Frogbot Configuration Refactor

commands.go

@@ -5,14 +5,14 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/jfrog/froggit-go/vcsclient"
+	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+
 	"github.com/jfrog/frogbot/v2/scanpullrequest"
 	"github.com/jfrog/frogbot/v2/scanrepository"
 	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/frogbot/v2/utils/outputwriter"
-	"github.com/jfrog/froggit-go/vcsclient"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
-	"github.com/jfrog/jfrog-client-go/utils/log"
 
 	"github.com/jfrog/jfrog-cli-security/utils/xsc"
 	clitool "github.com/urfave/cli/v2"
@@ -65,17 +65,6 @@ func Exec(command FrogbotCommand, commandName string) (err error) {
 		err = errors.Join(err, os.Setenv(utils.JfrogHomeDirEnv, originalJfrogHomeDir), fileutils.RemoveTempDir(tempJFrogHomeDir))
 	}()
 
-	// Set releases remote repository env if needed
-	previousReleasesRepoEnv := os.Getenv(coreutils.ReleasesRemoteEnv)
-	if frogbotDetails.ReleasesRepo != "" {
-		if err = os.Setenv(coreutils.ReleasesRemoteEnv, fmt.Sprintf("frogbot/%s", frogbotDetails.ReleasesRepo)); err != nil {
-			return
-		}
-		defer func() {
-			err = errors.Join(err, os.Setenv(coreutils.ReleasesRemoteEnv, previousReleasesRepoEnv))
-		}()
-	}
-
 	// Invoke the command interface
 	log.Info(fmt.Sprintf("Running Frogbot %q command", commandName))
 	err = command.Run(frogbotDetails.Repository, frogbotDetails.GitClient, frogbotRepoConnection)

integrationutils.go

@@ -11,14 +11,15 @@ import (
 
 	"github.com/go-git/go-git/v5"
 	githttp "github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/jfrog/frogbot/v2/scanpullrequest"
-	"github.com/jfrog/frogbot/v2/scanrepository"
-	"github.com/jfrog/frogbot/v2/utils"
-	"github.com/jfrog/frogbot/v2/utils/outputwriter"
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/froggit-go/vcsutils"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/jfrog/frogbot/v2/scanpullrequest"
+	"github.com/jfrog/frogbot/v2/scanrepository"
+	"github.com/jfrog/frogbot/v2/utils"
+	"github.com/jfrog/frogbot/v2/utils/outputwriter"
 )
 
 const (
@@ -77,18 +78,15 @@ func setIntegrationTestEnvs(t *testing.T, testDetails *IntegrationTestDetails) f
 	// so we restore them at the end of the test to avoid collisions with other tests
 	envRestoreFunc := getJfrogEnvRestoreFunc(t)
 	unsetEnvs := utils.SetEnvsAndAssertWithCallback(t, map[string]string{
-		utils.RequirementsFileEnv:      "requirements.txt",
-		utils.GitPullRequestIDEnv:      testDetails.PullRequestID,
-		utils.GitProvider:              testDetails.GitProvider,
-		utils.GitTokenEnv:              testDetails.GitToken,
-		utils.GitRepoEnv:               testDetails.RepoName,
-		utils.GitRepoOwnerEnv:          testDetails.RepoOwner,
-		utils.BranchNameTemplateEnv:    testDetails.CustomBranchName,
-		utils.GitApiEndpointEnv:        testDetails.ApiEndpoint,
-		utils.GitProjectEnv:            testDetails.GitProject,
-		utils.GitUsernameEnv:           testDetails.GitUsername,
-		utils.GitBaseBranchEnv:         mainBranch,
-		utils.GitUseLocalRepositoryEnv: fmt.Sprintf("%t", testDetails.UseLocalRepo),
+		utils.GitPullRequestIDEnv: testDetails.PullRequestID,
+		utils.GitProvider:         testDetails.GitProvider,
+		utils.GitTokenEnv:         testDetails.GitToken,
+		utils.GitRepoEnv:          testDetails.RepoName,
+		utils.GitRepoOwnerEnv:     testDetails.RepoOwner,
+		utils.GitApiEndpointEnv:   testDetails.ApiEndpoint,
+		utils.GitProjectEnv:       testDetails.GitProject,
+		utils.GitUsernameEnv:      testDetails.GitUsername,
+		utils.GitBaseBranchEnv:    mainBranch,
 	})
 	return func() {
 		envRestoreFunc()

packagehandlers/commonpackagehandler.go

@@ -8,10 +8,11 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
+
+	"github.com/jfrog/frogbot/v2/utils"
 )
 
 // PackageHandler interface to hold operations on packages
@@ -33,7 +34,7 @@ func GetCompatiblePackageHandler(vulnDetails *utils.VulnerabilityDetails, detail
 	case techutils.Yarn:
 		handler = &YarnPackageHandler{}
 	case techutils.Pip:
-		handler = &PythonPackageHandler{pipRequirementsFile: details.PipRequirementsFile}
+		handler = &PythonPackageHandler{pipRequirementsFile: defaultRequirementFile}
 	case techutils.Maven:
 		handler = NewMavenPackageHandler(details)
 	case techutils.Nuget:
@@ -47,7 +48,6 @@ func GetCompatiblePackageHandler(vulnDetails *utils.VulnerabilityDetails, detail
 	default:
 		handler = &UnsupportedPackageHandler{}
 	}
-	handler.SetCommonParams(details.ServerDetails, details.DepsRepo)
 	return
 }
 

packagehandlers/mavenpackagehandler.go

@@ -5,13 +5,15 @@ import (
 	"encoding/xml"
 	"errors"
 	"fmt"
-	"github.com/jfrog/frogbot/v2/utils"
-	"github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo/technologies/java"
-	"github.com/jfrog/jfrog-client-go/utils/log"
-	"golang.org/x/exp/slices"
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo/technologies/java"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+	"golang.org/x/exp/slices"
+
+	"github.com/jfrog/frogbot/v2/utils"
 )
 
 const MavenVersionNotAvailableErrorFormat = "Version %s is not available for artifact"
@@ -134,7 +136,6 @@ type pomDependencyDetails struct {
 func NewMavenPackageHandler(scanDetails *utils.ScanDetails) *MavenPackageHandler {
 	depTreeParams := &java.DepTreeParams{
 		Server:                  scanDetails.ServerDetails,
-		DepsRepo:                scanDetails.DepsRepo,
 		IsMavenDepTreeInstalled: true,
 	}
 	// The mvn-dep-tree plugin has already been installed during the audit dependency tree build phase,

packagehandlers/pythonpackagehandler.go

@@ -8,12 +8,13 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
+
+	"github.com/jfrog/frogbot/v2/utils"
 )
 
 const (
-
+	defaultRequirementFile = "requirements.txt"
 	// Package names are case-insensitive with this prefix
 	PythonPackageRegexPrefix = "(?i)"
 	// Match all possible operators and versions syntax