jfrog / setup-jfrog-cli

Set up JFrog CLI in your GitHub Actions workflow
Apache License 2.0
249 stars 82 forks source link

action consumes github anonymous rest api rate limit #223

Open kduret opened 2 weeks ago

kduret commented 2 weeks ago

Describe the bug

the action uses anonymous request instead of github_token provided by the worklow github rest api rate limit (60) can be quickly reached.

this happens only when using custom jfrog url

Current behavior

1 anonymous request is consumed when using setup-jfrog-cli

Reproduction steps

name: test-jfrog

on:
  pull_request:

jobs:
  test-jfrog:
    runs-on: ubuntu-24.04
    steps:
      - name: Check workflow statuses and display token usage before setup-jfrog-cli
        run: |
          echo ""
          echo ""
          echo "current rest api rate usage using github token:"
          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""
          echo "current rest api rate usage for anonymous:"
          curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""

      - uses: jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5 # v4.4.1
        env:
          JF_URL: <custom_jfrog_url>
          JF_ACCESS_TOKEN: <access_token>

      - name: Check workflow statuses and display token usage after setup-jfrog-cli
        run: |
          echo "current rest api rate usage using github token:"
          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""
          echo "current rest api rate usage for anonymous:"
          curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""

Expected behavior

0 anonymous request is consumed when using setup-jfrog-cli

Setup JFrog CLI version

4.4.1

JFrog CLI version

2.67.0

Workflow operating system type and version

ubuntu-24.04

JFrog Artifactory version (if relevant)

JFrog Cloud

JFrog Xray version (if relevant)

No response

sverdlov93 commented 2 weeks ago

Hi @kduret, Thanks for reaching out Can you provide the logs frog the WF run?

kduret commented 6 days ago

Hi @kduret, Thanks for reaching out Can you provide the logs frog the WF run?

Hi, here are the logs :

2024-11-08T13:36:38.4157055Z Current runner version: '2.320.0'
2024-11-08T13:36:38.4322478Z ##[group]Operating System
2024-11-08T13:36:38.4323647Z Ubuntu
2024-11-08T13:36:38.4324115Z 24.04.1
2024-11-08T13:36:38.4324572Z LTS
2024-11-08T13:36:38.4325026Z ##[endgroup]
2024-11-08T13:36:38.4325544Z ##[group]Runner Image
2024-11-08T13:36:38.4326179Z Image: ubuntu-24.04
2024-11-08T13:36:38.4326749Z Version: 20241103.1.0
2024-11-08T13:36:38.4328379Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20241103.1/images/ubuntu/Ubuntu2404-Readme.md
2024-11-08T13:36:38.4330938Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20241103.1
2024-11-08T13:36:38.4332431Z ##[endgroup]
2024-11-08T13:36:38.4333016Z ##[group]Runner Image Provisioner
2024-11-08T13:36:38.4334089Z 2.0.384.1
2024-11-08T13:36:38.4334607Z ##[endgroup]
2024-11-08T13:36:38.4363846Z ##[group]GITHUB_TOKEN Permissions
2024-11-08T13:36:38.4366199Z Actions: write
2024-11-08T13:36:38.4367017Z Attestations: write
2024-11-08T13:36:38.4367685Z Checks: write
2024-11-08T13:36:38.4368216Z Contents: write
2024-11-08T13:36:38.4368778Z Deployments: write
2024-11-08T13:36:38.4369361Z Discussions: write
2024-11-08T13:36:38.4369923Z Issues: write
2024-11-08T13:36:38.4370478Z Metadata: read
2024-11-08T13:36:38.4371056Z Packages: write
2024-11-08T13:36:38.4371619Z Pages: write
2024-11-08T13:36:38.4372162Z PullRequests: write
2024-11-08T13:36:38.4372844Z RepositoryProjects: write
2024-11-08T13:36:38.4373944Z SecurityEvents: write
2024-11-08T13:36:38.4374635Z Statuses: write
2024-11-08T13:36:38.4375211Z ##[endgroup]
2024-11-08T13:36:38.4378192Z Secret source: Actions
2024-11-08T13:36:38.4379052Z Prepare workflow directory
2024-11-08T13:36:38.5350681Z Prepare all required actions
2024-11-08T13:36:38.5578796Z Getting action download info
2024-11-08T13:36:38.7399067Z Download action repository 'jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5' (SHA:9fe0f98bd45b19e6e931d457f4e98f8f84461fb5)
2024-11-08T13:36:39.3224974Z Complete job name: test-jfrog
2024-11-08T13:36:39.4216124Z ##[group]Run echo ""
2024-11-08T13:36:39.4216608Z echo ""
2024-11-08T13:36:39.4216934Z echo ""
2024-11-08T13:36:39.4217432Z echo "current rest api rate usage using github token:"
2024-11-08T13:36:39.4219172Z curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ***" https://api.github.com/rate_limit | jq .rate.used
2024-11-08T13:36:39.4220250Z echo ""
2024-11-08T13:36:39.4220557Z echo ""
2024-11-08T13:36:39.4220995Z echo "current rest api rate usage for anonymous:"
2024-11-08T13:36:39.4222025Z curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
2024-11-08T13:36:39.4222902Z echo ""
2024-11-08T13:36:39.4223198Z echo ""
2024-11-08T13:36:39.4259279Z shell: /usr/bin/bash -e {0}
2024-11-08T13:36:39.4259708Z ##[endgroup]
2024-11-08T13:36:39.4554032Z 
2024-11-08T13:36:39.4554803Z 
2024-11-08T13:36:39.4556392Z current rest api rate usage using github token:
2024-11-08T13:36:39.6461133Z 0
2024-11-08T13:36:39.6461982Z 
2024-11-08T13:36:39.6462949Z 
2024-11-08T13:36:39.6464118Z current rest api rate usage for anonymous:
2024-11-08T13:36:39.6908287Z 0
2024-11-08T13:36:39.6917117Z 
2024-11-08T13:36:39.6917130Z 
2024-11-08T13:36:39.7176546Z ##[group]Run jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5
2024-11-08T13:36:39.7177432Z with:
2024-11-08T13:36:39.7177891Z   version: 2.67.0
2024-11-08T13:36:39.7178351Z   disable-job-summary: false
2024-11-08T13:36:39.7178846Z   disable-auto-build-publish: false
2024-11-08T13:36:39.7179454Z env:
2024-11-08T13:36:39.7179842Z   JF_URL: https://centreon.jfrog.io
2024-11-08T13:36:39.7180949Z   JF_ACCESS_TOKEN: ***
2024-11-08T13:36:39.7181434Z ##[endgroup]
2024-11-08T13:36:39.9654195Z ##[group]Setup JFrog CLI
2024-11-08T13:36:39.9680216Z Downloading JFrog CLI from https://releases.jfrog.io/artifactory/jfrog-cli/v2/2.67.0/jfrog-cli-linux-amd64/jfrog
2024-11-08T13:36:40.6573215Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf config add setup-jfrog-cli-server --url https://centreon.jfrog.io --interactive=false --overwrite=true --access-token ***
2024-11-08T13:36:40.7958428Z 13:36:40 [Warn] You are using JFrog CLI version 2.67.0, however version 2.71.3 is available.
2024-11-08T13:36:40.8076969Z To install the latest version, visit: https://jfrog.com/getcli
2024-11-08T13:36:40.8078357Z To see the release notes, visit: https://github.com/jfrog/jfrog-cli/releases
2024-11-08T13:36:40.8079608Z To avoid this message, set the JFROG_CLI_AVOID_NEW_VERSION_WARNING variable to TRUE
2024-11-08T13:36:40.8080827Z 13:36:40 [Warn] couldn't extract payload from Access Token.
2024-11-08T13:36:40.8081878Z The provided access token is not a valid JWT, probably a reference token.
2024-11-08T13:36:40.8083163Z Some package managers only support basic authentication which requires also a username.
2024-11-08T13:36:40.8084922Z If you plan to work with one of those package managers, please provide a username.
2024-11-08T13:36:40.8086430Z ##[endgroup]
2024-11-08T13:36:40.8146750Z ##[group]Run echo "current rest api rate usage using github token:"
2024-11-08T13:36:40.8147844Z echo "current rest api rate usage using github token:"
2024-11-08T13:36:40.8149935Z curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ***" https://api.github.com/rate_limit | jq .rate.used
2024-11-08T13:36:40.8151273Z echo ""
2024-11-08T13:36:40.8151689Z echo ""
2024-11-08T13:36:40.8152267Z echo "current rest api rate usage for anonymous:"
2024-11-08T13:36:40.8153789Z curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
2024-11-08T13:36:40.8154887Z echo ""
2024-11-08T13:36:40.8155296Z echo ""
2024-11-08T13:36:40.8206149Z shell: /usr/bin/bash -e {0}
2024-11-08T13:36:40.8206669Z env:
2024-11-08T13:36:40.8207723Z   JFROG_CLI_ENV_EXCLUDE: *password*;*secret*;*key*;*token*;*auth*;JF_ARTIFACTORY_*;JF_ENV_*;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN
2024-11-08T13:36:40.8208966Z   JFROG_CLI_OFFER_CONFIG: false
2024-11-08T13:36:40.8209538Z   JFROG_CLI_BUILD_NAME: test-jfrog
2024-11-08T13:36:40.8210099Z   JFROG_CLI_BUILD_NUMBER: 5
2024-11-08T13:36:40.8211067Z   JFROG_CLI_BUILD_URL: https://github.com/************/actions/runs/11743141754
2024-11-08T13:36:40.8212275Z   JFROG_CLI_USER_AGENT: setup-jfrog-cli-github-action/4.4.1
2024-11-08T13:36:40.8213195Z   JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: /home/runner/work/_temp
2024-11-08T13:36:40.8214263Z ##[endgroup]
2024-11-08T13:36:40.8298105Z current rest api rate usage using github token:
2024-11-08T13:36:40.9592090Z 0
2024-11-08T13:36:40.9614531Z 
2024-11-08T13:36:40.9614861Z 
2024-11-08T13:36:40.9615560Z current rest api rate usage for anonymous:
2024-11-08T13:36:41.0095429Z 1
2024-11-08T13:36:41.0099181Z 
2024-11-08T13:36:41.0099265Z 
2024-11-08T13:36:41.0170227Z Post job cleanup.
2024-11-08T13:36:41.1594187Z ##[group]Checking connection to JFrog Artifactory
2024-11-08T13:36:41.1634022Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf rt ping
2024-11-08T13:36:41.8884745Z OK
2024-11-08T13:36:41.8915221Z ##[endgroup]
2024-11-08T13:36:41.8919106Z ##[group]Check for unpublished modules
2024-11-08T13:36:41.8942130Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf rt build-publish --dry-run
2024-11-08T13:36:41.9133198Z 13:36:41 [Info] [Dry run] Logging Build info preview...
2024-11-08T13:36:41.9137727Z {
2024-11-08T13:36:41.9140084Z   "name": "test-jfrog",
2024-11-08T13:36:41.9140531Z   "number": "5",
2024-11-08T13:36:41.9140959Z   "agent": {
2024-11-08T13:36:41.9141521Z     "name": "setup-jfrog-cli-github-action",
2024-11-08T13:36:41.9142132Z     "version": "4.4.1"
2024-11-08T13:36:41.9142528Z   },
2024-11-08T13:36:41.9142867Z   "buildAgent": {
2024-11-08T13:36:41.9143251Z     "name": "GENERIC",
2024-11-08T13:36:41.9143866Z     "version": "2.67.0"
2024-11-08T13:36:41.9144415Z   },
2024-11-08T13:36:41.9144897Z   "started": "2024-11-08T13:36:41.912+0000",
2024-11-08T13:36:41.9146243Z   "url": "https://github.com/centreon/centreon-plugin-packs/actions/runs/11743141754"
2024-11-08T13:36:41.9147095Z }
2024-11-08T13:36:42.5984954Z ##[endgroup]
2024-11-08T13:36:42.5986339Z ##[group]Generating Job Summary
2024-11-08T13:36:42.6006375Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf generate-summary-markdown
2024-11-08T13:36:43.3517335Z No code scanning sarif file was found.
2024-11-08T13:36:43.3539946Z ##[endgroup]
2024-11-08T13:36:43.3541287Z ##[group]Cleanup JFrog CLI servers configuration
2024-11-08T13:36:43.3567386Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf c rm --quiet
2024-11-08T13:36:43.3685725Z ##[endgroup]
2024-11-08T13:36:43.3877751Z Cleaning up orphan processes