From d7e4905462be44485b297d6521ecd2a40a7d6f60 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 27 Apr 2025 15:08:12 +0300 Subject: [PATCH 1/6] bump version to v4.5.9 --- node_modules/.package-lock.json | 2 +- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index b35e548de..2eb32aa98 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "@jfrog/setup-jfrog-cli", - "version": "4.5.8", + "version": "4.5.9", "lockfileVersion": 3, "requires": true, "packages": { diff --git a/package-lock.json b/package-lock.json index 9dc2a6b08..09eade0cc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@jfrog/setup-jfrog-cli", - "version": "4.5.8", + "version": "4.5.9", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@jfrog/setup-jfrog-cli", - "version": "4.5.8", + "version": "4.5.9", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { diff --git a/package.json b/package.json index e23ae2c9d..8608ab17b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@jfrog/setup-jfrog-cli", - "version": "4.5.8", + "version": "4.5.9", "private": true, "description": "Setup JFrog CLI in GitHub Actions", "main": "lib/main.js", From 08af53247c6c3945073f881ae79fd4d1905f0615 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Apr 2025 10:59:27 +0300 Subject: [PATCH 2/6] test --- lib/utils.js | 3 --- src/utils.ts | 3 --- 2 files changed, 6 deletions(-) diff --git a/lib/utils.js b/lib/utils.js index b13b3af67..fd10f045d 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -81,9 +81,6 @@ class Utils { if (!isLatestVer && (0, semver_1.lt)(version, this.MIN_CLI_VERSION)) { throw new Error('Requested to download JFrog CLI version ' + version + ' but must be at least ' + this.MIN_CLI_VERSION); } - if (jfrogCredentials.oidcProviderName && cliRemote != '') { - throw new Error('OIDC credentials are not supported for CLI remote downloads, please use an access token instead.'); - } if (!isLatestVer && this.loadFromCache(version)) { core.info('Found JFrog CLI in cache. No need to download'); return; diff --git a/src/utils.ts b/src/utils.ts index 5e045cd96..f0a12dd18 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -95,9 +95,6 @@ export class Utils { if (!isLatestVer && lt(version, this.MIN_CLI_VERSION)) { throw new Error('Requested to download JFrog CLI version ' + version + ' but must be at least ' + this.MIN_CLI_VERSION); } - if (jfrogCredentials.oidcProviderName && cliRemote != '') { - throw new Error('OIDC credentials are not supported for CLI remote downloads, please use an access token instead.'); - } if (!isLatestVer && this.loadFromCache(version)) { core.info('Found JFrog CLI in cache. No need to download'); return; From b0bccfbc9cb9376967d760badd0ffb8c391c677c Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Apr 2025 12:41:39 +0300 Subject: [PATCH 3/6] test --- lib/job-summary.js | 2 +- lib/oidc-utils.js | 2 +- lib/utils.js | 5 ++++- src/utils.ts | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/job-summary.js b/lib/job-summary.js index 67b226b2f..dac6640c8 100644 --- a/lib/job-summary.js +++ b/lib/job-summary.js @@ -308,7 +308,6 @@ class JobSummary { return process.env.GITHUB_WORKFLOW || ''; } } -exports.JobSummary = JobSummary; // Directory name which holds markdown files for the Workflow summary JobSummary.JOB_SUMMARY_DIR_NAME = 'jfrog-command-summary'; // Directory name which holds security command summary files @@ -340,3 +339,4 @@ JobSummary.SOURCE_PARAM_VALUE = '1'; // Metric query parameter indicating the metric type JobSummary.METRIC_PARAM_KEY = 'm'; JobSummary.METRIC_PARAM_VALUE = '1'; +exports.JobSummary = JobSummary; diff --git a/lib/oidc-utils.js b/lib/oidc-utils.js index b5e5db15c..3a2861cce 100644 --- a/lib/oidc-utils.js +++ b/lib/oidc-utils.js @@ -310,7 +310,6 @@ class OidcUtils { return version === utils_1.Utils.LATEST_CLI_VERSION || (0, semver_1.gte)(version, this.MIN_CLI_OIDC_VERSION); } } -exports.OidcUtils = OidcUtils; OidcUtils.MIN_CLI_OIDC_VERSION = '2.75.0'; // Application yaml root key OidcUtils.APPLICATION_ROOT_YML = 'application'; @@ -322,3 +321,4 @@ OidcUtils.KEY = 'key'; OidcUtils.JF_CONFIG_DIR_NAME = '.jfrog'; // Config file name OidcUtils.JF_CONFIG_FILE_NAME = 'config.yml'; +exports.OidcUtils = OidcUtils; diff --git a/lib/utils.js b/lib/utils.js index fd10f045d..68d9b9481 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -85,6 +85,9 @@ class Utils { core.info('Found JFrog CLI in cache. No need to download'); return; } + if (jfrogCredentials.oidcProviderName && cliRemote != '') { + jfrogCredentials.accessToken = yield oidc_utils_1.OidcUtils.exchangeOidcToken(jfrogCredentials); + } // Download JFrog CLI let downloadDetails = Utils.extractDownloadDetails(cliRemote, jfrogCredentials); let url = Utils.getCliUrl(version, Utils.getJFrogExecutableName(), downloadDetails); @@ -431,7 +434,6 @@ class Utils { return; } } -exports.Utils = Utils; // eslint-disable-next-line @typescript-eslint/no-var-requires Utils.USER_AGENT = 'setup-jfrog-cli-github-action/' + require('../package.json').version; // Default artifactory URL and repository for downloading JFrog CLI @@ -469,3 +471,4 @@ Utils.AUTO_BUILD_PUBLISH_DISABLE = 'disable-auto-build-publish'; // Custom server ID input Utils.CUSTOM_SERVER_ID = 'custom-server-id'; Utils.DEFAULT_OIDC_AUDIENCE = 'jfrog-github'; +exports.Utils = Utils; diff --git a/src/utils.ts b/src/utils.ts index f0a12dd18..8ed5627ec 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -99,6 +99,9 @@ export class Utils { core.info('Found JFrog CLI in cache. No need to download'); return; } + if (jfrogCredentials.oidcProviderName && cliRemote != '') { + jfrogCredentials.accessToken = await OidcUtils.exchangeOidcToken(jfrogCredentials); + } // Download JFrog CLI let downloadDetails: DownloadDetails = Utils.extractDownloadDetails(cliRemote, jfrogCredentials); let url: string = Utils.getCliUrl(version, Utils.getJFrogExecutableName(), downloadDetails); From 4cb27676afa8853a9cc9cc0bb786f5dd3771c867 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Apr 2025 12:46:04 +0300 Subject: [PATCH 4/6] test --- lib/job-summary.js | 2 +- lib/oidc-utils.js | 2 +- lib/utils.js | 3 ++- src/utils.ts | 1 + 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/job-summary.js b/lib/job-summary.js index dac6640c8..67b226b2f 100644 --- a/lib/job-summary.js +++ b/lib/job-summary.js @@ -308,6 +308,7 @@ class JobSummary { return process.env.GITHUB_WORKFLOW || ''; } } +exports.JobSummary = JobSummary; // Directory name which holds markdown files for the Workflow summary JobSummary.JOB_SUMMARY_DIR_NAME = 'jfrog-command-summary'; // Directory name which holds security command summary files @@ -339,4 +340,3 @@ JobSummary.SOURCE_PARAM_VALUE = '1'; // Metric query parameter indicating the metric type JobSummary.METRIC_PARAM_KEY = 'm'; JobSummary.METRIC_PARAM_VALUE = '1'; -exports.JobSummary = JobSummary; diff --git a/lib/oidc-utils.js b/lib/oidc-utils.js index 3a2861cce..b5e5db15c 100644 --- a/lib/oidc-utils.js +++ b/lib/oidc-utils.js @@ -310,6 +310,7 @@ class OidcUtils { return version === utils_1.Utils.LATEST_CLI_VERSION || (0, semver_1.gte)(version, this.MIN_CLI_OIDC_VERSION); } } +exports.OidcUtils = OidcUtils; OidcUtils.MIN_CLI_OIDC_VERSION = '2.75.0'; // Application yaml root key OidcUtils.APPLICATION_ROOT_YML = 'application'; @@ -321,4 +322,3 @@ OidcUtils.KEY = 'key'; OidcUtils.JF_CONFIG_DIR_NAME = '.jfrog'; // Config file name OidcUtils.JF_CONFIG_FILE_NAME = 'config.yml'; -exports.OidcUtils = OidcUtils; diff --git a/lib/utils.js b/lib/utils.js index 68d9b9481..0688684a0 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -86,6 +86,7 @@ class Utils { return; } if (jfrogCredentials.oidcProviderName && cliRemote != '') { + core.info("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = yield oidc_utils_1.OidcUtils.exchangeOidcToken(jfrogCredentials); } // Download JFrog CLI @@ -434,6 +435,7 @@ class Utils { return; } } +exports.Utils = Utils; // eslint-disable-next-line @typescript-eslint/no-var-requires Utils.USER_AGENT = 'setup-jfrog-cli-github-action/' + require('../package.json').version; // Default artifactory URL and repository for downloading JFrog CLI @@ -471,4 +473,3 @@ Utils.AUTO_BUILD_PUBLISH_DISABLE = 'disable-auto-build-publish'; // Custom server ID input Utils.CUSTOM_SERVER_ID = 'custom-server-id'; Utils.DEFAULT_OIDC_AUDIENCE = 'jfrog-github'; -exports.Utils = Utils; diff --git a/src/utils.ts b/src/utils.ts index 8ed5627ec..f121c8231 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -100,6 +100,7 @@ export class Utils { return; } if (jfrogCredentials.oidcProviderName && cliRemote != '') { + core.info("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = await OidcUtils.exchangeOidcToken(jfrogCredentials); } // Download JFrog CLI From 85c12be47af764fbf6d4ae0f62a989c00a96bda9 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Apr 2025 12:54:44 +0300 Subject: [PATCH 5/6] debug log --- lib/utils.js | 2 +- src/utils.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/utils.js b/lib/utils.js index 0688684a0..a1acca344 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -86,7 +86,7 @@ class Utils { return; } if (jfrogCredentials.oidcProviderName && cliRemote != '') { - core.info("'Fetching OIDC access token to download CLI from remote repository"); + core.debug("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = yield oidc_utils_1.OidcUtils.exchangeOidcToken(jfrogCredentials); } // Download JFrog CLI diff --git a/src/utils.ts b/src/utils.ts index f121c8231..e8ee9fc6d 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -100,7 +100,7 @@ export class Utils { return; } if (jfrogCredentials.oidcProviderName && cliRemote != '') { - core.info("'Fetching OIDC access token to download CLI from remote repository"); + core.debug("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = await OidcUtils.exchangeOidcToken(jfrogCredentials); } // Download JFrog CLI From 253ecb144ac987059f9acc2d1e91c9e41de57622 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Apr 2025 13:01:33 +0300 Subject: [PATCH 6/6] Add comments --- lib/utils.js | 2 ++ src/utils.ts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/utils.js b/lib/utils.js index a1acca344..0356c1588 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -85,6 +85,8 @@ class Utils { core.info('Found JFrog CLI in cache. No need to download'); return; } + // To download CLI from a remote repository, we first need to fetch an access token. + // This should fall back to the 'manual' oidc exchange method. if (jfrogCredentials.oidcProviderName && cliRemote != '') { core.debug("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = yield oidc_utils_1.OidcUtils.exchangeOidcToken(jfrogCredentials); diff --git a/src/utils.ts b/src/utils.ts index e8ee9fc6d..32de63c85 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -99,6 +99,8 @@ export class Utils { core.info('Found JFrog CLI in cache. No need to download'); return; } + // To download CLI from a remote repository, we first need to fetch an access token. + // This should fall back to the 'manual' oidc exchange method. if (jfrogCredentials.oidcProviderName && cliRemote != '') { core.debug("'Fetching OIDC access token to download CLI from remote repository"); jfrogCredentials.accessToken = await OidcUtils.exchangeOidcToken(jfrogCredentials);