# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: "Frogbot Scan" on: pull_request_target: types: [ opened, synchronize ] permissions: pull-requests: write jobs: scan-pull-request: runs-on: ubuntu-latest # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the # "frogbot" GitHub environment can approve the pull request to be scanned. environment: frogbot steps: - uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} # Install prerequisites - uncomment the relevant ones # - uses: actions/setup-go@v3 # with: # go-version: 1.17.x # - uses: actions/setup-java@v3 # with: # java-version: "11" # distribution: "temurin" # - uses: actions/setup-node@v3 # with: # node-version: "16.x" # - uses: gradle/gradle-build-action@v2 # - uses: actions/setup-dotnet@v2 # with: # dotnet-version: "3.1.x" # - uses: nuget/setup-nuget@v1 # with: # nuget-version: "5.x" # - uses: actions/setup-python@v3 # with: # python-version: "3.x" # - run: pipx install pipenv - uses: jfrog/frogbot@v2 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD JF_USER: ${{ secrets.JF_USER }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog password. Must be provided with JF_USER JF_PASSWORD: ${{ secrets.JF_PASSWORD }} # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Uncomment the below options if you'd like to use them. # [Mandatory when using npm] # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "npm i" # [Mandatory when using .NET] # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" # [Optional when using Nuget] # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "nuget restore" # [Optional when using Pip] # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "pip install" # [Optional when using Pipenv] # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "pipenv install" # [Optional, default: https://api.github.com] # API endpoint to GitHub # JF_GIT_API_ENDPOINT: https://github.example.com # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Optional, default: "."] # Relative path to the project in the git repository # JF_WORKING_DIR: path/to/working/dir # [Optional] # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches # JF_WATCHES: ,... # [Optional] # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects # JF_PROJECT: