metadata.outputs.dependency-group == 'go'
+        run: make update-all
+
+      - name: Check for changes and commit
+        if: steps.metadata.outputs.dependency-group == 'go'
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            git config --local user.email "[email protected]"
+            git config --local user.name "github-actions[bot]"
+            git add .
+            git commit -m "Update JFrog dependencies via make update-all"
+            git push
+          fi
+
       - name: Enable auto-merge for Dependabot PRs
         run: gh pr merge --auto --squash "$PR_URL"
         env:

.github/workflows/monitor-stale.yml

@@ -5,19 +5,19 @@ on:
       operations-per-run:
         description: "Number of operations per run"
         required: false
-        default: "30"
+        default: "50"
   schedule:
     - cron: "0 0 * * *" # Runs once a day at midnight
 jobs:
   monitor-issues-and-pull-requests:
     runs-on: ubuntu-latest
     permissions:
+      actions: write
       issues: write
+      pull-requests: write
     steps:
       - uses: actions/stale@v10
         with:
-          # Ignore issues with these labels
-          exempt-issue-labels: "feature request,question"
           # Days of inactivity before marking an issue as stale
           days-before-stale: 180
           # Days of inactivity before closing an issue
@@ -31,5 +31,5 @@ jobs:
           close-pr-message: "This pull-request was closed due to 7 days of inactivity after being marked as stale. Feel free to reopen it if it remains relevant."
           ascending: true
           # Get from input or resolve to default
-          operations-per-run: ${{ github.event.inputs.operations-per-run || '30' }}
+          operations-per-run: ${{ github.event.inputs.operations-per-run || '50' }}
           repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-jf-dependencies.yml

@@ -0,0 +1,99 @@
+name: Update JFrog Dependencies
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-dependencies:
+    name: Update JFrog Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate timestamp
+        id: timestamp
+        run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
+
+      - name: Checkout main branch
+        uses: actions/checkout@v5
+        with:
+          ref: master
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create and checkout new branch
+        id: branch
+        run: |
+          BRANCH_NAME="use-latest-jf-dependencies-${{ steps.timestamp.outputs.timestamp }}"
+          git config --local user.email "[email protected]"
+          git config --local user.name "github-actions[bot]"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Run make update-all
+        run: make update-all
+
+      - name: Check for changes and commit
+        id: changes
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            git add .
+            git commit -m "Update JFrog dependencies to latest versions
+
+            - Updated archiver to latest version
+            - Updated client-go to latest main branch
+            - Updated gofrog to latest main branch  
+            - Ran go mod tidy to clean up dependencies
+            
+            Generated by workflow: ${{ github.workflow }}"
+            git push origin "${{ steps.branch.outputs.branch_name }}"
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No changes detected, skipping PR creation"
+          fi
+
+      - name: Create Pull Request
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
+          gh pr create \
+            --title "Update JFrog dependencies to latest versions" \
+            --body "This PR updates all JFrog dependencies to their latest versions:
+
+          - **build-info-go**: Updated to latest main branch
+          - **client-go**: Updated to latest main branch  
+          - **gofrog**: Updated to latest main branch  
+          - **go.mod**: Cleaned up with \`go mod tidy\`
+
+          Generated automatically by workflow: \`${{ github.workflow }}\`
+
+          **Branch**: \`${{ steps.branch.outputs.branch_name }}\`
+          **Timestamp**: \`${{ steps.timestamp.outputs.timestamp }}\`" \
+            --base master \
+            --head "${{ steps.branch.outputs.branch_name }}"
+        env:
+          GH_TOKEN: ${{ secrets.CLI_ACTION_TOKEN }}
+
+      - name: Get PR number
+        if: steps.changes.outputs.has_changes == 'true'
+        id: pr_number
+        run: |
+          PR_NUMBER=$(gh pr list --head "${{ steps.branch.outputs.branch_name }}" --json number --jq '.[0].number')
+          echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ secrets.CLI_ACTION_TOKEN }}
+
+      - name: Approve Pull Request
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
+          gh pr review --approve "${{ steps.pr_number.outputs.pr_number }}"
+        env:
+          GH_TOKEN: ${{ secrets.CLI_ACTION_TOKEN }}
+
+      - name: Enable auto-merge
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
+          gh pr merge --auto --squash "${{ steps.pr_number.outputs.pr_number }}"
+        env:
+          GH_TOKEN: ${{ secrets.CLI_ACTION_TOKEN }}

Makefile

@@ -0,0 +1,54 @@
+# Makefile for jfrog-client-go
+
+.PHONY: $(MAKECMDGOALS)
+
+# Default target
+help:
+	@echo "Available targets:"
+	@echo "  update-all           - Update all JFrog dependencies to latest versions"
+	@echo "  update-build-info-go - Update build-info-go to latest main branch"
+	@echo "  update-client-go     - Update client-go to latest main branch"
+	@echo "  update-gofrog        - Update gofrog to latest main branch"
+	@echo "  clean                - Clean build artifacts"
+	@echo "  test                 - Run tests"
+	@echo "  build                - Build the project"
+
+# Update all JFrog dependencies
+update-all: update-build-info-go update-client-go update-gofrog
+	@echo "All JFrog dependencies updated successfully!"
+	@GOPROXY=direct go mod tidy
+
+# Update build-info-go to latest main branch (using direct proxy to bypass Artifactory)
+update-build-info-go:
+	@echo "Updating build-info-go to latest main branch..."
+	@GOPROXY=direct go get github.com/jfrog/build-info-go@main
+	@echo "build-info-go updated successfully!"
+
+# Update gofrog to latest main branch
+update-client-go:
+	@echo "Updating client-go to latest main branch..."
+	@GOPROXY=direct go get github.com/jfrog/jfrog-client-go@master
+	@echo "client-go updated successfully!"
+
+# Update gofrog to latest main branch
+update-gofrog:
+	@echo "Updating gofrog to latest main branch..."
+	@GOPROXY=direct go get github.com/jfrog/gofrog@master
+	@echo "gofrog updated successfully!"
+
+# Clean build artifacts
+clean:
+	@echo "Cleaning build artifacts..."
+	@go clean
+	@go clean -cache
+	@go clean -modcache
+
+# Run tests
+test:
+	@echo "Running tests..."
+	@go test ./...
+
+# Build the project
+build:
+	@echo "Building project..."
+	@go build ./...

plugins/common/server.go

@@ -61,6 +61,7 @@ func CreateServerDetailsFromFlags(c *components.Context) (details *config.Server
 		details.ServerId = os.Getenv(coreutils.ServerID)
 	}
 	details.InsecureTls = c.GetBoolFlagValue("insecure-tls")
+	details.DisableTokenRefresh = c.GetBoolFlagValue("disable-token-refresh")
 	return
 }
 

utils/config/config.go

@@ -603,6 +603,7 @@ type ServerDetails struct {
 	IsDefault                       bool   `json:"isDefault,omitempty"`
 	InsecureTls                     bool   `json:"-"`
 	WebLogin                        bool   `json:"webLogin,omitempty"`
+	DisableTokenRefresh             bool   `json:"disableTokenRefresh,omitempty"`
 }
 
 // Deprecated
@@ -814,7 +815,7 @@ func (serverDetails *ServerDetails) createAuthConfig(details auth.ServiceDetails
 	// If refresh token is not empty, set a refresh handler and skip other credentials.
 	// First we check access's token, if empty we check artifactory's token.
 	switch {
-	case serverDetails.RefreshToken != "":
+	case serverDetails.RefreshToken != "" && !serverDetails.DisableTokenRefresh:
 		// Save serverId for refreshing if needed. If empty serverId is saved, default will be used.
 		tokenRefreshServerId = serverDetails.ServerId
 		details.AppendPreRequestFunction(AccessTokenRefreshPreRequestInterceptor)

utils/config/config_test.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/log"
+	artifactoryAuth "github.com/jfrog/jfrog-client-go/artifactory/auth"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/stretchr/testify/assert"
 )
@@ -421,3 +422,104 @@ func assertCertsMigration(t *testing.T) {
 	// Verify only the certs were moved
 	assert.Len(t, files, 2)
 }
+
+func TestCreateAuthConfigAppendPreRequestFunctionBehavior(t *testing.T) {
+	test := []struct {
+		name                       string
+		serverDetails              *ServerDetails
+		shouldCallAppendPreRequest bool
+	}{
+		{
+			name: "DisableTokenRefreshTrue_NoRefreshTokens",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: true,
+			},
+			shouldCallAppendPreRequest: false,
+		},
+		{
+			name: "DisableTokenRefreshTrue_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				RefreshToken:        "refresh-token-456",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: true,
+			},
+			shouldCallAppendPreRequest: false,
+		},
+		{
+			name: "DisableTokenRefreshFalse_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:            "test-server",
+				AccessToken:         "access-token-123",
+				RefreshToken:        "refresh-token-456",
+				User:                "testuser",
+				Password:            "testpass",
+				DisableTokenRefresh: false,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshDefault_WithRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:     "test-server",
+				AccessToken:  "access-token-123",
+				RefreshToken: "refresh-token-456",
+				User:         "testuser",
+				Password:     "testpass",
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshTrue_WithArtifactoryRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:                "test-server",
+				AccessToken:             "access-token-123",
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				User:                    "testuser",
+				Password:                "testpass",
+				DisableTokenRefresh:     true,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+		{
+			name: "DisableTokenRefreshFalse_WithArtifactoryRefreshToken",
+			serverDetails: &ServerDetails{
+				ServerId:                "test-server",
+				AccessToken:             "access-token-123",
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				User:                    "testuser",
+				Password:                "testpass",
+				DisableTokenRefresh:     false,
+			},
+			shouldCallAppendPreRequest: true,
+		},
+	}
+
+	for _, tt := range test {
+		t.Run(tt.name, func(t *testing.T) {
+			artDetails := artifactoryAuth.NewArtifactoryDetails()
+			artDetails.SetUrl("https://test.com/artifactory/")
+
+			result, err := tt.serverDetails.createAuthConfig(artDetails)
+
+			assert.NoError(t, err)
+			assert.Equal(t, artDetails, result)
+
+			if tt.shouldCallAppendPreRequest {
+				// AppendPreRequestFunction was called - should use token refresh, not basic auth
+				assert.Equal(t, "", result.GetUser(), "User should be empty when AppendPreRequestFunction is called (token refresh enabled)")
+				assert.Equal(t, "", result.GetPassword(), "Password should be empty when AppendPreRequestFunction is called (token refresh enabled)")
+			} else {
+				// AppendPreRequestFunction was NOT called - should use basic auth
+				assert.Equal(t, tt.serverDetails.User, result.GetUser(), "User should be set when AppendPreRequestFunction is NOT called (basic auth)")
+				assert.Equal(t, tt.serverDetails.Password, result.GetPassword(), "Password should be set when AppendPreRequestFunction is NOT called (basic auth)")
+			}
+		})
+	}
+}