search

jfrog / frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖
https://docs.jfrog-applications.jfrog.io/
Apache License 2.0
305 stars 72 forks source link

what to do if we have 2 dotnet .sln files in same directory #557

Open yalamarthisr opened 1 year ago

yalamarthisr commented 1 year ago

workflow is erroring out saying while frogbot scanning the PR dotnet restore' command failed: exit status 1 - MSBUILD : error MSB1011: Specify which project or solution file to use because this folder contains more than one project or solution file. complaining test3 has 2 dotnet projects (2 .sln files)

and If I mention .sln file similar to this below it is complaining as The directory name is invalid. `- params: git: repoName: test branches:

eranturgeman commented 1 year ago

Hello @yalamarthisr and thank you for contacting us! Can you please provide more details about the problem? I need the complete error log in order to figure out when exactly this error happened- during the scan phase or the fix phase

yalamarthisr commented 1 year ago

@eranturgeman Thank you for the response. Here is the full error stack Error: 1 [Error] audit command in 'C:\Users\RUNNER~1\AppData\Local\Temp\jfrog.cli.temp.-1698238934-2132052898\test' failed: failed while building 'nuget' dependency tree: 'dotnet restore' command failed: exit status 1 - MSBUILD : error MSB1011: Specify which project or solution file to use because this folder contains more than one project or solution file. in the previos step I did nuget restore for all the projects

eranturgeman commented 1 year ago

@yalamarthisr I need you please to verify several things and provide some extra details: 1) can you please provide the exact 'install' commands you executed on each of the directories? did you use 'nuget restore' or 'dotnet restore'? 2) did you provide in your install command any flag that directs the install command to a specific config file (like --configFile in 'dotnet restore')? 3) do you have .NET CLI on your maching or do you use older NuGet CLI version? 4) did you provide any install command in frogbot-config.yml?

FYI when you define working dirs you cannot specify a path to a .sln file. this will not work, only paths to directories

yalamarthisr commented 1 year ago

@eranturgeman Thank you for the response. This is what I did in the previous steps right before frogbot action. I am using github actions

dotnet nuget add source https://test.jfrog.io/artifactory/api/nuget/nuget -n Artifactory -u ${{ secrets.ARTIFACTORY_READONLY_USER }} -p ${{ secrets.ARTIFACTORY_READONLY_APIKEY }} --store-password-in-clear-text dotnet restore ./test1.sln dotnet restore ./test2.sln

      test1.sln and test2.sln are in same directory. below is how my frogbot config looks like

      `- params:
git:
  repoName: xyz
  branches:
    - main
scan:
  includeAllVulnerabilities: true
  failOnSecurityIssues: false
  projects:
    - workingDirs:
        - "./test"`

So assume that in test directroy I have tes1.sln and test2.sln.

eranturgeman commented 1 year ago

@yalamarthisr Thank you for providing the information. We are working on a permanent solution for this problem, that will make the work with several sln files easier. Until then I can suggest the following solution: Instead of running 'dotnet restore' and 'dotnet nuget add source..." on your own, try adding these commands/parameters to frogbot-config.yml: 1) Under 'projects' section you can provide the 'install command' you want- just add the exact command you run (with the path to the sln file). As for now you can provide a single 'install command' for each project so you will have to choose the sln file you want for the project. (for the other one you can run 'dotnet restore' on your own but it might not recognize all dependencies) 2) Under 'projects' section you can also provide a 'repository'. You should provide a name of an Artifactory repository from which you want to resolve your dependencies. Once you configured an Artifactory sever (with 'jf nuget-config') and provided the repo's name, the rest will happen automatically and the source will be added without any additional steps from you.

Please make sure you are following out json schema, and please let us know if this solution works for you. If you still experiencing any issues please let us know Screenshot 2023-10-29 at 11 25 25

yalamarthisr commented 1 year ago

@eranturgeman Thank you. Do we have any time lines for the above ask so that frogbot can still run if we have 2 project files in same directory?.

eranturgeman commented 1 year ago

You're welcome, @yalamarthisr. I hope my solution was helpful to you. If not, please inform me so that I can explore additional options to assist you.

Regarding a more permanent solution, our ongoing efforts are focused on automating Frogbot. This initiative aims to eliminate the need for users to manually execute an 'install' command or supply one themselves. Implementing automatic 'install' support for projects with multiple .sln files involves significant infrastructure modifications and adjustments. As a result, it will require some time to complete. Unfortunately, we currently do not have an estimated timeline for this feature.

Our objective is to introduce an automated 'install' command that accommodates projects with varying numbers of .sln files. Additionally, users will have the option to provide an 'install' command for each if needed.

Please stay updated for further developments. We will do out best to keep you informed about any progress in this area.