Skip to content

BUILD-10591 Leverage setup-jfrog-cli summary in ci-github-actions#233

Draft
julien-carsique-sonarsource wants to merge 7 commits intomasterfrom
feat/jcarsique/BUILD-10591-setup-jfrog-cli-summary
Draft

BUILD-10591 Leverage setup-jfrog-cli summary in ci-github-actions#233
julien-carsique-sonarsource wants to merge 7 commits intomasterfrom
feat/jcarsique/BUILD-10591-setup-jfrog-cli-summary

Conversation

@julien-carsique-sonarsource
Copy link
Contributor

@julien-carsique-sonarsource julien-carsique-sonarsource commented Mar 16, 2026
edited
Loading

Summary

Add jfrog/setup-jfrog-cli@v4.9.1 to all build and promote actions
to leverage the JFrog Job Summary feature,
which automatically generates a GitHub Actions workflow summary showing artifact publishing results, curation audits,
and security scanning outcomes.

Changes per action

Action JFrog CLI previously Notes
build-npm via mise.local.toml Added ARTIFACTORY_ACCESS_TOKEN to vault step (was missing); removed from mise
build-yarn via mise.local.toml Removed from mise
build-poetry via mise.local.toml Removed from mise
build-gradle none Added reader role + token to vault; summary will capture Gradle Artifactory plugin build info
build-maven via deploy-artifacts.sh (mixed-privacy) Added reader role + token to vault; summary captures Maven Artifactory plugin build info
promote via mise.local.toml Replaced mise with setup-jfrog-cli; added repox-url input; removed mise step (no remaining tools)

Additional changes

  • disable-auto-build-publish: true on all steps — builds already call jf rt build-publish manually in their scripts; this avoids duplicate build-info publications
  • Pin jfrog-cli version to 2.77.0 via the version: input (previously pinned in mise.local.toml)
  • Add Renovate custom manager in .github/renovate.json to keep the pinned version up to date
  • Upgrade renovatebot/pre-commit-hooks from 37.418.1 to 43.76.3 to support the managerFilePatterns field

Test plan

@julien-carsique-sonarsource @claude
BUILD-10591 Leverage setup-jfrog-cli summary in ci-github-actions
6910d87 
- Add jfrog/setup-jfrog-cli@v4.9.1 step to build-npm, build-yarn, and build-poetry actions
- Use disable-auto-build-publish: true to avoid duplicate build-info publications
  (builds already call jf rt build-publish manually)
- Authenticate with reader access token (ARTIFACTORY_ACCESS_TOKEN) for JFrog summary links;
  add ARTIFACTORY_ACCESS_TOKEN to build-npm vault step (already present in build-yarn and build-poetry)
- Remove jfrog-cli from mise.local.toml in build-npm, build-yarn, build-poetry
  (setup-jfrog-cli installs the JFrog CLI)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 16, 2026
edited by atlassian bot
Loading

BUILD-10591

@julien-carsique-sonarsource @claude
BUILD-10591 Pin jfrog-cli version and manage via Renovate
d26ba18 
- Pin jfrog-cli version to 2.77.0 in jfrog/setup-jfrog-cli `version` input
  (previously managed by mise.local.toml; now managed via setup-jfrog-cli)
- Add Renovate custom manager to track jfrog-cli version upgrades,
  following the same pattern as the jdx/mise-action version manager
  in SonarSource/renovate-config:default

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@julien-carsique-sonarsource @claude
Upgrade renovate pre-commit validator to 43.76.3
085a2ac 
Also switch renovate.json to use `managerFilePatterns` (v38+ field name)
instead of the deprecated `fileMatch`.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@julien-carsique-sonarsource @claude
Fix Renovate regex pattern for jfrog-cli version tracking
e2a0834 
Use [\s\S]*? to skip the env: block between uses: and with:,
replacing the over-engineered pattern that tried to enumerate
intermediate lines step by step.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 16, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@julien-carsique-sonarsource @claude
BUILD-10591 Add Setup JFrog CLI to build-gradle, build-maven and promote
384f0a5 
Enable JFrog Job Summary for Maven and Gradle builds (even though
they don't call jf directly, the summary captures build info
published by the Maven/Gradle Artifactory plugins).

For promote, replace mise-managed jfrog-cli with setup-jfrog-cli
and add repox-url input for consistency with other actions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@julien-carsique-sonarsource
BUILD-10591 fix deploy
749eda3
@julien-carsique-sonarsource
BUILD-10591 custom-server-id
d2fdd06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@julien-carsique-sonarsource