Open yarinsa opened 1 year ago
Hi @yarinsa, thank you for informing us about this issue. Can you please share the YAML file that you used?
We had to fork the bot to our organization as we are not installing actions that are not verified, so we security review and fork, but its the exact same code as you guys (no change)
Setup yarn for me is a custom action trying to deal with the difference of authenticating with jfrog: For example: using api_key & user (our local setup) yarn config set npmAuthIdent user:api_key using password & user (CI setup) yarn config set npmAuthIdent (user:password | base64)
I didn't see any reference of you guys setting this up in the action env here
Thanks, @yarinsa for the detailed information. We do set this env here: https://github.com/jfrog/frogbot/blob/9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250/commands/utils/params.go#L91
Could you please run this again with debug logs? Please add the following environment variable to Frogbot on Github: JFROG_CLI_LOG_LEVEL With value: DEBUG
@omerzi I ended up using "yarn audit" which access jfrog x-ray anyway
@yarinsa I'm glad that it worked for you, and thank you for the feedback! It would be greatly appreciated if you could help us understand this issue better, so we can take the right steps moving forward. Have you used the JFrog CLI command 'audit yarn' to fix it?
nope. I fixed them manually , as for the log level, will do and update here
/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request
07:34:49 [Info] Running Frogbot "scan-pull-request" command
07:34:49 [Info] Auditing /runner/_work/TIP/TIP
07:34:49 [Info] Executing 'yarn' [install] at /runner/_work/TIP/TIP
07:34:49 [Debug] Usage Report: Sending info...
07:34:49 [Debug] Sending HTTP GET request to: ***/artifactory/api/system/version
07:34:49 [Debug] Artifactory response: 200 OK
07:34:49 [Debug] JFrog Artifactory version is: 7.42.5
07:34:49 [Debug] Sending HTTP POST request to: ***/artifactory/api/system/usage
07:34:49 [Debug] Usage Report: Artifactory response: 200 OK
07:34:49 [Debug] Usage Report: Usage info sent successfully.
07:34:54 [Info] Detected: yarn.
07:34:55 [Debug] Sending HTTP GET request to: ***/xray/api/v1/system/version
07:34:55 [Info] JFrog Xray version is: 3.57.6
07:34:55 [Info] Scanning module tip:portal:0.37.0...
07:34:55 [Debug] Sending HTTP POST request to: ***/xray/api/v1/scan/graph?scan_type=dependency
07:34:55 [Info] Waiting for scan to complete...
07:34:55 [Debug] Sending HTTP GET request to: ***/xray/api/v1/scan/graph/9a[15](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:16)a1d2-1ddf-4109-4fba-e25ba26caa1d?include_vulnerabilities=true
07:34:55 [Info] Auditing TIP refs/pull/59/merge
07:34:55 [Debug] Created temp working directory: /tmp/jfrog.cli.temp.-[16](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:17)64782495-394088[23](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:24)43
07:34:55 [Debug] Downloading transmitsecurity-dev/TIP , branch:refs/pull/59/merge to:/tmp/jfrog.cli.temp.-166478[24](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:25)95-3940882[34](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:35)3
07:34:56 [Debug] Downloading repository completed
07:34:56 [Info] Executing 'yarn' [install] at /tmp/jfrog.cli.temp.-1664782495-3940882343
07:34:56 [Info] Couldn't run the installation command on the base branch. Assuming new project in the source branch: exit status 1
07:34:56 [Info] Detected: yarn.
07:34:57 [Warn] An error was thrown while collecting dependencies info: exit status 1
Command output:
Usage Error: Environment variable not found (JF_USER) in /tmp/jfrog.cli.temp.-1664782495-[39](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:40)[40](https://github.com/transmitsecurity-dev/TIP/actions/runs/3172355902/jobs/5166741757#step:7:41)882343/.yarnrc.yml (in /tmp/jfrog.cli.temp.-1664782495-3940882343/.yarnrc.yml)
━━━ Yarn Package Manager - 3.2.2 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
$ yarn <command>
You can also print more details about any of these commands by calling them with
the `-h,--help` flag right after the command name.
Describe the bug
I created a setup of yarn2 using the workflow you guys provided. And it's seems like JF_USER is undefined even tho it's set up.
To Reproduce Just do your starter flow
Expected behavior The run will go as planned
Screenshots
Versions
Additional context I looked in your code I didn't see any place that you are setting up JF_USER in your env. I also tried to supply JF_USER in: