Secret Token Validation feature #969
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: JFrog CLI Security Tests | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags-ignore: | |
| - '**' | |
| # Triggers the workflow on labeled PRs only. | |
| pull_request_target: | |
| types: [ labeled ] | |
| # Ensures that only the latest commit is running for each PR at a time. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' | |
| runs-on: ${{ matrix.os }}-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu, windows, macos ] | |
| env: | |
| GOPROXY: direct | |
| GRADLE_OPTS: -Dorg.gradle.daemon=false | |
| CI: true | |
| JFROG_CLI_LOG_LEVEL: DEBUG | |
| steps: | |
| # Install dependencies | |
| - name: Install Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.22.x | |
| - name: Install npm | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: "16" | |
| - name: Setup Pnpm | |
| uses: pnpm/action-setup@v3 | |
| with: | |
| version: 8 | |
| - name: Install Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "11" | |
| distribution: "adopt" | |
| - name: Install NuGet | |
| uses: nuget/setup-nuget@v1 | |
| with: | |
| nuget-version: 6.x | |
| - name: Install dotnet | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: '6.x' | |
| - name: Setup Python3 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.x" | |
| - name: Setup Pipenv | |
| run: python -m pip install pipenv | |
| - name: Setup Poetry | |
| run: python -m pip install poetry | |
| - name: Setup Conan | |
| run: | | |
| python -m pip install conan | |
| conan profile detect | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v2 | |
| with: | |
| gradle-version: 7.6 | |
| # Checkout code | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| # Test | |
| - name: Run security tests (without Docker Scan) | |
| run: go test -v github.com/jfrog/jfrog-cli-security --race --timeout 0 --test.security --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --jfrog.user=${{ secrets.PLATFORM_USER }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }} --ci.runId=${{ runner.os }}-xray | |
| if: ${{ matrix.os != 'ubuntu' }} | |
| - name: Run security tests (with Docker Scan, only on Ubuntu) | |
| run: go test -v github.com/jfrog/jfrog-cli-security --race --timeout 0 --test.security --test.dockerScan --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} --test.containerRegistry=${{ secrets.CONTAINER_REGISTRY }} --ci.runId=${{ runner.os }}-xray | |
| if: ${{ matrix.os == 'ubuntu' }} |