BUILD-10591 Leverage setup-jfrog-cli summary in ci-github-actions

.pre-commit-config.yaml

@@ -30,7 +30,7 @@ repos:
     hooks:
       - id: markdownlint
   - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 731b86757c909f5eb4753ce1e743c64bd18f5ea8  # 37.418.1
+    rev: 99eaa5b893df4f917fe21b5705cc42f28cb3d842  # 43.76.3
     hooks:
       - id: renovate-config-validator
   - repo: https://github.com/rhysd/actionlint

README.md

@@ -1227,13 +1227,15 @@ promote:
 
 ### Inputs
 
-| Input                     | Description                                                                                                               | Default             |
-|---------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------|
-| `promote-pull-request`    | Whether to promote pull request artifacts. Requires `deploy-pull-request` input to be set to `true` in the build action   | `false`             |
-| `multi-repo`              | If true, promotes to public and private repositories. For projects with both public and private artifacts                 | (optional)          |
-| `artifactory-deploy-repo` | Repository to deploy to. If not set, it will be retrieved from the build info                                             | (optional)          |
-| `artifactory-target-repo` | Target repository for the promotion. If not set, it will be determined based on the branch type and the deploy repository | (optional)          |
-| `build-name`              | Name of the JFrog build to promote.                                                                                       | `<Repository name>` |
+| Input                     | Description                                                                                                               | Default                  |
+|---------------------------|---------------------------------------------------------------------------------------------------------------------------|--------------------------|
+| `repox-url`               | URL for Repox                                                                                                             | `https://repox.jfrog.io` |
+| `repox-artifactory-url`   | URL for Repox Artifactory API (overrides repox-url/artifactory if provided)                                               | (optional)               |
+| `promote-pull-request`    | Whether to promote pull request artifacts. Requires `deploy-pull-request` input to be set to `true` in the build action   | `false`                  |
+| `multi-repo`              | If true, promotes to public and private repositories. For projects with both public and private artifacts                 | (optional)               |
+| `artifactory-deploy-repo` | Repository to deploy to. If not set, it will be retrieved from the build info                                             | (optional)               |
+| `artifactory-target-repo` | Target repository for the promotion. If not set, it will be determined based on the branch type and the deploy repository | (optional)               |
+| `build-name`              | Name of the JFrog build to promote.                                                                                       | `<Repository name>`      |
 
 ### Outputs
 

build-gradle/action.yml

@@ -121,6 +121,7 @@ runs:
           (github.event.repository.visibility == 'public' && 'public-deployer' || 'qa-deployer') }}
       run: |
         echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV"
+
     - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0
       id: secrets
       with:

build-maven/build.sh

@@ -12,7 +12,7 @@
 # - SQC_EU_URL: URL of SonarQube server for sqc-eu platform
 # - SQC_EU_TOKEN: Access token to send analysis reports to SonarQube for sqc-eu platform
 # - RUN_SHADOW_SCANS: If true, run sonar scanner on all 3 platforms. If false, run on the platform provided by SONAR_PLATFORM.
-# - ARTIFACTORY_URL: Artifactory repository URL
+# - ARTIFACTORY_URL: URL to Artifactory repository
 # - ARTIFACTORY_ACCESS_TOKEN: Access token to read Repox repositories
 # - ARTIFACTORY_DEPLOY_REPO: Deployment repository name. Required by maven-enforcer-plugin in SonarSource parent POM.
 # - ARTIFACTORY_DEPLOY_USERNAME: Username used by artifactory-maven-plugin

build-maven/deploy-artifacts.sh

@@ -32,22 +32,22 @@ build_name="${GITHUB_REPOSITORY#*/}"
 pushd "$MAVEN_CONFIG/repository"
 
 echo "::group::Configure JFrog deployment"
-jfrog config add deploy --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
-jfrog config use deploy
+jf config add deploy --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+jf config use deploy
 echo "::endgroup::"
 
 echo "::group::Deploy public artifacts"
 echo "Deploying public artifacts..."
 for artifact in "${public_artifacts[@]}"; do
-  jfrog rt u --build-name "$build_name" --build-number "$BUILD_NUMBER" "$artifact" "${ARTIFACTORY_DEPLOY_REPO}"
+  jf rt u --build-name "$build_name" --build-number "$BUILD_NUMBER" "$artifact" "${ARTIFACTORY_DEPLOY_REPO}"
 done
 echo "::endgroup::"
 
 echo "::group::Deploy private artifacts"
 echo "Deploying private artifacts..."
-jfrog config edit deploy --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_DEPLOY_ACCESS_TOKEN"
+jf config edit deploy --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_DEPLOY_ACCESS_TOKEN"
 for artifact in "${private_artifacts[@]}"; do
-  jfrog rt u --build-name "$build_name" --build-number "$BUILD_NUMBER" "$artifact" "${ARTIFACTORY_PRIVATE_DEPLOY_REPO}"
+  jf rt u --build-name "$build_name" --build-number "$BUILD_NUMBER" "$artifact" "${ARTIFACTORY_PRIVATE_DEPLOY_REPO}"
 done
 echo "::endgroup::"
 

build-npm/action.yml

@@ -110,7 +110,7 @@ runs:
         echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV"
         cp "$ACTION_PATH_BUILD_NPM/mise.local.toml" mise.local.toml
         if [[ "$CACHE_NPM" != "true" ]]; then
-          echo "::warning::The \`cache-npm\` input is deprecated and will be removed in future releases. " \
+          echo "::warning::The \`cache-npm\` input is deprecated and will be removed in future releases." \
             "Use \`disable-caching\` instead." >&2
         fi
 
@@ -168,9 +168,27 @@ runs:
         SQC_EU_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SQC_EU_TOKEN }}
         SQC_US_URL: ${{ fromJSON(steps.secrets.outputs.vault).SQC_US_URL }}
         SQC_US_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SQC_US_TOKEN }}
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
+        # JFROG_CLI_GITHUB_TOKEN:
       working-directory: ${{ inputs.working-directory }}
       run: $ACTION_PATH_BUILD_NPM/build.sh
 
+    - name: Generate JFrog CLI summary
+      if: always()
+      shell: bash
+      env:
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
+      run: |
+        jf_summary_dir="${JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR}/jfrog-command-summary"
+        if [[ -d "$jf_summary_dir" ]]; then
+          find "$jf_summary_dir" -type f
+          jf config use repox
+          jf generate-summary-markdown
+          if [[ -f "${jf_summary_dir}/markdown.md" ]]; then
+            cat "${jf_summary_dir}/markdown.md" >> "$GITHUB_STEP_SUMMARY"
+          fi
+        fi
+
     - name: Archive logs
       if: failure()
       uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

build-npm/build.sh

@@ -100,7 +100,8 @@ sonar_scanner_implementation() {
 jfrog_npm_publish() {
   echo "Configuring JFrog and NPM repositories..."
   jf config remove repox > /dev/null 2>&1 || true # Ignore inexistent configuration
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config use repox
   jf npm-config --repo-resolve "npm" --repo-deploy "$ARTIFACTORY_DEPLOY_REPO"
 
   export PROJECT="${GITHUB_REPOSITORY#*/}"

build-npm/mise.local.toml

@@ -1,3 +1,7 @@
 [tools]
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
 jq = "1.8.1"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"

build-poetry/action.yml

@@ -105,6 +105,7 @@ runs:
         echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"
         echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV"
         cp "$ACTION_PATH_BUILD_POETRY/mise.local.toml" mise.local.toml
+
     - uses: ./.actions/get-build-number
       id: get_build_number
       with:
@@ -164,10 +165,27 @@ runs:
         SQC_US_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SQC_US_TOKEN }}
         SONAR_PLATFORM: ${{ inputs.sonar-platform }}
         RUN_SHADOW_SCANS: ${{ inputs.run-shadow-scans }}
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
       run: |
         cd "${{ inputs.working-directory }}"
         "$ACTION_PATH_BUILD_POETRY/build.sh"
 
+    - name: Generate JFrog CLI summary
+      if: always()
+      shell: bash
+      env:
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
+      run: |
+        jf_summary_dir="${JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR}/jfrog-command-summary"
+        if [[ -d "$jf_summary_dir" ]]; then
+          find "$jf_summary_dir" -type f
+          jf config use repox
+          jf generate-summary-markdown
+          if [[ -f "${jf_summary_dir}/markdown.md" ]]; then
+            cat "${jf_summary_dir}/markdown.md" >> "$GITHUB_STEP_SUMMARY"
+          fi
+        fi
+
     - name: Generate provenance attestation
       if: >-
         ${{ inputs.provenance == 'true' &&

build-poetry/build.sh

@@ -263,14 +263,16 @@ get_build_config() {
 }
 
 jfrog_poetry_install() {
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf config use repox
   jf poetry-config --server-id-resolve repox --repo-resolve "$ARTIFACTORY_PYPI_REPO"
   jf poetry install --build-name="$PROJECT" --build-number="$BUILD_NUMBER"
 }
 
 jfrog_poetry_publish() {
   jf config remove repox
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config use repox
   project_name=$(poetry version | awk '{print $1}')
   pushd dist
   jf rt upload ./ "$ARTIFACTORY_DEPLOY_REPO/$project_name/$PROJECT_VERSION/" --module="$project_name:$PROJECT_VERSION" \

build-poetry/mise.local.toml

@@ -1,2 +1,6 @@
 [tools]
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"

build-yarn/action.yml

@@ -112,7 +112,7 @@ runs:
         echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV"
         cp "$ACTION_PATH_BUILD_YARN/mise.local.toml" mise.local.toml
         if [[ "$CACHE_YARN" != "true" ]]; then
-          echo "::warning::The \`cache-yarn\` input is deprecated and will be removed in future releases. " \
+          echo "::warning::The \`cache-yarn\` input is deprecated and will be removed in future releases." \
             "Use \`disable-caching\` instead." >&2
         fi
 
@@ -175,9 +175,26 @@ runs:
         SQC_US_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SQC_US_TOKEN }}
         SONAR_PLATFORM: ${{ inputs.sonar-platform }}
         RUN_SHADOW_SCANS: ${{ inputs.run-shadow-scans }}
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
       working-directory: ${{ inputs.working-directory }}
       run: $ACTION_PATH_BUILD_YARN/build.sh
 
+    - name: Generate JFrog CLI summary
+      if: always()
+      shell: bash
+      env:
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
+      run: |
+        jf_summary_dir="${JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR}/jfrog-command-summary"
+        if [[ -d "$jf_summary_dir" ]]; then
+          find "$jf_summary_dir" -type f
+          jf config use repox
+          jf generate-summary-markdown
+          if [[ -f "${jf_summary_dir}/markdown.md" ]]; then
+            cat "${jf_summary_dir}/markdown.md" >> "$GITHUB_STEP_SUMMARY"
+          fi
+        fi
+
     - name: Generate provenance attestation
       if: >-
         ${{ inputs.provenance == 'true' &&

build-yarn/build.sh

@@ -104,7 +104,7 @@ npmRegistries:
     npmAuthToken: "${ARTIFACTORY_ACCESS_TOKEN}"
 EOF
   jf config remove repox > /dev/null 2>&1 || true # Do not log if the repox config were not present
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
   jf config use repox
   jf npm-config --repo-resolve "npm"
 }
@@ -173,7 +173,8 @@ sonar_scanner_implementation() {
 jfrog_yarn_publish() {
   echo "::debug::Configuring JFrog and NPM repositories..."
   jf config remove repox > /dev/null 2>&1 || true # Do not log if the repox config were not present
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+  jf config use repox
   jf npm-config --repo-resolve "npm" --repo-deploy "$ARTIFACTORY_DEPLOY_REPO"
 
   # Create a local tarball and preserve it for attestation

build-yarn/mise.local.toml

@@ -1,3 +1,7 @@
 [tools]
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
 jq = "1.8.1"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"

cache/action.yml

@@ -33,7 +33,7 @@ runs:
     - id: warning
       shell: bash
       run: |
-        echo "::warning:: This action is deprecated and will be removed in future releases. " \
+        echo "::warning:: This action is deprecated and will be removed in future releases." \
           "Please migrate to using the SonarSource/gh-action_cache action directly." >&2
 
     - uses: SonarSource/gh-action_cache@957cb1f6f70956976b834546bf09839080b5bb00 # v1.2.3

config-npm/action.yml

@@ -83,7 +83,7 @@ runs:
 
         echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"
         if [[ "$CACHE_NPM" != "true" ]]; then
-          echo "::warning::The \`cache-npm\` input is deprecated and will be removed in future releases. " \
+          echo "::warning::The \`cache-npm\` input is deprecated and will be removed in future releases." \
             "Use \`disable-caching\` instead." >&2
         fi
 

config-npm/mise.local.toml

@@ -1,3 +1,7 @@
 [tools]
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
 jq = "1.8.1"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"

config-npm/npm_config.sh

@@ -19,7 +19,7 @@ registry=${ARTIFACTORY_URL}/api/npm/npm
 ${ARTIFACTORY_URL#https:}/api/npm/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
 EOF
   jf config remove repox > /dev/null 2>&1 || true # Ignore inexistent configuration
-  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf config add repox --url "${ARTIFACTORY_URL%artifactory/}" --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
   jf config use repox
   jf npm-config --repo-resolve "npm"
   return 0

mise.toml

@@ -2,5 +2,9 @@
 pre-commit = "4.2.0"
 shellcheck = "0.10.0"
 shellspec = "0.28.1"
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
 "npm:markdownlint-cli" = "0.39.0"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"

promote/action.yml

@@ -2,6 +2,12 @@
 name: Promote
 description: GitHub Action to promote a project
 inputs:
+  repox-url:
+    description: URL for Repox
+    default: https://repox.jfrog.io
+  repox-artifactory-url:
+    description: URL for Repox Artifactory API (overrides repox-url/artifactory if provided)
+    default: ''
   promote-pull-request:
     description: Whether to promote pull request artifacts. Requires `deploy-pull-request` input to be set to `true` in the build action.
     default: 'false'
@@ -41,6 +47,7 @@ runs:
       shell: bash
       run: |
         cp "$ACTION_PATH_PROMOTE/mise.local.toml" mise.local.toml
+
     - uses: ./.actions/get-build-number
       with:
         host-actions-root: ${{ steps.set-path.outputs.host_actions_root }}
@@ -56,6 +63,8 @@ runs:
     - name: Promote artifacts
       shell: bash
       env:
+        ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
+          format('{0}/artifactory', inputs.repox-url) }}
         ARTIFACTORY_PROMOTE_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_PROMOTE_ACCESS_TOKEN }}
         GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
         DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
@@ -64,5 +73,22 @@ runs:
         ARTIFACTORY_TARGET_REPO: ${{ inputs.artifactory-target-repo }}
         PROMOTE_PULL_REQUEST: ${{ inputs.promote-pull-request }}
         BUILD_NAME: ${{ inputs.build-name || github.event.repository.name }}
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
       run: |
         "$ACTION_PATH_PROMOTE/promote.sh"
+
+    - name: Generate JFrog CLI summary
+      if: always()
+      shell: bash
+      env:
+        JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: ${{ runner.temp }}/jfrog-summary
+      run: |
+        jf_summary_dir="${JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR}/jfrog-command-summary"
+        if [[ -d "$jf_summary_dir" ]]; then
+          find "$jf_summary_dir" -type f
+          jf config use repox
+          jf generate-summary-markdown
+          if [[ -f "${jf_summary_dir}/markdown.md" ]]; then
+            cat "${jf_summary_dir}/markdown.md" >> "$GITHUB_STEP_SUMMARY"
+          fi
+        fi

promote/mise.local.toml

@@ -1,2 +1,6 @@
 [tools]
-jfrog-cli = "2.77.0"
+jfrog-cli = "2.96.0"
+
+[env]
+JFROG_CLI_AVOID_NEW_VERSION_WARNING = "true"
+JFROG_CLI_ENV_EXCLUDE = "*password*;*secret*;*key*;*token*;*auth*;*credential*"