Support terraform/yarn/podman and other build tool commands that has no specific task

[sverdlov93]

Is your feature request related to a problem? Please describe. Currently, there are multiple commands without a specific Azure task and it's not possible to run them using JFrog CLI task.

Describe the solution you'd like to see A possible solution is to support running multiple JFrog CLI command in one task and forward the serverID via an environment variable.

following:

• https://github.com/jfrog/jfrog-azure-devops-extension/issues/392
• https://github.com/jfrog/jfrog-azure-devops-extension/issues/371
• terraform support request by @agrosskurth

should also fix https://github.com/jfrog/jfrog-azure-devops-extension/issues/403

[Jan-Pleva]

Hi, we would also like the extension for Yarn ;) CLI already support Yarn. https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-BuildingNpmPackagesUsingtheYarnClient

[ChristopheLav]

Hi 👋,

I have a suggestion: why not simply create authentication tasks like Microsoft does for NuGet and some other technologies like Python, Maven and NPM ?

That way is more generic:

• Handle the authentication to JFrog (via Service Connection, specific to the product)
  • Login
  • Insert and do the logout (cleanup) at the end of the pipeline/job automatically
• Allows to use standard Helm/Terraform/NuGet/(...) tasks
• Allows to use scripting to run multiple commands in a standard way

I think it's simplier and not required specific tasks linked to a provider.

What do you think ?

[HugoVeillette]

+1 on this. You can add Helm CLI to the list. https://github.com/jfrog/jfrog-azure-devops-extension/issues/332

I like @ChristopheLav suggestion, this should be easier to maintain from @jfrog-ecosystem ends.

[sverdlov93]

Hi @HugoVeillette, @ChristopheLav, @Jan-Pleva @simbo1984, @marcuslopes, and @GProulx, jfrog-azure-devops-extension 2.6.0 is released and it allows to use JFrog CLI Task to run multiple commands and also it provides the Server ID and Build flags via environment variables. That way it can now support all JFrog CLI functionalities and new features and improvements that are being constantly updated. You can use it for example to run a full scenario of JFrog CLI commands. For example here is a Terraform scenario:

- task: JfrogCliV2@1
  inputs:
    jfrogPlatformConnection: 'JFrog Platform V2'
    command: |
      jf rt ping
      jf terraform-config --repo-deploy=terraform-remote 
      jf terraform publish --namespace=example --provider=aws --tag=v0.0.1

Looking forward to your feedback on it.

[ChristopheLav]

Hi @sverdlov93,

Thank you for the multiple commands support, it will help us.

What about my suggestion here? That allow to use each native Helm/Terraform/NuGet/NPM/Yarn/(...) CLI instead of the JFrog one. The JFrog CLI is good but linked to a specific ecosystem and don't compatible with native CLI.

The JFrog CLI should do the authentication in the supported way of each native CLI (and do the cleanup automatically at the end, this is a possibility to inject an "end" step when you write an ADO extension).

I think this way should close a lot of feedbacks and improve the possibilities overall.

For example, my users want to run the Helm or Terraform CLIs natively and when a Chart/Module is referenced, the native CLI will download automatically the requirement without any manual step with the JFrog CLI need to be done before. Currently they need to download each dependency manually to a folder and use the folder.

And for enterprise gouvernance, the user should don't manage manually the authentication token on their side. The administrators provisioned Service Connection (and do the rotation) for the users.

A workflow like that for Terraform would be really good:

- task: TerraformInstaller@0
  displayName: "Install Terraform"
  inputs:
    terraformVersion: '1.3.9'
    terraformDownloadLocation: 'https://releases.hashicorp.com/terraform'

- task: JfrogAuthenticateV2@1
  inputs:
    jfrogPlatformConnection: 'JFrog Platform V2'
    registryType: 'Terraform'

- script: |
    terraform init
    terraform plan -out=terraform.tfplan
  displayName: 'Terraform Plan'

And for Helm, somethings like that:

- task: HelmInstaller@0
  displayName: install helm
  inputs:
    helmVersion: 'latest'
    installKubectl: false

- task: JfrogAuthenticateV2@1
  inputs:
    jfrogPlatformConnection: 'JFrog Platform V2'
    registryType: 'Helm'

- task: HelmDeploy@0
  inputs:
    connectionType: 'Kubernetes Service Connection'  
    kubernetesServiceEndpoint: 'My K8S Cluster'
    command: 'upgrade'

- script: |
    helm XXXXX
  displayName: 'Helm command(s)'

I don't put an example for each technology, but it is similar for NuGet, NPM, Yarn and more.

What do you thing?

[HugoVeillette]

@sverdlov93 , I really like the suggestion proposed by @ChristopheLav .

About your suggestion, from what I read it's limited to "jfrog ..." cli support. Moreover, after giving a look at existing task, we can see validations put in many places making sure only "jfrog .." commands are execute through the CLi. We can't use the native CLI (like helm) as show cased by @ChristopheLav in the above example. I can understand we want to limit where and how the jfrog token is used for auth, but we also need to securely open the door to use the standards CLI complementary to jt.

[Jan-Pleva]

Hi, we would like to also have the JfrogAuthenticateV2, we have the same problem with Terraform use.

• task: JfrogAuthenticateV2@1 inputs: jfrogPlatformConnection: 'JFrog Platform V2' registryType: 'Terraform'

Similar to https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/azure_cli