Handle OIDC & Repository feature and add tests

Author: EyalDelarea

lib/utils.js

@@ -112,8 +112,26 @@ class Utils {
         if (jfrogCredentials.password) {
             core.setSecret(jfrogCredentials.password);
         }
+        Utils.validateOidcSupported(jfrogCredentials);
         return jfrogCredentials;
     }
+    /**
+     * Validates OIDC auth method is supported by the JFrog CLI version
+     * @param jfrogCredentials
+     */
+    static validateOidcSupported(jfrogCredentials) {
+        const version = core.getInput(Utils.CLI_VERSION_ARG);
+        const downloadRepository = core.getInput(Utils.CLI_REMOTE_ARG);
+        // Cannot download from repository while using OIDC, as we don't have the credentials yet.
+        if (!!downloadRepository && !jfrogCredentials.oidcProviderName) {
+            throw new Error(`Download repository feature is not supported while using OIDC.`);
+        }
+        if (!!version) {
+            if (jfrogCredentials.oidcProviderName && (0, semver_1.lt)(version, Utils.MIN_OIDC_SUPPORTED_VERSION)) {
+                throw new Error(`OIDC provider is specified, but the JFrog CLI version ${version} does not support OIDC. Minimum required version is ${Utils.MIN_OIDC_SUPPORTED_VERSION}.\n Please update your JFrog CLI version or downgrade the setup-jfrog-cli action to v4.5.6.`);
+            }
+        }
+    }
     static getAndAddCliToPath(jfrogCredentials) {
         return __awaiter(this, void 0, void 0, function* () {
             let version = core.getInput(Utils.CLI_VERSION_ARG);
@@ -772,6 +790,8 @@ Utils.JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR_ENV = 'JFROG_CLI_COMMAND_SUMMARY_OUTP
 Utils.MIN_CLI_VERSION_JOB_SUMMARY = '2.66.0';
 // Code scanning sarif expected file extension.
 Utils.CODE_SCANNING_FINAL_SARIF_FILE = 'final.sarif';
+// Version which OIDC was introduced to the CLI
+Utils.MIN_OIDC_SUPPORTED_VERSION = '2.75.0';
 // Inputs
 // Version input
 Utils.CLI_VERSION_ARG = 'version';

src/utils.ts

@@ -49,6 +49,8 @@ export class Utils {
     private static readonly MIN_CLI_VERSION_JOB_SUMMARY: string = '2.66.0';
     // Code scanning sarif expected file extension.
     private static readonly CODE_SCANNING_FINAL_SARIF_FILE: string = 'final.sarif';
+    // Version which OIDC was introduced to the CLI
+    public static readonly MIN_OIDC_SUPPORTED_VERSION: string = '2.75.0';
 
     // Inputs
     // Version input
@@ -163,9 +165,33 @@ export class Utils {
         if (jfrogCredentials.password) {
             core.setSecret(jfrogCredentials.password);
         }
+
+        Utils.validateOidcSupported(jfrogCredentials);
+
         return jfrogCredentials;
     }
 
+    /**
+     * Validates OIDC auth method is supported by the JFrog CLI version
+     * @param jfrogCredentials
+     */
+    public static validateOidcSupported(jfrogCredentials: JfrogCredentials) {
+        const version: string = core.getInput(Utils.CLI_VERSION_ARG);
+        const downloadRepository: string = core.getInput(Utils.CLI_REMOTE_ARG);
+
+        // Cannot download from repository while using OIDC, as we don't have the credentials yet.
+        if (!!downloadRepository && !jfrogCredentials.oidcProviderName) {
+            throw new Error(`Download repository feature is not supported while using OIDC.`);
+        }
+        if (!!version) {
+            if (jfrogCredentials.oidcProviderName && lt(version, Utils.MIN_OIDC_SUPPORTED_VERSION)) {
+                throw new Error(
+                    `OIDC provider is specified, but the JFrog CLI version ${version} does not support OIDC. Minimum required version is ${Utils.MIN_OIDC_SUPPORTED_VERSION}.\n Please update your JFrog CLI version or downgrade the setup-jfrog-cli action to v4.5.6.`,
+                );
+            }
+        }
+    }
+
     public static async getAndAddCliToPath(jfrogCredentials: JfrogCredentials) {
         let version: string = core.getInput(Utils.CLI_VERSION_ARG);
         let cliRemote: string = core.getInput(Utils.CLI_REMOTE_ARG);

test/main.spec.ts

@@ -2,14 +2,10 @@ import * as os from 'os';
 import * as core from '@actions/core';
 
 import { DownloadDetails, JfrogCredentials, Utils } from '../src/utils';
-import * as jsYaml from 'js-yaml';
-import * as fs from 'fs';
-import * as path from 'path';
 import semver = require('semver/preload');
 
 jest.mock('os');
 jest.mock('@actions/core');
-jest.mock('semver');
 jest.mock('@actions/core');
 jest.mock('fs', () => ({
     promises: {
@@ -359,7 +355,6 @@ describe('Job Summaries', () => {
 });
 
 describe('isJobSummarySupported', () => {
-    const MIN_CLI_VERSION_JOB_SUMMARY: string = '2.66.0';
     const LATEST_CLI_VERSION: string = 'latest';
 
     beforeEach(() => {
@@ -374,17 +369,13 @@ describe('isJobSummarySupported', () => {
     it('should return true if the version is greater than or equal to the minimum supported version', () => {
         const version: string = '2.66.0';
         jest.spyOn(core, 'getInput').mockReturnValue(version);
-        (semver.gte as jest.Mock).mockReturnValue(true);
         expect(Utils.isJobSummarySupported()).toBe(true);
-        expect(semver.gte).toHaveBeenCalledWith(version, MIN_CLI_VERSION_JOB_SUMMARY);
     });
 
     it('should return false if the version is less than the minimum supported version', () => {
         const version: string = '2.65.0';
         jest.spyOn(core, 'getInput').mockReturnValue(version);
-        (semver.gte as jest.Mock).mockReturnValue(false);
         expect(Utils.isJobSummarySupported()).toBe(false);
-        expect(semver.gte).toHaveBeenCalledWith(version, MIN_CLI_VERSION_JOB_SUMMARY);
     });
 });
 
@@ -511,3 +502,76 @@ describe('Utils.collectJfrogCredentialsFromEnvVars', () => {
         }).toThrow('JF_USER is configured, but the JF_PASSWORD or JF_ACCESS_TOKEN environment variables were not set.');
     });
 });
+
+describe('Utils.validateOidcSupported', () => {
+    // eslint-disable-next-line @typescript-eslint/typedef
+    const runTest = (cliVersion: string, jfrogCredentials: JfrogCredentials, shouldThrow: boolean, errorMessage: string): void => {
+        jest.spyOn(core, 'getInput').mockImplementation((name: string): string => {
+            if (name === Utils.CLI_VERSION_ARG) {
+                return cliVersion;
+            }
+            return '';
+        });
+
+        if (shouldThrow) {
+            expect(() => {
+                Utils.validateOidcSupported(jfrogCredentials);
+            }).toThrow(errorMessage);
+        } else {
+            expect(() => {
+                Utils.validateOidcSupported(jfrogCredentials);
+            }).not.toThrow();
+        }
+    };
+
+    it('should throw an error if OIDC provider is specified and version is below minimum supported', () => {
+        const jfrogCredentials: JfrogCredentials = {
+            jfrogUrl: 'https://example.jfrog.io',
+            username: undefined,
+            password: undefined,
+            accessToken: undefined,
+            oidcProviderName: 'github',
+            oidcAudience: 'jfrog-github',
+            oidcTokenId: undefined,
+        };
+
+        const cliVersion: string = '2.0.0';
+        const errorMessage: string = `OIDC provider is specified, but the JFrog CLI version ${cliVersion} does not support OIDC. Minimum required version is ${Utils.MIN_OIDC_SUPPORTED_VERSION}.`;
+
+        runTest(cliVersion, jfrogCredentials, true, errorMessage);
+    });
+
+    it('should not throw an error if OIDC provider is specified and version is above minimum supported', () => {
+        const jfrogCredentials: JfrogCredentials = {
+            jfrogUrl: 'https://example.jfrog.io',
+            username: undefined,
+            password: undefined,
+            accessToken: undefined,
+            oidcProviderName: 'github',
+            oidcAudience: 'jfrog-github',
+            oidcTokenId: undefined,
+        };
+
+        const cliVersion: string = '2.75.0';
+        const errorMessage: string = `OIDC provider is specified, but the JFrog CLI version ${cliVersion} does not support OIDC. Minimum required version is ${Utils.MIN_OIDC_SUPPORTED_VERSION}.`;
+
+        runTest(cliVersion, jfrogCredentials, false, errorMessage);
+    });
+
+    it('should not throw an error if OIDC provider is not specified', () => {
+        const jfrogCredentials: JfrogCredentials = {
+            jfrogUrl: 'https://example.jfrog.io',
+            username: undefined,
+            password: undefined,
+            accessToken: undefined,
+            oidcProviderName: undefined,
+            oidcAudience: undefined,
+            oidcTokenId: undefined,
+        };
+
+        const cliVersion: string = '2.74.3';
+        const errorMessage: string = `OIDC provider is specified, but the JFrog CLI version ${cliVersion} does not support OIDC. Minimum required version is ${Utils.MIN_OIDC_SUPPORTED_VERSION}.`;
+
+        runTest(cliVersion, jfrogCredentials, false, errorMessage);
+    });
+});