From 31db520d1917c2665a475cd5530b42d07c062477 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 22 Apr 2025 19:51:30 +0530 Subject: [PATCH 001/116] Initial sonar evidence spike --- go.mod | 8 ++++---- go.sum | 4 ---- utils/cliutils/commandsflags.go | 6 +++--- utils/cliutils/utils.go | 7 +++---- 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 34b98263e..91aec5c47 100644 --- a/go.mod +++ b/go.mod @@ -19,10 +19,10 @@ require ( github.com/jfrog/build-info-go v1.10.10 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-cli-artifactory v0.2.1 - github.com/jfrog/jfrog-cli-core/v2 v2.58.2 + github.com/jfrog/jfrog-cli-core/v2 v2.58.3 github.com/jfrog/jfrog-cli-platform-services v1.9.0 github.com/jfrog/jfrog-cli-security v1.16.2 - github.com/jfrog/jfrog-client-go v1.51.1 + github.com/jfrog/jfrog-client-go v1.52.0 github.com/jszwec/csvutil v1.10.0 github.com/manifoldco/promptui v0.9.0 github.com/stretchr/testify v1.10.0 @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9 +replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go -replace github.com/jfrog/jfrog-cli-artifactory => github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9 +replace github.com/jfrog/jfrog-cli-artifactory => ../jfrog-cli-artifactory replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index d4adfac5b..cd7540900 100644 --- a/go.sum +++ b/go.sum @@ -186,16 +186,12 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s= github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9 h1:j9bepUA23952AdytsBqGbsl4QMScksbCFXulqWvj0eY= -github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9/go.mod h1:8qrGaRb162a4NWGr7R1rj8P80s8NU8KRTs69NMkQENA= github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e h1:N+7gJdZmwggKqrTbrEvAFxxXQziFbJ4zHI/sXa8vR1A= github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e/go.mod h1:4S7yztLwWq4yA+k9j9s5gvIqr7xC/6EjJQ+0ENCHTFc= github.com/jfrog/jfrog-cli-platform-services v1.9.0 h1:r/ETgJuMUOUu12w20ydsF6paqEaj0khH6bxMRsdNz1Y= github.com/jfrog/jfrog-cli-platform-services v1.9.0/go.mod h1:pMZMSwhj7yA4VKyj0Skr2lObIyGpZUxNJ40DSLKXU38= github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 h1:mnU8PtDaCmU1ZC8Wcy0VKj1gJEZnnyjgAc3rJLCcMjs= github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504/go.mod h1:tJyLh4KI4qoF/AVBy0wC9s8DVxV/hoyKK4LIzpxL590= -github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9 h1:pEBTHYeyuDa+w0oJNCYFq1wD2O2NqWdDTAtDRFy7s3w= -github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jszwec/csvutil v1.10.0 h1:upMDUxhQKqZ5ZDCs/wy+8Kib8rZR8I8lOR34yJkdqhI= diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index ea6598c43..bcc65ea8a 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -790,15 +790,15 @@ var flagsMap = map[string]cli.Flag{ }, uploadMinSplit: cli.StringFlag{ Name: MinSplit, - Usage: "[Default: " + strconv.Itoa(flagkit.UploadMinSplitMb) + "] The minimum file size in MiB required to attempt a multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", + Usage: "[Default: " + "" + "] The minimum file size in MiB required to attempt a multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", }, uploadSplitCount: cli.StringFlag{ Name: SplitCount, - Usage: "[Default: " + strconv.Itoa(flagkit.UploadSplitCount) + "] The maximum number of parts that can be concurrently uploaded per file during a multi-part upload. Set to 0 to disable multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", + Usage: "[Default: " + "" + "] The maximum number of parts that can be concurrently uploaded per file during a multi-part upload. Set to 0 to disable multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", }, ChunkSize: cli.StringFlag{ Name: ChunkSize, - Usage: "[Default: " + strconv.Itoa(flagkit.UploadChunkSizeMb) + "] The upload chunk size in MiB that can be concurrently uploaded during a multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", + Usage: "[Default: " + "" + "] The upload chunk size in MiB that can be concurrently uploaded during a multi-part upload. This option, as well as the functionality of multi-part upload, requires Artifactory with S3 or GCP storage.` `", }, syncDeletesQuiet: cli.BoolFlag{ Name: quiet, diff --git a/utils/cliutils/utils.go b/utils/cliutils/utils.go index 4a11ec798..fea7e2672 100644 --- a/utils/cliutils/utils.go +++ b/utils/cliutils/utils.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/jfrog/jfrog-cli-artifactory/cliutils/flagkit" "io" "net/http" "os" @@ -233,15 +232,15 @@ func CreateSummaryReportString(success, failed int, failNoOp bool, err error) (s func CreateUploadConfiguration(c *cli.Context) (uploadConfiguration *artifactoryUtils.UploadConfiguration, err error) { uploadConfiguration = new(artifactoryUtils.UploadConfiguration) - uploadConfiguration.MinSplitSizeMB, err = getMinSplit(c, flagkit.UploadMinSplitMb) + uploadConfiguration.MinSplitSizeMB, err = getMinSplit(c, 64) if err != nil { return nil, err } - uploadConfiguration.ChunkSizeMB, err = getUploadChunkSize(c, flagkit.UploadChunkSizeMb) + uploadConfiguration.ChunkSizeMB, err = getUploadChunkSize(c, 64) if err != nil { return nil, err } - uploadConfiguration.SplitCount, err = getSplitCount(c, flagkit.UploadSplitCount, flagkit.UploadMaxSplitCount) + uploadConfiguration.SplitCount, err = getSplitCount(c, 64, 64) if err != nil { return nil, err } From 355d2c6c891a777140af3ff8235d9afe0b76f94f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 15 May 2025 11:18:20 +0530 Subject: [PATCH 002/116] Updated with dependencies --- go.mod | 6 +++--- go.sum | 8 ++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 91aec5c47..73663a8c9 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/docker/docker v27.5.1+incompatible github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1 github.com/jfrog/archiver/v3 v3.6.1 - github.com/jfrog/build-info-go v1.10.10 + github.com/jfrog/build-info-go v1.10.11 github.com/jfrog/gofrog v1.7.6 github.com/jfrog/jfrog-cli-artifactory v0.2.1 github.com/jfrog/jfrog-cli-core/v2 v2.58.3 @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => ../jfrog-client-go +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae -replace github.com/jfrog/jfrog-cli-artifactory => ../jfrog-cli-artifactory +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index cd7540900..162cfea75 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e h1:2+psEmTFUno8V5NKyUl5857v1ZsDdUtn8VESeiDRqA8= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e/go.mod h1:1pHNVo7E8usVKEi6EWJXvu7tP32+FSo8GxZP9VjQFSc= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae h1:Yi+gLDxdB6miPA+Ve41z5Llesj4RG/WjmHhRKUCY6Vs= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= @@ -176,8 +180,8 @@ github.com/jedib0t/go-pretty/v6 v6.6.5 h1:9PgMJOVBedpgYLI56jQRJYqngxYAAzfEUua+3N github.com/jedib0t/go-pretty/v6 v6.6.5/go.mod h1:Uq/HrbhuFty5WSVNfjpQQe47x16RwVGXIveNGEyGtHs= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.10.10 h1:2nOFjV7SX1uisi2rQK7fb4Evm7YkSOdmssrm6Tf4ipc= -github.com/jfrog/build-info-go v1.10.10/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= +github.com/jfrog/build-info-go v1.10.11 h1:wAMGCAHa49+ec01HqzSidLAHNIub+glh4ksFp3pYy7o= +github.com/jfrog/build-info-go v1.10.11/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE= github.com/jfrog/froggit-go v1.16.2 h1:F//S83iXH14qsCwYzv0zB2JtjS2pJVEsUoEmYA+37dQ= github.com/jfrog/froggit-go v1.16.2/go.mod h1:5VpdQfAcbuyFl9x/x8HGm7kVk719kEtW/8YJFvKcHPA= github.com/jfrog/go-mockhttp v0.3.1 h1:/wac8v4GMZx62viZmv4wazB5GNKs+GxawuS1u3maJH8= From b58565cdf84f71ec9d29e4e90b2e0d84a1c7f4ce Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 16 May 2025 22:01:07 +0530 Subject: [PATCH 003/116] Updated dependencies --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 73663a8c9..906a6f8c9 100644 --- a/go.mod +++ b/go.mod @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 162cfea75..5b7569027 100644 --- a/go.sum +++ b/go.sum @@ -34,10 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e h1:2+psEmTFUno8V5NKyUl5857v1ZsDdUtn8VESeiDRqA8= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250515044135-09bfe750239e/go.mod h1:1pHNVo7E8usVKEi6EWJXvu7tP32+FSo8GxZP9VjQFSc= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae h1:Yi+gLDxdB6miPA+Ve41z5Llesj4RG/WjmHhRKUCY6Vs= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250514192453-a9eea06094ae/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c h1:WhC6Te4EHt66+EJO6qF/qJwna2K41LDcv2UqHWj5kfg= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c/go.mod h1:Y/3Hdo7dPg2DYqrZSpbWrbFmv+tjgQ1gqhjafiSrnuM= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef h1:9ZI23juRyqr4XUUv6/1RMCWTONUtFEDrTg596lPhdtI= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= From 53e2f7f01bb38892a0c3f98a54b3711c69fa2531 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 19 May 2025 21:12:56 +0530 Subject: [PATCH 004/116] Updated dependencies --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 906a6f8c9..09ec4edfc 100644 --- a/go.mod +++ b/go.mod @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 5b7569027..d556c58d7 100644 --- a/go.sum +++ b/go.sum @@ -34,10 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c h1:WhC6Te4EHt66+EJO6qF/qJwna2K41LDcv2UqHWj5kfg= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250516162834-fd9fa78d002c/go.mod h1:Y/3Hdo7dPg2DYqrZSpbWrbFmv+tjgQ1gqhjafiSrnuM= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef h1:9ZI23juRyqr4XUUv6/1RMCWTONUtFEDrTg596lPhdtI= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250516162650-94c8d4a486ef/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e h1:l3MTt43AuZaYMZ/aBQqkTzEJhbkVlUA3GtIFa0VG89M= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e/go.mod h1:55jjkOS8O2TGADcQUcMpzqIKgb1Fx6rV/Fwu/RKO4IY= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad h1:8GV5GtIF5w5tUftBH8pr39DVjDWO4VTnDHqIX5aGQu4= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= From 16f56901f4041ee8f513b6fcd5fe17e231dd0ede Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 21 May 2025 15:32:39 +0530 Subject: [PATCH 005/116] Updated dependencies --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 09ec4edfc..19dad7980 100644 --- a/go.mod +++ b/go.mod @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index d556c58d7..49b5a50a4 100644 --- a/go.sum +++ b/go.sum @@ -34,10 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e h1:l3MTt43AuZaYMZ/aBQqkTzEJhbkVlUA3GtIFa0VG89M= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250519154003-9bac6fc7594e/go.mod h1:55jjkOS8O2TGADcQUcMpzqIKgb1Fx6rV/Fwu/RKO4IY= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad h1:8GV5GtIF5w5tUftBH8pr39DVjDWO4VTnDHqIX5aGQu4= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250519153811-681a69c252ad/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf h1:LbC2w9IeaWkADB8+CBQSEZA5VPLpldidmNw4Mikhf8c= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf/go.mod h1:QV9swdMTaW53CIrllRmmhEP4JXY3sK1PB5/qaprNgbQ= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c h1:LIOOy8eKMKRxvalB27B89qC+iUaQk10w3SiCd7DK1yc= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= From c04292a2890d2f13ab7b5d083fa7d2edb86b0ca3 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sat, 24 May 2025 13:11:55 +0530 Subject: [PATCH 006/116] Updated dependencies --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 19dad7980..3e12f77a8 100644 --- a/go.mod +++ b/go.mod @@ -191,7 +191,7 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf diff --git a/go.sum b/go.sum index 49b5a50a4..3c7a1f289 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf h1:LbC2w9IeaWkADB8+CBQSEZA5VPLpldidmNw4Mikhf8c= github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf/go.mod h1:QV9swdMTaW53CIrllRmmhEP4JXY3sK1PB5/qaprNgbQ= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c h1:LIOOy8eKMKRxvalB27B89qC+iUaQk10w3SiCd7DK1yc= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250520142003-88059221ee0c/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f h1:mUWvMKy5WDfy2r6AoIGw7UsFj5t3++i+OCin3vwOVWc= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= From fedc6f579b5edb8cb3d961463c4a892103fee422 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 21:56:20 +0530 Subject: [PATCH 007/116] Added functional tests for sonar integration --- .github/workflows/sonarIntegrationTests.yml | 86 +++++++++++++++ sonarintegration_test.go | 104 +++++++++++++++++++ testdata/maven/mavenprojectwithsonar/pom.xml | 45 ++++++++ utils/tests/utils.go | 1 + 4 files changed, 236 insertions(+) create mode 100644 .github/workflows/sonarIntegrationTests.yml create mode 100644 sonarintegration_test.go create mode 100644 testdata/maven/mavenprojectwithsonar/pom.xml diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml new file mode 100644 index 000000000..de53bea10 --- /dev/null +++ b/.github/workflows/sonarIntegrationTests.yml @@ -0,0 +1,86 @@ +name: JFrog CLI Test with SonarQube and Artifactory + +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + test-jfrog-sonar: + runs-on: ubuntu-latest + services: + sonar: + image: sonarqube:community + ports: + - 9000:9000 + options: >- + --health-cmd="curl --fail http://localhost:9000/api/system/health || exit 1" + --health-interval=10s + --health-timeout=5s + --health-retries=30 + env: + SONAR_ES_BOOTSTRAP_CHECKS_DISABLE: "true" + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install local Artifactory + uses: jfrog/.github/actions/install-local-artifactory@main + with: + RTLIC: ${{ secrets.RTLIC }} + + - name: Wait for SonarQube to be up + run: | + echo "Waiting for SonarQube to be healthy..." + for i in {1..60}; do + curl -s http://localhost:9000/api/system/health | grep -q '"status":"GREEN"' && break + echo "Waiting... ($i)" + sleep 5 + done + echo "SonarQube is healthy." + + - name: Fetch Sonar Access Token + id: sonar_token + run: | + echo "Fetching SonarQube access token..." + TOKEN=$(curl -s -X POST -u "admin:admin" \ + "http://localhost:9000/api/user_tokens/generate?name=github-actions-token" | jq -r '.token') + echo "SONAR_TOKEN=${TOKEN}" >> $GITHUB_ENV + + - name: Create Project in SonarQube + run: | + echo "Creating SonarQube project..." + curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar" + + - name: Configure JFrog CLI + run: | + jf c add artifactory-server \ + --url ${{ secrets.JFROG_URL }} \ + --user ${{ secrets.JFROG_USERNAME }} \ + --password ${{ secrets.JFROG_PASSWORD }} \ + --interactive=false + + - name: Test JFrog CLI - Ping Artifactory + run: | + jf rt ping + + - name: Run SonarQube Analysis with JFrog CLI + working-directory: testdata/maven/mavenprojectwithsonar + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + echo "Running SonarQube analysis..." + mvn clean verify sonar:sonar \ + -Dsonar.projectKey=mvn-sonar \ + -Dsonar.projectName='mvn-sonar' \ + -Dsonar.host.url=http://localhost:9000 \ + -Dsonar.token= ${{SONAR_TOKEN}} + + - name: Run sonar integration tests + env: + JFROG_SONAR_ACCESS_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarintegration \ No newline at end of file diff --git a/sonarintegration_test.go b/sonarintegration_test.go new file mode 100644 index 000000000..7c458ac9f --- /dev/null +++ b/sonarintegration_test.go @@ -0,0 +1,104 @@ +package main + +import ( + "encoding/json" + coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" + "github.com/jfrog/jfrog-cli/utils/tests" + "github.com/stretchr/testify/assert" + "io" + "net/http" + "net/url" + "testing" +) + +var ( + sonarIntegrationCLI *coreTests.JfrogCli +) + +func initSonarCli() { + if sonarIntegrationCLI != nil { + return + } + sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateAccess()) +} + +func initSonarIntegrationTest(t *testing.T) { + if !*tests.TestSonar { + t.Skip("Skipping Access test. To run Access test add the '-test.access=true' option.") + } +} + +func TestSonarIntegration(t *testing.T) { + initSonarCli() + initSonarIntegrationTest(t) + // Generate access token from sonarqube + getSonarAccessToken(t) + // Create the project and settings on sonarqube + createAndConfigureSonarProject(t) + // Create build info/artifact/package from sample projects + // trigger sonar scan from either plugins of maven/gradle + // trigger sonar scan using sonar-cli + // Fetch the sonar evidence and attach against the artifacts using jfrog-cli +} + +func getSonarAccessToken(t *testing.T) string { + client := createHttpClient(t, "") + req, err := createFetchSonarAccessTokenRequest(t) + resp, err := client.Do(req) + if err != nil { + assert.NoError(t, err) + } + defer resp.Body.Close() + assert.Equal(t, http.StatusOK, resp.StatusCode) + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + assert.NoError(t, err) + } + var result struct { + Token string `json:"token"` + } + + if err := json.Unmarshal(bodyBytes, &result); err != nil { + t.Fatalf("Failed to parse response: %v", err) + } + + return result.Token +} + +func createFetchSonarAccessTokenRequest(t *testing.T) (*http.Request, error) { + req, err := http.NewRequest("POST", "http://localhost:9000/api/user_tokens/generate", nil) + if err != nil { + t.Fatalf("Failed to create request: %v", err) + } + req.SetBasicAuth("admin", "admin") + q := req.URL.Query() + q.Add("name", "jfrog-cli-token") + req.URL.RawQuery = q.Encode() + return req, err +} + +func createAndConfigureSonarProject(t *testing.T) { + // This function should create a SonarQube project and configure it as needed. + // It can include API calls to SonarQube to set up the project, quality gates, etc. + req, err := http.NewRequest("POST", "http://localhost:9000/api/projects/create", nil) + if err != nil { + assert.NoError(t, err) + } + req.Header.Set("Authorization", "Bearer "+getSonarAccessToken(t)) + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") +} + +func createHttpClient(t *testing.T, proxy string) *http.Client { + // Create a custom HTTP client with proxy settings if needed + client := &http.Client{} + if proxy != "" { + proxyURL, err := url.Parse(proxy) + if err != nil { + assert.NoError(t, err) + } + client.Transport = &http.Transport{ + Proxy: http.ProxyURL(proxyURL), + } + } + return client +} diff --git a/testdata/maven/mavenprojectwithsonar/pom.xml b/testdata/maven/mavenprojectwithsonar/pom.xml new file mode 100644 index 000000000..65223ce90 --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/pom.xml @@ -0,0 +1,45 @@ + + 4.0.0 + + com.example + demo-sonar + 1.0 + demo-sonar + + + 1.8 + 1.8 + UTF-8 + + + + + + junit + junit + 4.13.2 + test + + + junit + junit + 4.13.1 + test + + + + + + + + org.sonarsource.scanner.maven + sonar-maven-plugin + 3.11.0.3922 + + + + + \ No newline at end of file diff --git a/utils/tests/utils.go b/utils/tests/utils.go index a4b289395..9e69c4a6f 100644 --- a/utils/tests/utils.go +++ b/utils/tests/utils.go @@ -71,6 +71,7 @@ var ( TestAccess *bool TestTransfer *bool TestLifecycle *bool + TestSonar *bool HideUnitTestLog *bool ciRunId *string InstallDataTransferPlugin *bool From f355037875106571485e908beb95f730b71ea937 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:02:15 +0530 Subject: [PATCH 008/116] Updated the workflow name --- .github/workflows/sonarIntegrationTests.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index de53bea10..cc7d1c508 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -1,10 +1,7 @@ -name: JFrog CLI Test with SonarQube and Artifactory +name: SonarQube Integration Tests on: - push: - branches: - - main - workflow_dispatch: + workflow_dispatch: jobs: test-jfrog-sonar: From b107f5590b284331eb2f1092b840e0c390dbb763 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:29:35 +0530 Subject: [PATCH 009/116] Added trigger on a new evenr --- .github/workflows/sonarIntegrationTests.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index cc7d1c508..576b94156 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -1,7 +1,8 @@ name: SonarQube Integration Tests - on: workflow_dispatch: + push: + branches: [ sonar-evd-spike ] jobs: test-jfrog-sonar: @@ -21,7 +22,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} From 1e8c9805f891bdb9837adc66d07691bbef741b4a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:30:57 +0530 Subject: [PATCH 010/116] Trigger workflow From 924714cc5a5571360ac4e681568a6d0a990ee402 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:43:13 +0530 Subject: [PATCH 011/116] Updated to use bhanurp org for actions --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 576b94156..f230ead66 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -27,7 +27,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Install local Artifactory - uses: jfrog/.github/actions/install-local-artifactory@main + uses: bhanurp/.github/actions/install-local-artifactory@main with: RTLIC: ${{ secrets.RTLIC }} From 918017b113e6ce2b42ee736147cf9988c873e28b Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:46:59 +0530 Subject: [PATCH 012/116] Trigger workflow From 55d877b3a39474daa768e136b06fda6722eeae5f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 22:59:36 +0530 Subject: [PATCH 013/116] Added sonar integration tests removed rt installaiton action --- .github/workflows/sonarIntegrationTests.yml | 32 ++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index f230ead66..1fb6ddb75 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -22,14 +22,14 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} - - name: Install local Artifactory - uses: bhanurp/.github/actions/install-local-artifactory@main - with: - RTLIC: ${{ secrets.RTLIC }} +# - name: Install local Artifactory +# uses: bhanurp/.github/actions/install-local-artifactory@main +# with: +# RTLIC: ${{ secrets.RTLIC }} - name: Wait for SonarQube to be up run: | @@ -54,17 +54,17 @@ jobs: echo "Creating SonarQube project..." curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar" - - name: Configure JFrog CLI - run: | - jf c add artifactory-server \ - --url ${{ secrets.JFROG_URL }} \ - --user ${{ secrets.JFROG_USERNAME }} \ - --password ${{ secrets.JFROG_PASSWORD }} \ - --interactive=false - - - name: Test JFrog CLI - Ping Artifactory - run: | - jf rt ping +# - name: Configure JFrog CLI +# run: | +# jf c add artifactory-server \ +# --url ${{ secrets.JFROG_URL }} \ +# --user ${{ secrets.JFROG_USERNAME }} \ +# --password ${{ secrets.JFROG_PASSWORD }} \ +# --interactive=false +# +# - name: Test JFrog CLI - Ping Artifactory +# run: | +# jf rt ping - name: Run SonarQube Analysis with JFrog CLI working-directory: testdata/maven/mavenprojectwithsonar From 577aa8a5f02d3c5c2a7efb83448d0c181c928bb5 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 23:02:30 +0530 Subject: [PATCH 014/116] Trigger workflow From f11a3e5597b1e8fba6f7ac084c295c39023bb2e2 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 23:04:17 +0530 Subject: [PATCH 015/116] Updated workflow --- .github/workflows/sonarIntegrationTests.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 1fb6ddb75..db25e22da 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -68,8 +68,6 @@ jobs: - name: Run SonarQube Analysis with JFrog CLI working-directory: testdata/maven/mavenprojectwithsonar - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | echo "Running SonarQube analysis..." mvn clean verify sonar:sonar \ @@ -80,5 +78,5 @@ jobs: - name: Run sonar integration tests env: - JFROG_SONAR_ACCESS_TOKEN: ${{ secrets.SONAR_TOKEN }} + JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarintegration \ No newline at end of file From ec5f496b7bd13709a5d7be6984e62abf5684002c Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 3 Jun 2025 23:05:32 +0530 Subject: [PATCH 016/116] Fixed reading env var --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index db25e22da..bd60b832c 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,7 +74,7 @@ jobs: -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ - -Dsonar.token= ${{SONAR_TOKEN}} + -Dsonar.token= ${SONAR_TOKEN} - name: Run sonar integration tests env: From cc74aeb8feac23ecccc9b4019470f4aa4b41a74b Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:00:58 +0530 Subject: [PATCH 017/116] Updated health URL --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index bd60b832c..ad418d275 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -13,7 +13,7 @@ jobs: ports: - 9000:9000 options: >- - --health-cmd="curl --fail http://localhost:9000/api/system/health || exit 1" + --health-cmd="curl --fail -uadmin:admin http://localhost:9000/api/system/health || exit 1" --health-interval=10s --health-timeout=5s --health-retries=30 From b4ac74a1e4d17ed0769a1fbee2601a385684c7ed Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:03:50 +0530 Subject: [PATCH 018/116] Removed health status check step --- .github/workflows/sonarIntegrationTests.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index ad418d275..0f6b71541 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -31,16 +31,6 @@ jobs: # with: # RTLIC: ${{ secrets.RTLIC }} - - name: Wait for SonarQube to be up - run: | - echo "Waiting for SonarQube to be healthy..." - for i in {1..60}; do - curl -s http://localhost:9000/api/system/health | grep -q '"status":"GREEN"' && break - echo "Waiting... ($i)" - sleep 5 - done - echo "SonarQube is healthy." - - name: Fetch Sonar Access Token id: sonar_token run: | From 4fd60e534da577aeb3a887e3974e1fde3f00f262 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:07:44 +0530 Subject: [PATCH 019/116] Updated mvn command --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 0f6b71541..8efba286b 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -64,7 +64,7 @@ jobs: -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ - -Dsonar.token= ${SONAR_TOKEN} + -Dsonar.token=${SONAR_TOKEN} - name: Run sonar integration tests env: From 2a18a148233f79c36e3a8526d2b79200ebc383b4 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:25:06 +0530 Subject: [PATCH 020/116] Added sonar integration flag --- utils/tests/utils.go | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/tests/utils.go b/utils/tests/utils.go index 9e69c4a6f..ae81303d0 100644 --- a/utils/tests/utils.go +++ b/utils/tests/utils.go @@ -111,6 +111,7 @@ func init() { HideUnitTestLog = flag.Bool("test.hideUnitTestLog", false, "Hide unit tests logs and print it in a file") InstallDataTransferPlugin = flag.Bool("test.installDataTransferPlugin", false, "Install data-transfer plugin on the source Artifactory server") ciRunId = flag.String("ci.runId", "", "A unique identifier used as a suffix to create repositories and builds in the tests") + TestSonar = flag.Bool("test.sonarIntegration", false, "Test Sonar Integration") } func CleanFileSystem() { From b96658f815fadf4e139e9535d078e97b5a0e4e0a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:32:28 +0530 Subject: [PATCH 021/116] changed sonar tests name --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 8efba286b..7b1732c3a 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -69,4 +69,4 @@ jobs: - name: Run sonar integration tests env: JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarintegration \ No newline at end of file + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonar \ No newline at end of file From bf92e6bcd72606f1079c96bc828d12cd573ded77 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 00:38:10 +0530 Subject: [PATCH 022/116] Changed flag name --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 7b1732c3a..10d166c41 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -69,4 +69,4 @@ jobs: - name: Run sonar integration tests env: JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonar \ No newline at end of file + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration \ No newline at end of file From ef19573a107b2a9bd29f6e82d3612968e1a567d5 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 4 Jun 2025 19:22:51 +0530 Subject: [PATCH 023/116] Updated tests to check sonar report-task --- .github/workflows/sonarIntegrationTests.yml | 4 --- sonarintegration_test.go | 40 ++++++++++++++++----- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 10d166c41..84e5d878d 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -51,10 +51,6 @@ jobs: # --user ${{ secrets.JFROG_USERNAME }} \ # --password ${{ secrets.JFROG_PASSWORD }} \ # --interactive=false -# -# - name: Test JFrog CLI - Ping Artifactory -# run: | -# jf rt ping - name: Run SonarQube Analysis with JFrog CLI working-directory: testdata/maven/mavenprojectwithsonar diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 7c458ac9f..f7a3232ce 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -8,6 +8,8 @@ import ( "io" "net/http" "net/url" + "os" + "strings" "testing" ) @@ -31,14 +33,36 @@ func initSonarIntegrationTest(t *testing.T) { func TestSonarIntegration(t *testing.T) { initSonarCli() initSonarIntegrationTest(t) - // Generate access token from sonarqube - getSonarAccessToken(t) - // Create the project and settings on sonarqube - createAndConfigureSonarProject(t) - // Create build info/artifact/package from sample projects - // trigger sonar scan from either plugins of maven/gradle - // trigger sonar scan using sonar-cli - // Fetch the sonar evidence and attach against the artifacts using jfrog-cli + // read the file called report-task.txt + reportFilePath := "testdata/maven/mavenprojectwithsonar/target/sonar/report-task.txt" + if _, err := os.Stat(reportFilePath); os.IsNotExist(err) { + t.Fatalf("Failed to find file %s", reportFilePath) + } + // read file content + fileContent, err := os.ReadFile(reportFilePath) + if err != nil { + t.Fatalf("Failed to read file %s: %v", reportFilePath, err) + } + found := false + sonarURL := "" + for _, line := range strings.Split(string(fileContent), "\n") { + if strings.HasPrefix(line, "ceTaskUrl=") { + found = true + sonarURL = strings.TrimPrefix(line, "ceTaskUrl=") + break + } + } + if !found { + t.Fatalf("File %s does not contain 'ceTaskUrl=' in any line", reportFilePath) + } + if sonarURL == "" { + t.Fatalf("File %s does not contain a valid SonarQube URL", reportFilePath) + } + // sonar url should be http://localhost:9000/api/ce/task?id=... do an assert on it + assert.True(t, strings.HasPrefix(sonarURL, "http://localhost:9000/api/ce/task?id="), "SonarQube URL is not valid: %s", sonarURL) + taskID := strings.TrimPrefix(sonarURL, "http://localhost:9000/api/ce/task?id=") + assert.NotEmpty(t, taskID, "SonarQube task id should not be empty") + } func getSonarAccessToken(t *testing.T) string { From b5877ee14dc6d6c93a10c151d5a35bf7de690ad5 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 5 Jun 2025 08:37:22 +0530 Subject: [PATCH 024/116] Updated sonar integration workflow with jf installation --- .github/workflows/sonarIntegrationTests.yml | 21 +++++---- sonarintegration_test.go | 51 +++++++++++++++++++-- 2 files changed, 59 insertions(+), 13 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 84e5d878d..3bf1b5dd5 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -44,19 +44,24 @@ jobs: echo "Creating SonarQube project..." curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar" -# - name: Configure JFrog CLI -# run: | -# jf c add artifactory-server \ -# --url ${{ secrets.JFROG_URL }} \ -# --user ${{ secrets.JFROG_USERNAME }} \ -# --password ${{ secrets.JFROG_PASSWORD }} \ -# --interactive=false + - name: Get CLI - jf + run: | + sh build/getcli/jf.sh + ./jf --version + + - name: Configure JFrog CLI + run: | + ./jf c add artifactory-server \ + --url ${{ secrets.PLATFORM_URL }} \ + --user ${{ secrets.PLATFORM_USER }} \ + --access-token ${{ secrets.PLATFORM_ADMIN_TOKEN }} \ + --interactive=false - name: Run SonarQube Analysis with JFrog CLI working-directory: testdata/maven/mavenprojectwithsonar run: | echo "Running SonarQube analysis..." - mvn clean verify sonar:sonar \ + ./jf mvn clean verify install sonar:sonar \ -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ diff --git a/sonarintegration_test.go b/sonarintegration_test.go index f7a3232ce..4f1de4274 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -2,8 +2,12 @@ package main import ( "encoding/json" + "fmt" + "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils" + configUtils "github.com/jfrog/jfrog-cli-core/v2/utils/config" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" + clientUtils "github.com/jfrog/jfrog-client-go/utils" "github.com/stretchr/testify/assert" "io" "net/http" @@ -15,13 +19,14 @@ import ( var ( sonarIntegrationCLI *coreTests.JfrogCli + evidenceDetails *configUtils.ServerDetails ) func initSonarCli() { if sonarIntegrationCLI != nil { return } - sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateAccess()) + sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence()) } func initSonarIntegrationTest(t *testing.T) { @@ -30,8 +35,25 @@ func initSonarIntegrationTest(t *testing.T) { } } -func TestSonarIntegration(t *testing.T) { - initSonarCli() +func authenticateEvidence() string { + *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) + evidenceDetails = &configUtils.ServerDetails{ + Url: *tests.JfrogUrl} + evidenceDetails.EvidenceUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "evidence/" + + cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) + if *tests.JfrogAccessToken != "" { + evidenceDetails.AccessToken = *tests.JfrogAccessToken + cred += fmt.Sprintf(" --access-token=%s", evidenceDetails.AccessToken) + } else { + evidenceDetails.User = *tests.JfrogUser + evidenceDetails.Password = *tests.JfrogPassword + cred += fmt.Sprintf(" --user=%s --password=%s", evidenceDetails.User, evidenceDetails.Password) + } + return cred +} + +func TestSonarPrerequisites(t *testing.T) { initSonarIntegrationTest(t) // read the file called report-task.txt reportFilePath := "testdata/maven/mavenprojectwithsonar/target/sonar/report-task.txt" @@ -58,11 +80,30 @@ func TestSonarIntegration(t *testing.T) { if sonarURL == "" { t.Fatalf("File %s does not contain a valid SonarQube URL", reportFilePath) } - // sonar url should be http://localhost:9000/api/ce/task?id=... do an assert on it assert.True(t, strings.HasPrefix(sonarURL, "http://localhost:9000/api/ce/task?id="), "SonarQube URL is not valid: %s", sonarURL) taskID := strings.TrimPrefix(sonarURL, "http://localhost:9000/api/ce/task?id=") - assert.NotEmpty(t, taskID, "SonarQube task id should not be empty") + assert.NotEmpty(t, taskID, "Evidence successfully created and verified") +} + +func TestSonarIntegrationAsEvidence(t *testing.T) { + initSonarCli() + initSonarIntegrationTest(t) + + // Get the SonarQube access token + setSonarAccessTokenFromEnv(t) + + // Run the JFrog CLI command to collect evidence + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=https://jfrog.com/evidence/sonarqube/v1", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local") + assert.Contains(t, output, "Successfully created evidence for SonarQube analysis") + _, err := utils.CreateEvidenceServiceManager(evidenceDetails, false) + assert.NoError(t, err) +} +func setSonarAccessTokenFromEnv(t *testing.T) { + sonarToken := os.Getenv("SONAR_TOKEN") + assert.NotEmpty(t, sonarToken, "SONAR_TOKEN should not be empty") + err := os.Setenv("JF_SONAR_ACCESS_TOKEN", sonarToken) + assert.NoError(t, err) } func getSonarAccessToken(t *testing.T) string { From 5b9d6b8f2d568d0b9308f71c085abba0b7800967 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 11:44:10 +0530 Subject: [PATCH 025/116] Updated sonar test project --- .../.jfrog/evidence/evidence.yaml | 6 ++++++ .../.jfrog/projects/maven.yaml | 10 ++++++++++ .../src/main/java/com/example/App.java | 12 ++++++++++++ .../src/test/java/com/example/AppTest.java | 15 +++++++++++++++ 4 files changed, 43 insertions(+) create mode 100644 testdata/maven/mavenprojectwithsonar/.jfrog/evidence/evidence.yaml create mode 100644 testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml create mode 100644 testdata/maven/mavenprojectwithsonar/src/main/java/com/example/App.java create mode 100644 testdata/maven/mavenprojectwithsonar/src/test/java/com/example/AppTest.java diff --git a/testdata/maven/mavenprojectwithsonar/.jfrog/evidence/evidence.yaml b/testdata/maven/mavenprojectwithsonar/.jfrog/evidence/evidence.yaml new file mode 100644 index 000000000..57825208c --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/.jfrog/evidence/evidence.yaml @@ -0,0 +1,6 @@ +sonar: + url: http://localhost:9000 + reportTaskFile: target/sonar/report-task.txt + maxRetries: 3 + retryIntervalInSecs: 10 + proxy: "" diff --git a/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml b/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml new file mode 100644 index 000000000..e6293ee39 --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml @@ -0,0 +1,10 @@ +version: 1 +type: maven +resolver: + serverId: local-evd + snapshotRepo: dev-maven-virtual + releaseRepo: dev-maven-virtual +deployer: + serverId: local-evd + snapshotRepo: dev-maven-local + releaseRepo: dev-maven-local diff --git a/testdata/maven/mavenprojectwithsonar/src/main/java/com/example/App.java b/testdata/maven/mavenprojectwithsonar/src/main/java/com/example/App.java new file mode 100644 index 000000000..c09c107b1 --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/src/main/java/com/example/App.java @@ -0,0 +1,12 @@ +package com.example; + +public class App { + public static void main(String[] args) { + System.out.println("Hello from demo-sonar!"); + System.out.println("May the frog be with you!"); + } + + public int add(int a, int b) { + return a + b; + } +} \ No newline at end of file diff --git a/testdata/maven/mavenprojectwithsonar/src/test/java/com/example/AppTest.java b/testdata/maven/mavenprojectwithsonar/src/test/java/com/example/AppTest.java new file mode 100644 index 000000000..3452c6b01 --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/src/test/java/com/example/AppTest.java @@ -0,0 +1,15 @@ +package com.example; + +import org.junit.Test; + +import static junit.framework.Assert.assertEquals; +import static org.junit.Assert.*; + +public class AppTest { + + @Test + public void testAdd() { + App app = new App(); + assertEquals(5, app.add(2, 3)); + } +} \ No newline at end of file From 8ca90e5a2a43429a6917230bbca0b79b3d1d5ef5 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 14:56:09 +0530 Subject: [PATCH 026/116] Updated to use setup-jfrog-cli action --- .github/workflows/sonarIntegrationTests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 3bf1b5dd5..676578868 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -44,10 +44,10 @@ jobs: echo "Creating SonarQube project..." curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar" - - name: Get CLI - jf - run: | - sh build/getcli/jf.sh - ./jf --version + - name: Set up JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + with: + version: latest - name: Configure JFrog CLI run: | From 54f2021dca06a3694994f7153cb86be6a3856b23 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 14:56:54 +0530 Subject: [PATCH 027/116] Updated to jf from PATH --- .github/workflows/sonarIntegrationTests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 676578868..81ed98e22 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -51,7 +51,7 @@ jobs: - name: Configure JFrog CLI run: | - ./jf c add artifactory-server \ + jf c add artifactory-server \ --url ${{ secrets.PLATFORM_URL }} \ --user ${{ secrets.PLATFORM_USER }} \ --access-token ${{ secrets.PLATFORM_ADMIN_TOKEN }} \ @@ -61,7 +61,7 @@ jobs: working-directory: testdata/maven/mavenprojectwithsonar run: | echo "Running SonarQube analysis..." - ./jf mvn clean verify install sonar:sonar \ + jf mvn clean verify install sonar:sonar \ -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ From a6e258208534f6929acaad112dd2b2b533462283 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 15:00:20 +0530 Subject: [PATCH 028/116] Removed action and added own step to install jfrog-cli --- .github/workflows/sonarIntegrationTests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 81ed98e22..537940011 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -44,10 +44,10 @@ jobs: echo "Creating SonarQube project..." curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar" - - name: Set up JFrog CLI - uses: jfrog/setup-jfrog-cli@v4 - with: - version: latest + - name: Install JFrog CLI manually + run: | + curl -fL https://install-cli.jfrog.io | sh + sudo mv jfrog /usr/local/bin/jf - name: Configure JFrog CLI run: | From 1454959b35d8556d959fbcd0aa91435cec0aa76c Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 15:03:01 +0530 Subject: [PATCH 029/116] Fixed bug with installation of jf --- .github/workflows/sonarIntegrationTests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 537940011..f66113ad7 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -47,7 +47,6 @@ jobs: - name: Install JFrog CLI manually run: | curl -fL https://install-cli.jfrog.io | sh - sudo mv jfrog /usr/local/bin/jf - name: Configure JFrog CLI run: | From 25b254a877311e5c47ccc2687f4ce10a80908539 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 15:08:55 +0530 Subject: [PATCH 030/116] Updated server id --- .../maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml b/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml index e6293ee39..3901f4364 100644 --- a/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml +++ b/testdata/maven/mavenprojectwithsonar/.jfrog/projects/maven.yaml @@ -1,10 +1,10 @@ version: 1 type: maven resolver: - serverId: local-evd + serverId: artifactory-server snapshotRepo: dev-maven-virtual releaseRepo: dev-maven-virtual deployer: - serverId: local-evd + serverId: artifactory-server snapshotRepo: dev-maven-local releaseRepo: dev-maven-local From c0ef8fe5427651aa54114b213d492720afe84850 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 15:22:07 +0530 Subject: [PATCH 031/116] Added plugin repositories for sample project --- testdata/maven/mavenprojectwithsonar/pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/testdata/maven/mavenprojectwithsonar/pom.xml b/testdata/maven/mavenprojectwithsonar/pom.xml index 65223ce90..065b81784 100644 --- a/testdata/maven/mavenprojectwithsonar/pom.xml +++ b/testdata/maven/mavenprojectwithsonar/pom.xml @@ -15,6 +15,13 @@ UTF-8 + + + jfrog-artifactory + https://ecosys.jfrog.io/artifactory/dev-maven-virtual + + + From 479bade6b99016161ebcc31ed43fbb3076f261c2 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 6 Jun 2025 15:28:57 +0530 Subject: [PATCH 032/116] Updated plugin repositories --- testdata/maven/mavenprojectwithsonar/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testdata/maven/mavenprojectwithsonar/pom.xml b/testdata/maven/mavenprojectwithsonar/pom.xml index 065b81784..d6a5b0b1d 100644 --- a/testdata/maven/mavenprojectwithsonar/pom.xml +++ b/testdata/maven/mavenprojectwithsonar/pom.xml @@ -17,8 +17,8 @@ - jfrog-artifactory - https://ecosys.jfrog.io/artifactory/dev-maven-virtual + central + https://repo.maven.apache.org/maven2 From 89eed190d01c790b8cb64c7cf6a4ff6e1189887a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sun, 8 Jun 2025 22:58:05 +0530 Subject: [PATCH 033/116] Updated dependencies --- .jfrog/projects/dotnet.yaml | 5 +++++ go.mod | 4 ++-- go.sum | 8 ++++---- 3 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 .jfrog/projects/dotnet.yaml diff --git a/.jfrog/projects/dotnet.yaml b/.jfrog/projects/dotnet.yaml new file mode 100644 index 000000000..627afcd92 --- /dev/null +++ b/.jfrog/projects/dotnet.yaml @@ -0,0 +1,5 @@ +version: 1 +type: dotnet +resolver: + repo: dotnet-virtual + serverId: local diff --git a/go.mod b/go.mod index 3e12f77a8..8369ae769 100644 --- a/go.mod +++ b/go.mod @@ -191,8 +191,8 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e -replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f +replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 3c7a1f289..723691eff 100644 --- a/go.sum +++ b/go.sum @@ -34,10 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf h1:LbC2w9IeaWkADB8+CBQSEZA5VPLpldidmNw4Mikhf8c= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250521100056-07f7cfca0edf/go.mod h1:QV9swdMTaW53CIrllRmmhEP4JXY3sK1PB5/qaprNgbQ= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f h1:mUWvMKy5WDfy2r6AoIGw7UsFj5t3++i+OCin3vwOVWc= -github.com/bhanurp/jfrog-client-go v1.28.1-0.20250521095714-c881b076205f/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be h1:8sCl2NyGmrESzYysWi8oc5kE6HVFfEajwoQDdFV3yJc= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be/go.mod h1:9rj/lOaroGXp5Us1iReU0BzWiGRMKttbVnrW6Kh+RJM= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= +github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= From c939e110996d4519f727539ced7deb564da09c08 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sun, 8 Jun 2025 23:13:55 +0530 Subject: [PATCH 034/116] Added setup java step --- .github/workflows/sonarIntegrationTests.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index f66113ad7..d8486cd15 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -56,11 +56,17 @@ jobs: --access-token ${{ secrets.PLATFORM_ADMIN_TOKEN }} \ --interactive=false + - name: Set up Java + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + - name: Run SonarQube Analysis with JFrog CLI working-directory: testdata/maven/mavenprojectwithsonar run: | echo "Running SonarQube analysis..." - jf mvn clean verify install sonar:sonar \ + jf mvn -X clean verify install sonar:sonar \ -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ From cd3c116c7981bbe2339f32cf5835ff2457813808 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sun, 8 Jun 2025 23:22:41 +0530 Subject: [PATCH 035/116] Trigger workflow From ec099aec520b020b77d8108d75f670f6bc3c59af Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sun, 8 Jun 2025 23:29:54 +0530 Subject: [PATCH 036/116] Fixed rt wait test cases --- .github/workflows/sonarIntegrationTests.yml | 2 +- artifactory_test.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index d8486cd15..4d5f8435c 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -66,7 +66,7 @@ jobs: working-directory: testdata/maven/mavenprojectwithsonar run: | echo "Running SonarQube analysis..." - jf mvn -X clean verify install sonar:sonar \ + jf mvn clean verify install sonar:sonar \ -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ diff --git a/artifactory_test.go b/artifactory_test.go index d9e618fbf..bd55f4da5 100644 --- a/artifactory_test.go +++ b/artifactory_test.go @@ -227,6 +227,7 @@ func TestArtifactorySimpleUploadSpecUsingConfig(t *testing.T) { } func TestReleaseBundleImportOnPrem(t *testing.T) { + initArtifactoryTest(t, "") // Cleanup defer func() { deleteReceivedReleaseBundle(t, deleteReleaseBundleV1ApiUrl, "cli-tests", "2") @@ -244,6 +245,7 @@ func TestReleaseBundleImportOnPrem(t *testing.T) { } func TestReleaseBundleV2Download(t *testing.T) { + initArtifactoryTest(t, "") buildNumber := "5" defer func() { deleteReceivedReleaseBundle(t, deleteReleaseBundleV2ApiUrl, tests.LcRbName1, buildNumber) From ddfac3fe2074f5fd56ef8323f04a8860176e8e2f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Sun, 8 Jun 2025 23:54:50 +0530 Subject: [PATCH 037/116] Added key pair generation --- .github/workflows/sonarIntegrationTests.yml | 2 + sonarintegration_test.go | 73 ++++++++++++++++++++- 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 4d5f8435c..90f93317b 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -75,4 +75,6 @@ jobs: - name: Run sonar integration tests env: JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} + PLATFORM_URL: ${{ secrets.PLATFORM_URL }} + PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration \ No newline at end of file diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 4f1de4274..e36bc6c93 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -1,7 +1,12 @@ package main import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" "encoding/json" + "encoding/pem" "fmt" "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils" configUtils "github.com/jfrog/jfrog-cli-core/v2/utils/config" @@ -91,14 +96,51 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { // Get the SonarQube access token setSonarAccessTokenFromEnv(t) - + privateKeyFilePath, publicKeyName := KeyPairGenerationAndUpload(t) // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=https://jfrog.com/evidence/sonarqube/v1", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local") + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=\"https://jfrog.com/evidence/sonarqube/v1\"", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+publicKeyName, "--key-path="+privateKeyFilePath) assert.Contains(t, output, "Successfully created evidence for SonarQube analysis") _, err := utils.CreateEvidenceServiceManager(evidenceDetails, false) assert.NoError(t, err) } +func KeyPairGenerationAndUpload(t *testing.T) (string, string) { + artifactoryURL := os.Getenv("PLATFORM_URL") + apiKey := os.Getenv("PLATFORM_API_KEY") + publicKeyName := "test-evidence-key" + privateKeyPath := "./test-evidence-private.pem" + publicKeyPath := "./test-evidence-public.pem" + + // 1. Generate RSA key pair + privateKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + t.Fatalf("Failed to generate private key: %v", err) + } + + // 2. Save private key to file + privBytes := x509.MarshalPKCS1PrivateKey(privateKey) + privPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes}) + err = os.WriteFile(privateKeyPath, privPem, 0600) + if err != nil { + t.Fatalf("Failed to write private key: %v", err) + } + + // 3. Save public key to file + pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) + if err != nil { + t.Fatalf("Failed to marshal public key: %v", err) + } + pubPem := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes}) + err = os.WriteFile(publicKeyPath, pubPem, 0644) + if err != nil { + t.Fatalf("Failed to write public key: %v", err) + } + + // 4. Upload public key to Artifactory + uploadPublicKeyToArtifactory(t, artifactoryURL, apiKey, publicKeyName, publicKeyPath) + return privateKeyPath, publicKeyName +} + func setSonarAccessTokenFromEnv(t *testing.T) { sonarToken := os.Getenv("SONAR_TOKEN") assert.NotEmpty(t, sonarToken, "SONAR_TOKEN should not be empty") @@ -167,3 +209,30 @@ func createHttpClient(t *testing.T, proxy string) *http.Client { } return client } + +// uploadPublicKeyToArtifactory uploads a PEM-encoded public key to Artifactory Evidence with the given alias. +func uploadPublicKeyToArtifactory(t *testing.T, artifactoryURL, apiKey, alias, publicKeyPath string) { + pubKeyBytes, err := os.ReadFile(publicKeyPath) + if err != nil { + t.Fatalf("Failed to read public key file: %v", err) + } + url := fmt.Sprintf("%s/api/v1/evidence/publicKey/%s", artifactoryURL, alias) + req, err := http.NewRequest("PUT", url, bytes.NewReader(pubKeyBytes)) + if err != nil { + t.Fatalf("Failed to create request: %v", err) + } + req.Header.Set("Content-Type", "application/octet-stream") + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) + } + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + t.Fatalf("Failed to upload public key: %v", err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusNoContent { + body, _ := io.ReadAll(resp.Body) + t.Fatalf("Failed to upload public key, status: %s, body: %s", resp.Status, string(body)) + } +} From 1816aeaa01206e20bf7da01d58526a228b3640c9 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 14:11:26 +0530 Subject: [PATCH 038/116] Added uploading signing keys --- sonarintegration_test.go | 101 +++++++++++++-------------------------- 1 file changed, 32 insertions(+), 69 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index e36bc6c93..feca8c23d 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -16,7 +16,6 @@ import ( "github.com/stretchr/testify/assert" "io" "net/http" - "net/url" "os" "strings" "testing" @@ -27,6 +26,14 @@ var ( evidenceDetails *configUtils.ServerDetails ) +type KeyPair struct { + PairName string `json:"pairName"` + PairType string `json:"pairType"` + Alias string `json:"alias"` + PrivateKey string `json:"privateKey"` + PublicKey string `json:"publicKey"` +} + func initSonarCli() { if sonarIntegrationCLI != nil { return @@ -137,7 +144,7 @@ func KeyPairGenerationAndUpload(t *testing.T) (string, string) { } // 4. Upload public key to Artifactory - uploadPublicKeyToArtifactory(t, artifactoryURL, apiKey, publicKeyName, publicKeyPath) + UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, publicKeyName, publicKeyPath) return privateKeyPath, publicKeyName } @@ -148,91 +155,47 @@ func setSonarAccessTokenFromEnv(t *testing.T) { assert.NoError(t, err) } -func getSonarAccessToken(t *testing.T) string { - client := createHttpClient(t, "") - req, err := createFetchSonarAccessTokenRequest(t) - resp, err := client.Do(req) +func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { + // Read the private key file + privKeyBytes, err := os.ReadFile(privateKeyPath) if err != nil { - assert.NoError(t, err) + t.Fatalf("Failed to read private key file: %v", err) } - defer resp.Body.Close() - assert.Equal(t, http.StatusOK, resp.StatusCode) - bodyBytes, err := io.ReadAll(resp.Body) + pubKeyBytes, err := os.ReadFile(publicKeyPath) if err != nil { assert.NoError(t, err) } - var result struct { - Token string `json:"token"` - } - - if err := json.Unmarshal(bodyBytes, &result); err != nil { - t.Fatalf("Failed to parse response: %v", err) - } - - return result.Token -} - -func createFetchSonarAccessTokenRequest(t *testing.T) (*http.Request, error) { - req, err := http.NewRequest("POST", "http://localhost:9000/api/user_tokens/generate", nil) + // Upload the private key to Artifactory Evidence + url := fmt.Sprintf("%s/api/v1/artifactory/api/security/keypair", artifactoryURL) + req, err := http.NewRequest("POST", url, bytes.NewReader(privKeyBytes)) if err != nil { t.Fatalf("Failed to create request: %v", err) } - req.SetBasicAuth("admin", "admin") - q := req.URL.Query() - q.Add("name", "jfrog-cli-token") - req.URL.RawQuery = q.Encode() - return req, err -} - -func createAndConfigureSonarProject(t *testing.T) { - // This function should create a SonarQube project and configure it as needed. - // It can include API calls to SonarQube to set up the project, quality gates, etc. - req, err := http.NewRequest("POST", "http://localhost:9000/api/projects/create", nil) - if err != nil { - assert.NoError(t, err) - } - req.Header.Set("Authorization", "Bearer "+getSonarAccessToken(t)) - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") -} - -func createHttpClient(t *testing.T, proxy string) *http.Client { - // Create a custom HTTP client with proxy settings if needed - client := &http.Client{} - if proxy != "" { - proxyURL, err := url.Parse(proxy) - if err != nil { - assert.NoError(t, err) - } - client.Transport = &http.Transport{ - Proxy: http.ProxyURL(proxyURL), - } + req.Header.Set("Content-Type", "application/json") + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) } - return client -} - -// uploadPublicKeyToArtifactory uploads a PEM-encoded public key to Artifactory Evidence with the given alias. -func uploadPublicKeyToArtifactory(t *testing.T, artifactoryURL, apiKey, alias, publicKeyPath string) { - pubKeyBytes, err := os.ReadFile(publicKeyPath) - if err != nil { - t.Fatalf("Failed to read public key file: %v", err) + reqBody := KeyPair{ + PairName: "test-signing-key", + PairType: "RSA", + Alias: "evidence-local", + PrivateKey: string(privKeyBytes), + PublicKey: string(pubKeyBytes), } - url := fmt.Sprintf("%s/api/v1/evidence/publicKey/%s", artifactoryURL, alias) - req, err := http.NewRequest("PUT", url, bytes.NewReader(pubKeyBytes)) + jsonBody, err := json.Marshal(reqBody) if err != nil { - t.Fatalf("Failed to create request: %v", err) - } - req.Header.Set("Content-Type", "application/octet-stream") - if apiKey != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) + t.Fatalf("Failed to marshal KeyPair struct: %v", err) } + req, err = http.NewRequest("POST", url, bytes.NewReader(jsonBody)) client := &http.Client{} resp, err := client.Do(req) if err != nil { - t.Fatalf("Failed to upload public key: %v", err) + t.Fatalf("Failed to upload private key: %v", err) } defer resp.Body.Close() if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusNoContent { body, _ := io.ReadAll(resp.Body) - t.Fatalf("Failed to upload public key, status: %s, body: %s", resp.Status, string(body)) + t.Fatalf("Failed to upload private key, status: %s, body: %s", resp.Status, string(body)) } + } From 6707365e288d755d464d615fc19e5e18a87742ef Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 14:17:16 +0530 Subject: [PATCH 039/116] Fix sonar test case --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index feca8c23d..b13975288 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -144,7 +144,7 @@ func KeyPairGenerationAndUpload(t *testing.T) (string, string) { } // 4. Upload public key to Artifactory - UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, publicKeyName, publicKeyPath) + UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyPath, publicKeyPath) return privateKeyPath, publicKeyName } From 05a7781392134c930f2f46754d281ef7c61b26df Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 14:22:11 +0530 Subject: [PATCH 040/116] Fixed key pair path --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index b13975288..1728b6f07 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -166,7 +166,7 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri assert.NoError(t, err) } // Upload the private key to Artifactory Evidence - url := fmt.Sprintf("%s/api/v1/artifactory/api/security/keypair", artifactoryURL) + url := fmt.Sprintf("%s/artifactory/api/security/keypair", artifactoryURL) req, err := http.NewRequest("POST", url, bytes.NewReader(privKeyBytes)) if err != nil { t.Fatalf("Failed to create request: %v", err) From 78c0adb03be8a7cd67e109eef29b20bb84f559b9 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 14:34:37 +0530 Subject: [PATCH 041/116] Fixed authentication issue --- sonarintegration_test.go | 42 +++++++++++++++++----------------------- 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 1728b6f07..5cb9fee76 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -34,6 +34,8 @@ type KeyPair struct { PublicKey string `json:"publicKey"` } +const KeyPairAlias = "evidence-local" + func initSonarCli() { if sonarIntegrationCLI != nil { return @@ -94,7 +96,7 @@ func TestSonarPrerequisites(t *testing.T) { } assert.True(t, strings.HasPrefix(sonarURL, "http://localhost:9000/api/ce/task?id="), "SonarQube URL is not valid: %s", sonarURL) taskID := strings.TrimPrefix(sonarURL, "http://localhost:9000/api/ce/task?id=") - assert.NotEmpty(t, taskID, "Evidence successfully created and verified") + assert.NotEmpty(t, taskID, "task ID should not be empty") } func TestSonarIntegrationAsEvidence(t *testing.T) { @@ -103,20 +105,21 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { // Get the SonarQube access token setSonarAccessTokenFromEnv(t) - privateKeyFilePath, publicKeyName := KeyPairGenerationAndUpload(t) + privateKeyFilePath := KeyPairGenerationAndUpload(t) // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=\"https://jfrog.com/evidence/sonarqube/v1\"", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+publicKeyName, "--key-path="+privateKeyFilePath) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=\"https://jfrog.com/evidence/sonarqube/v1\"", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) assert.Contains(t, output, "Successfully created evidence for SonarQube analysis") _, err := utils.CreateEvidenceServiceManager(evidenceDetails, false) assert.NoError(t, err) } -func KeyPairGenerationAndUpload(t *testing.T) (string, string) { +func KeyPairGenerationAndUpload(t *testing.T) string { artifactoryURL := os.Getenv("PLATFORM_URL") apiKey := os.Getenv("PLATFORM_API_KEY") - publicKeyName := "test-evidence-key" privateKeyPath := "./test-evidence-private.pem" publicKeyPath := "./test-evidence-public.pem" + assert.NotEmpty(t, artifactoryURL) + assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") // 1. Generate RSA key pair privateKey, err := rsa.GenerateKey(rand.Reader, 4096) @@ -145,7 +148,7 @@ func KeyPairGenerationAndUpload(t *testing.T) (string, string) { // 4. Upload public key to Artifactory UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyPath, publicKeyPath) - return privateKeyPath, publicKeyName + return privateKeyPath } func setSonarAccessTokenFromEnv(t *testing.T) { @@ -162,36 +165,27 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri t.Fatalf("Failed to read private key file: %v", err) } pubKeyBytes, err := os.ReadFile(publicKeyPath) - if err != nil { - assert.NoError(t, err) - } + assert.NoError(t, err) // Upload the private key to Artifactory Evidence url := fmt.Sprintf("%s/artifactory/api/security/keypair", artifactoryURL) - req, err := http.NewRequest("POST", url, bytes.NewReader(privKeyBytes)) - if err != nil { - t.Fatalf("Failed to create request: %v", err) - } - req.Header.Set("Content-Type", "application/json") - if apiKey != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } reqBody := KeyPair{ PairName: "test-signing-key", PairType: "RSA", - Alias: "evidence-local", + Alias: KeyPairAlias, PrivateKey: string(privKeyBytes), PublicKey: string(pubKeyBytes), } jsonBody, err := json.Marshal(reqBody) - if err != nil { - t.Fatalf("Failed to marshal KeyPair struct: %v", err) + assert.NoError(t, err) + req, err := http.NewRequest("POST", url, bytes.NewReader(jsonBody)) + assert.NoError(t, err) + req.Header.Set("Content-Type", "application/json") + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) } - req, err = http.NewRequest("POST", url, bytes.NewReader(jsonBody)) client := &http.Client{} resp, err := client.Do(req) - if err != nil { - t.Fatalf("Failed to upload private key: %v", err) - } + assert.NoError(t, err) defer resp.Body.Close() if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusNoContent { body, _ := io.ReadAll(resp.Body) From fd7220d808e83d7b81c998962c0f83511755778f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 15:37:14 +0530 Subject: [PATCH 042/116] Fixed RSA generation --- sonarintegration_test.go | 60 +++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 5cb9fee76..5033f1193 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -13,10 +13,12 @@ import ( coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" clientUtils "github.com/jfrog/jfrog-client-go/utils" + "github.com/jfrog/jfrog-client-go/utils/log" "github.com/stretchr/testify/assert" "io" "net/http" "os" + "path/filepath" "strings" "testing" ) @@ -116,39 +118,46 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { func KeyPairGenerationAndUpload(t *testing.T) string { artifactoryURL := os.Getenv("PLATFORM_URL") apiKey := os.Getenv("PLATFORM_API_KEY") - privateKeyPath := "./test-evidence-private.pem" - publicKeyPath := "./test-evidence-public.pem" assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - // 1. Generate RSA key pair - privateKey, err := rsa.GenerateKey(rand.Reader, 4096) + privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() + assert.NoError(t, err) + + UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyFilePath, publicKeyFilePath) + return privateKeyFilePath +} + +func generateRSAKeyPair() (string, string, error) { + privKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { - t.Fatalf("Failed to generate private key: %v", err) + return "", "", err } - - // 2. Save private key to file - privBytes := x509.MarshalPKCS1PrivateKey(privateKey) - privPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes}) - err = os.WriteFile(privateKeyPath, privPem, 0600) + privBytes := x509.MarshalPKCS1PrivateKey(privKey) + privPem := &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: privBytes, + } + pubBytes, err := x509.MarshalPKIXPublicKey(&privKey.PublicKey) if err != nil { - t.Fatalf("Failed to write private key: %v", err) + return "", "", err } - - // 3. Save public key to file - pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) + pubPem := &pem.Block{ + Type: "PUBLIC KEY", + Bytes: pubBytes, + } + tempDir := os.TempDir() + privPath := filepath.Join(tempDir, "private.pem") + pubPath := filepath.Join(tempDir, "public.pem") + err = os.WriteFile(privPath, pem.EncodeToMemory(privPem), 0600) if err != nil { - t.Fatalf("Failed to marshal public key: %v", err) + return "", "", err } - pubPem := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes}) - err = os.WriteFile(publicKeyPath, pubPem, 0644) + err = os.WriteFile(pubPath, pem.EncodeToMemory(pubPem), 0644) if err != nil { - t.Fatalf("Failed to write public key: %v", err) + return "", "", err } - - // 4. Upload public key to Artifactory - UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyPath, publicKeyPath) - return privateKeyPath + return privPath, pubPath, nil } func setSonarAccessTokenFromEnv(t *testing.T) { @@ -167,7 +176,8 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri pubKeyBytes, err := os.ReadFile(publicKeyPath) assert.NoError(t, err) // Upload the private key to Artifactory Evidence - url := fmt.Sprintf("%s/artifactory/api/security/keypair", artifactoryURL) + url := fmt.Sprintf("%sartifactory/api/security/keypair", artifactoryURL) + log.Debug(url) reqBody := KeyPair{ PairName: "test-signing-key", PairType: "RSA", @@ -177,13 +187,14 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri } jsonBody, err := json.Marshal(reqBody) assert.NoError(t, err) - req, err := http.NewRequest("POST", url, bytes.NewReader(jsonBody)) + req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(jsonBody)) assert.NoError(t, err) req.Header.Set("Content-Type", "application/json") if apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) } client := &http.Client{} + resp, err := client.Do(req) assert.NoError(t, err) defer resp.Body.Close() @@ -191,5 +202,4 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri body, _ := io.ReadAll(resp.Body) t.Fatalf("Failed to upload private key, status: %s, body: %s", resp.Status, string(body)) } - } From 36dce64fe1de1584161991105c39028e084c9f3a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 15:46:20 +0530 Subject: [PATCH 043/116] Updated command predicate type --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 5033f1193..0e92ee447 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -109,7 +109,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=\"https://jfrog.com/evidence/sonarqube/v1\"", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) assert.Contains(t, output, "Successfully created evidence for SonarQube analysis") _, err := utils.CreateEvidenceServiceManager(evidenceDetails, false) assert.NoError(t, err) From 1aa09048d9dd66fabc69b73ddec0e452e660ad72 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 15:59:03 +0530 Subject: [PATCH 044/116] Updated evidence cli command --- sonarintegration_test.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 0e92ee447..4ee1c7c75 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -8,7 +8,6 @@ import ( "encoding/json" "encoding/pem" "fmt" - "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils" configUtils "github.com/jfrog/jfrog-cli-core/v2/utils/config" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" @@ -109,10 +108,8 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evidence", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) - assert.Contains(t, output, "Successfully created evidence for SonarQube analysis") - _, err := utils.CreateEvidenceServiceManager(evidenceDetails, false) - assert.NoError(t, err) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) + assert.Contains(t, output, "Evidence successfully created and verified") } func KeyPairGenerationAndUpload(t *testing.T) string { From 4e1160d1c75d7ee47dd1cb9350aa75e82d3f7617 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 16:05:00 +0530 Subject: [PATCH 045/116] Trigger workflow From 5f175ff1f7769178e15268f30859bc5f5a0c8d60 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 16:09:11 +0530 Subject: [PATCH 046/116] Updated evd command --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 4ee1c7c75..65d5b96e6 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -108,7 +108,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key-path="+privateKeyFilePath) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) assert.Contains(t, output, "Evidence successfully created and verified") } From ff9700510d1aefa32b47d6a48e9a71e4752c0dcb Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 16:12:53 +0530 Subject: [PATCH 047/116] Trigger workflow From 323f915d12bba8a13f597687c676020941f029bf Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 9 Jun 2025 16:25:25 +0530 Subject: [PATCH 048/116] Added to delete signing key pair --- sonarintegration_test.go | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 65d5b96e6..120804306 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -107,8 +107,11 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { // Get the SonarQube access token setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) + // Run the JFrog CLI command to collect evidence - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", + "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", + "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) assert.Contains(t, output, "Evidence successfully created and verified") } @@ -117,7 +120,7 @@ func KeyPairGenerationAndUpload(t *testing.T) string { apiKey := os.Getenv("PLATFORM_API_KEY") assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - + deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, "test-signing-key") privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) @@ -164,6 +167,28 @@ func setSonarAccessTokenFromEnv(t *testing.T) { assert.NoError(t, err) } +func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPairName string) { + assert.NotEmpty(t, artifactoryURL) + assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") + + url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) + log.Debug(url) + req, err := http.NewRequest(http.MethodDelete, url, nil) + assert.NoError(t, err) + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) + } + client := &http.Client{} + + resp, err := client.Do(req) + assert.NoError(t, err) + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent { + body, _ := io.ReadAll(resp.Body) + t.Fatalf("Failed to delete private key, status: %s, body: %s", resp.Status, string(body)) + } +} + func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { // Read the private key file privKeyBytes, err := os.ReadFile(privateKeyPath) From c85da5a5887666b8cdbb1d3a5eb7b58f63caff10 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 08:21:55 +0530 Subject: [PATCH 049/116] Updated tests and cleaned redundant code and comments --- .github/workflows/sonarIntegrationTests.yml | 5 -- sonarintegration_test.go | 74 +++++++++++---------- 2 files changed, 38 insertions(+), 41 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 90f93317b..c47428e32 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -26,11 +26,6 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} -# - name: Install local Artifactory -# uses: bhanurp/.github/actions/install-local-artifactory@main -# with: -# RTLIC: ${{ secrets.RTLIC }} - - name: Fetch Sonar Access Token id: sonar_token run: | diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 120804306..54d53a0c5 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -35,7 +35,10 @@ type KeyPair struct { PublicKey string `json:"publicKey"` } -const KeyPairAlias = "evidence-local" +const ( + KeyPairAlias = "evidence-local" + keyPairName = "test-signing-key" +) func initSonarCli() { if sonarIntegrationCLI != nil { @@ -55,7 +58,6 @@ func authenticateEvidence() string { evidenceDetails = &configUtils.ServerDetails{ Url: *tests.JfrogUrl} evidenceDetails.EvidenceUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "evidence/" - cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -70,31 +72,25 @@ func authenticateEvidence() string { func TestSonarPrerequisites(t *testing.T) { initSonarIntegrationTest(t) - // read the file called report-task.txt reportFilePath := "testdata/maven/mavenprojectwithsonar/target/sonar/report-task.txt" if _, err := os.Stat(reportFilePath); os.IsNotExist(err) { t.Fatalf("Failed to find file %s", reportFilePath) } - // read file content fileContent, err := os.ReadFile(reportFilePath) if err != nil { t.Fatalf("Failed to read file %s: %v", reportFilePath, err) } - found := false + isCeTaskUrlFound := false sonarURL := "" for _, line := range strings.Split(string(fileContent), "\n") { if strings.HasPrefix(line, "ceTaskUrl=") { - found = true + isCeTaskUrlFound = true sonarURL = strings.TrimPrefix(line, "ceTaskUrl=") break } } - if !found { - t.Fatalf("File %s does not contain 'ceTaskUrl=' in any line", reportFilePath) - } - if sonarURL == "" { - t.Fatalf("File %s does not contain a valid SonarQube URL", reportFilePath) - } + assert.True(t, isCeTaskUrlFound, "File %s does not contain 'ceTaskUrl='", reportFilePath) + assert.NotEmpty(t, "File %s does not contain a valid SonarQube URL", reportFilePath) assert.True(t, strings.HasPrefix(sonarURL, "http://localhost:9000/api/ce/task?id="), "SonarQube URL is not valid: %s", sonarURL) taskID := strings.TrimPrefix(sonarURL, "http://localhost:9000/api/ce/task?id=") assert.NotEmpty(t, taskID, "task ID should not be empty") @@ -103,42 +99,40 @@ func TestSonarPrerequisites(t *testing.T) { func TestSonarIntegrationAsEvidence(t *testing.T) { initSonarCli() initSonarIntegrationTest(t) - - // Get the SonarQube access token setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) - - // Run the JFrog CLI command to collect evidence + t.Logf("privateKeyFilePath: %s", privateKeyFilePath) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) assert.Contains(t, output, "Evidence successfully created and verified") } +// KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, +// generates a new RSA key pair, and uploads it to Artifactory. func KeyPairGenerationAndUpload(t *testing.T) string { artifactoryURL := os.Getenv("PLATFORM_URL") apiKey := os.Getenv("PLATFORM_API_KEY") assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, "test-signing-key") + deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) - UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyFilePath, publicKeyFilePath) return privateKeyFilePath } func generateRSAKeyPair() (string, string, error) { - privKey, err := rsa.GenerateKey(rand.Reader, 2048) + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { return "", "", err } - privBytes := x509.MarshalPKCS1PrivateKey(privKey) - privPem := &pem.Block{ + privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) + privateKeyPEM := &pem.Block{ Type: "RSA PRIVATE KEY", - Bytes: privBytes, + Bytes: privateKeyBytes, } - pubBytes, err := x509.MarshalPKIXPublicKey(&privKey.PublicKey) + pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) if err != nil { return "", "", err } @@ -147,9 +141,9 @@ func generateRSAKeyPair() (string, string, error) { Bytes: pubBytes, } tempDir := os.TempDir() - privPath := filepath.Join(tempDir, "private.pem") + privateKeyPath := filepath.Join(tempDir, "private.pem") pubPath := filepath.Join(tempDir, "public.pem") - err = os.WriteFile(privPath, pem.EncodeToMemory(privPem), 0600) + err = os.WriteFile(privateKeyPath, pem.EncodeToMemory(privateKeyPEM), 0600) if err != nil { return "", "", err } @@ -157,10 +151,12 @@ func generateRSAKeyPair() (string, string, error) { if err != nil { return "", "", err } - return privPath, pubPath, nil + return privateKeyPath, pubPath, nil } func setSonarAccessTokenFromEnv(t *testing.T) { + // SONAR_TOKEN is set in the environment variables via GitHub actions workflow + // refer to .github/workflows/sonarIntegrationTests.yml sonarToken := os.Getenv("SONAR_TOKEN") assert.NotEmpty(t, sonarToken, "SONAR_TOKEN should not be empty") err := os.Setenv("JF_SONAR_ACCESS_TOKEN", sonarToken) @@ -170,7 +166,6 @@ func setSonarAccessTokenFromEnv(t *testing.T) { func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPairName string) { assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) log.Debug(url) req, err := http.NewRequest(http.MethodDelete, url, nil) @@ -179,32 +174,35 @@ func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPa req.Header.Set("Authorization", "Bearer "+apiKey) } client := &http.Client{} - resp, err := client.Do(req) assert.NoError(t, err) - defer resp.Body.Close() + defer func(Body io.ReadCloser) { + err := Body.Close() + if err != nil { + assert.NoError(t, err, "Failed to close response body") + } + }(resp.Body) if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent { body, _ := io.ReadAll(resp.Body) t.Fatalf("Failed to delete private key, status: %s, body: %s", resp.Status, string(body)) } } +// UploadSigningKeyPairToArtifactory reads private and public key files and uploads them to Artifactory. func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { - // Read the private key file - privKeyBytes, err := os.ReadFile(privateKeyPath) + privateKeyBytes, err := os.ReadFile(privateKeyPath) if err != nil { t.Fatalf("Failed to read private key file: %v", err) } pubKeyBytes, err := os.ReadFile(publicKeyPath) assert.NoError(t, err) - // Upload the private key to Artifactory Evidence url := fmt.Sprintf("%sartifactory/api/security/keypair", artifactoryURL) log.Debug(url) reqBody := KeyPair{ - PairName: "test-signing-key", + PairName: keyPairName, PairType: "RSA", Alias: KeyPairAlias, - PrivateKey: string(privKeyBytes), + PrivateKey: string(privateKeyBytes), PublicKey: string(pubKeyBytes), } jsonBody, err := json.Marshal(reqBody) @@ -216,10 +214,14 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri req.Header.Set("Authorization", "Bearer "+apiKey) } client := &http.Client{} - resp, err := client.Do(req) assert.NoError(t, err) - defer resp.Body.Close() + defer func(Body io.ReadCloser) { + err := Body.Close() + if err != nil { + assert.NoError(t, err, "Failed to close response body") + } + }(resp.Body) if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusNoContent { body, _ := io.ReadAll(resp.Body) t.Fatalf("Failed to upload private key, status: %s, body: %s", resp.Status, string(body)) From 45e6bceb88f04585647090982371bbd3b26c4cd4 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 08:52:39 +0530 Subject: [PATCH 050/116] Added params logs --- .github/workflows/sonarIntegrationTests.yml | 1 + sonarintegration_test.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index c47428e32..71364db4d 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -2,6 +2,7 @@ name: SonarQube Integration Tests on: workflow_dispatch: push: + # TODO - Remove this branch filter once the spike is complete. branches: [ sonar-evd-spike ] jobs: diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 54d53a0c5..02a37282b 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -101,7 +101,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { initSonarIntegrationTest(t) setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) - t.Logf("privateKeyFilePath: %s", privateKeyFilePath) + t.Logf("Running evd create with params: --predicate-type=sonar, --package-name=demo-sonar, --package-version=1.0, --package-repo-name=dev-maven-local, --key-alias=%s, --key=%s", KeyPairAlias, privateKeyFilePath) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) From 24df628434bc0ee43697a01a34cd3a64de09ff64 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 11:26:56 +0530 Subject: [PATCH 051/116] Added url and token params --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 71364db4d..28e512112 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -73,4 +73,4 @@ jobs: JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration \ No newline at end of file + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} \ No newline at end of file From 7aa5df41f853132541e68f12b6c125e5ed430a23 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 11:36:14 +0530 Subject: [PATCH 052/116] Updated dependencies --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8369ae769..08a8b2aa5 100644 --- a/go.mod +++ b/go.mod @@ -193,6 +193,6 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645 replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 723691eff..d49193520 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be h1:8sCl2NyGmrESzYysWi8oc5kE6HVFfEajwoQDdFV3yJc= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250524073414-f360d2dce3be/go.mod h1:9rj/lOaroGXp5Us1iReU0BzWiGRMKttbVnrW6Kh+RJM= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645 h1:2TmHsZ26G/kVmcOffHcEj2aKpaQgvfKGToJ8uZ0xSdE= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= From 5a824c846d62303f96d924b6ae2d744b8479dac6 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 11:40:58 +0530 Subject: [PATCH 053/116] Updated workflow to reflect required env --- .github/workflows/sonarIntegrationTests.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 28e512112..e225fc277 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -33,7 +33,7 @@ jobs: echo "Fetching SonarQube access token..." TOKEN=$(curl -s -X POST -u "admin:admin" \ "http://localhost:9000/api/user_tokens/generate?name=github-actions-token" | jq -r '.token') - echo "SONAR_TOKEN=${TOKEN}" >> $GITHUB_ENV + echo "SONARQUBE_TOKEN=${TOKEN}" >> $GITHUB_ENV - name: Create Project in SonarQube run: | @@ -66,11 +66,11 @@ jobs: -Dsonar.projectKey=mvn-sonar \ -Dsonar.projectName='mvn-sonar' \ -Dsonar.host.url=http://localhost:9000 \ - -Dsonar.token=${SONAR_TOKEN} + -Dsonar.token=${SONARQUBE_TOKEN} - name: Run sonar integration tests env: - JFROG_SONAR_ACCESS_TOKEN: ${SONAR_TOKEN} + JF_SONARQUBE_ACCESS_TOKEN: ${SONARQUBE_TOKEN} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} \ No newline at end of file From 97e9142abc6c441deca5a7c88d4639f0d727f8ed Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 11:56:52 +0530 Subject: [PATCH 054/116] Updated workflow to reflect required env --- sonarintegration_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 02a37282b..c5f46b814 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -101,6 +101,17 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { initSonarIntegrationTest(t) setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) + + // Change to the directory containing the Maven project and execute cli command + origDir, err := os.Getwd() + assert.NoError(t, err) + newDir := "testdata/maven/mavenprojectwithsonar" + err = os.Chdir(newDir) + assert.NoError(t, err) + defer func() { + err := os.Chdir(origDir) + assert.NoError(t, err) + }() t.Logf("Running evd create with params: --predicate-type=sonar, --package-name=demo-sonar, --package-version=1.0, --package-repo-name=dev-maven-local, --key-alias=%s, --key=%s", KeyPairAlias, privateKeyFilePath) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", From dc880246f155b1571255aed7104920422474c6c3 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 12:25:23 +0530 Subject: [PATCH 055/116] Updated sonar pre requisites workflow --- sonarintegration_test.go | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index c5f46b814..ebcabfa6e 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -51,6 +51,10 @@ func initSonarIntegrationTest(t *testing.T) { if !*tests.TestSonar { t.Skip("Skipping Access test. To run Access test add the '-test.access=true' option.") } + // check if JF_SONARQUBE_ACCESS_TOKEN env variable is empty then throw an error + if os.Getenv("JF_SONARQUBE_ACCESS_TOKEN") == "" { + t.Fatal("JF_SONARQUBE_ACCESS_TOKEN environment variable is not set. Please set it to run the SonarQube integration test.") + } } func authenticateEvidence() string { @@ -94,12 +98,27 @@ func TestSonarPrerequisites(t *testing.T) { assert.True(t, strings.HasPrefix(sonarURL, "http://localhost:9000/api/ce/task?id="), "SonarQube URL is not valid: %s", sonarURL) taskID := strings.TrimPrefix(sonarURL, "http://localhost:9000/api/ce/task?id=") assert.NotEmpty(t, taskID, "task ID should not be empty") + resp, err := http.Get("http://localhost:9000/api/system/status") + if err != nil { + t.Fatalf("Failed to connect to SonarQube server: %v", err) + } + assert.Equal(t, resp.StatusCode, http.StatusOK, "SonarQube server is not running or returned an unexpected status code") + // Check if given sonar_access_token is valid + sonarAccessToken := os.Getenv("JF_SONARQUBE_ACCESS_TOKEN") + if sonarAccessToken == "" { + t.Fatal("JF_SONARQUBE_ACCESS_TOKEN environment variable is not set. Please set it to run the SonarQube integration test.") + } + // use sonarAccessToken to authenticate with SonarQube + req, err := http.NewRequest("GET", "http://localhost:9000/api/authentication/validate", nil) + req.Header.Set("Authorization", "Bearer "+sonarAccessToken) + client := &http.Client{} + resp, err = client.Do(req) + assert.NoError(t, err, "Failed to validate SonarQube access token") } func TestSonarIntegrationAsEvidence(t *testing.T) { initSonarCli() initSonarIntegrationTest(t) - setSonarAccessTokenFromEnv(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) // Change to the directory containing the Maven project and execute cli command @@ -165,15 +184,6 @@ func generateRSAKeyPair() (string, string, error) { return privateKeyPath, pubPath, nil } -func setSonarAccessTokenFromEnv(t *testing.T) { - // SONAR_TOKEN is set in the environment variables via GitHub actions workflow - // refer to .github/workflows/sonarIntegrationTests.yml - sonarToken := os.Getenv("SONAR_TOKEN") - assert.NotEmpty(t, sonarToken, "SONAR_TOKEN should not be empty") - err := os.Setenv("JF_SONAR_ACCESS_TOKEN", sonarToken) - assert.NoError(t, err) -} - func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPairName string) { assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") From d53e56208a0032fe53365b019aaced07632cf78e Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 12:44:22 +0530 Subject: [PATCH 056/116] Updated workflow and tests --- .github/workflows/sonarIntegrationTests.yml | 5 +++-- sonarintegration_test.go | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index e225fc277..968cf1421 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -34,6 +34,7 @@ jobs: TOKEN=$(curl -s -X POST -u "admin:admin" \ "http://localhost:9000/api/user_tokens/generate?name=github-actions-token" | jq -r '.token') echo "SONARQUBE_TOKEN=${TOKEN}" >> $GITHUB_ENV + echo "JF_SONARQUBE_ACCESS_TOKEN=${TOKEN}" >> $GITHUB_ENV - name: Create Project in SonarQube run: | @@ -70,7 +71,7 @@ jobs: - name: Run sonar integration tests env: - JF_SONARQUBE_ACCESS_TOKEN: ${SONARQUBE_TOKEN} + JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} \ No newline at end of file + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ebcabfa6e..8d6d7a3e2 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -120,7 +120,9 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { initSonarCli() initSonarIntegrationTest(t) privateKeyFilePath := KeyPairGenerationAndUpload(t) - + err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") + assert.NoError(t, err) + defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") // Change to the directory containing the Maven project and execute cli command origDir, err := os.Getwd() assert.NoError(t, err) From 3a28b3bdcb71c9c5027defaf479d48193cace771 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 13:14:39 +0530 Subject: [PATCH 057/116] Updated workflow and tests --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 8d6d7a3e2..f52abfb50 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -133,7 +133,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { err := os.Chdir(origDir) assert.NoError(t, err) }() - t.Logf("Running evd create with params: --predicate-type=sonar, --package-name=demo-sonar, --package-version=1.0, --package-repo-name=dev-maven-local, --key-alias=%s, --key=%s", KeyPairAlias, privateKeyFilePath) + t.Logf("Running evd create with evidence url=%s", evidenceDetails.EvidenceUrl) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) From 2e8fd105a7b69a85b9afcefc2c05e5f360567eb2 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 13:31:36 +0530 Subject: [PATCH 058/116] Updated artifactory URL --- sonarintegration_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index f52abfb50..590559403 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -49,7 +49,7 @@ func initSonarCli() { func initSonarIntegrationTest(t *testing.T) { if !*tests.TestSonar { - t.Skip("Skipping Access test. To run Access test add the '-test.access=true' option.") + t.Skip("Skipping Access test. To run Access test add the '-test.Sonar=true' option.") } // check if JF_SONARQUBE_ACCESS_TOKEN env variable is empty then throw an error if os.Getenv("JF_SONARQUBE_ACCESS_TOKEN") == "" { @@ -62,6 +62,7 @@ func authenticateEvidence() string { evidenceDetails = &configUtils.ServerDetails{ Url: *tests.JfrogUrl} evidenceDetails.EvidenceUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "evidence/" + evidenceDetails.ArtifactoryUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "artifactory/" cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken From db543e312a8b0096fddb8fb707ee8e2c4752651e Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 22:53:34 +0530 Subject: [PATCH 059/116] Added debug log --- .github/workflows/sonarIntegrationTests.yml | 4 +++- .jfrog/projects/dotnet.yaml | 5 ----- 2 files changed, 3 insertions(+), 6 deletions(-) delete mode 100644 .jfrog/projects/dotnet.yaml diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 968cf1421..da3a72093 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,4 +74,6 @@ jobs: JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + run: | + jf c show + go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} diff --git a/.jfrog/projects/dotnet.yaml b/.jfrog/projects/dotnet.yaml deleted file mode 100644 index 627afcd92..000000000 --- a/.jfrog/projects/dotnet.yaml +++ /dev/null @@ -1,5 +0,0 @@ -version: 1 -type: dotnet -resolver: - repo: dotnet-virtual - serverId: local From 69b87d0e79f735faea4c584acedb78057b12aa77 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 23:07:34 +0530 Subject: [PATCH 060/116] Added debug log --- .github/workflows/sonarIntegrationTests.yml | 2 +- sonarintegration_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index da3a72093..63c581c8c 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -75,5 +75,5 @@ jobs: PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} run: | - jf c show + jfrog c show go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 590559403..de1953310 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -221,7 +221,7 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri pubKeyBytes, err := os.ReadFile(publicKeyPath) assert.NoError(t, err) url := fmt.Sprintf("%sartifactory/api/security/keypair", artifactoryURL) - log.Debug(url) + t.Logf("Keypair create URL %s", url) reqBody := KeyPair{ PairName: keyPairName, PairType: "RSA", From d13aa4c60fca8a112208140a0a3df7db77c1f8ec Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 23:24:24 +0530 Subject: [PATCH 061/116] Updated to use jf --- .github/workflows/sonarIntegrationTests.yml | 2 +- sonarintegration_test.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 63c581c8c..da3a72093 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -75,5 +75,5 @@ jobs: PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} run: | - jfrog c show + jf c show go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} diff --git a/sonarintegration_test.go b/sonarintegration_test.go index de1953310..9f8e2d53e 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -49,7 +49,7 @@ func initSonarCli() { func initSonarIntegrationTest(t *testing.T) { if !*tests.TestSonar { - t.Skip("Skipping Access test. To run Access test add the '-test.Sonar=true' option.") + t.Skip("Skipping Access test. To run Access test add the '-test.sonarIntegration=true' option.") } // check if JF_SONARQUBE_ACCESS_TOKEN env variable is empty then throw an error if os.Getenv("JF_SONARQUBE_ACCESS_TOKEN") == "" { @@ -61,8 +61,6 @@ func authenticateEvidence() string { *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) evidenceDetails = &configUtils.ServerDetails{ Url: *tests.JfrogUrl} - evidenceDetails.EvidenceUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "evidence/" - evidenceDetails.ArtifactoryUrl = clientUtils.AddTrailingSlashIfNeeded(evidenceDetails.Url) + "artifactory/" cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -138,7 +136,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) - assert.Contains(t, output, "Evidence successfully created and verified") + assert.Contains(t, output, "Fetched sonar evidence successfully") } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, From 566ef15c73929e5835a2300f827d2190f670fe48 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 11 Jun 2025 23:49:02 +0530 Subject: [PATCH 062/116] Added key alias name --- sonarintegration_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 9f8e2d53e..5054028fb 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -132,10 +132,9 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { err := os.Chdir(origDir) assert.NoError(t, err) }() - t.Logf("Running evd create with evidence url=%s", evidenceDetails.EvidenceUrl) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", - "--key-alias="+KeyPairAlias, "--key="+privateKeyFilePath) + "--key-alias="+keyPairName, "--key="+privateKeyFilePath) assert.Contains(t, output, "Fetched sonar evidence successfully") } From f08866e56f79a5b1022b9c7bd8bf956c1ad292d9 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 12 Jun 2025 08:28:25 +0530 Subject: [PATCH 063/116] Updated to verify evidence via get evidence API --- .github/workflows/sonarIntegrationTests.yml | 4 +-- sonarintegration_test.go | 35 ++++++++++++++++++--- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index da3a72093..968cf1421 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,6 +74,4 @@ jobs: JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: | - jf c show - go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 5054028fb..1c98cc489 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -122,7 +122,6 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") assert.NoError(t, err) defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") - // Change to the directory containing the Maven project and execute cli command origDir, err := os.Getwd() assert.NoError(t, err) newDir := "testdata/maven/mavenprojectwithsonar" @@ -135,11 +134,38 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) - assert.Contains(t, output, "Fetched sonar evidence successfully") + t.Logf("Command output: %s", output) + if !strings.Contains(output, "Successfully created evidence") { + t.Log("Success message not found in output, verifying evidence creation directly") + evidenceURL := fmt.Sprintf("%sevidence/api/v1/evidence?package.name=demo-sonar&package.version=1.0&package.repository=dev-maven-local", + evidenceDetails.Url) + req, err := http.NewRequest(http.MethodGet, evidenceURL, nil) + assert.NoError(t, err) + if evidenceDetails.AccessToken != "" { + req.Header.Set("Authorization", "Bearer "+evidenceDetails.AccessToken) + } else { + req.SetBasicAuth(evidenceDetails.User, evidenceDetails.Password) + } + client := &http.Client{} + resp, err := client.Do(req) + assert.NoError(t, err) + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + assert.NoError(t, err) + t.Logf("Evidence API response status: %s", resp.Status) + t.Logf("Evidence API response body: %s", string(body)) + + // Check if the evidence exists + assert.Equal(t, http.StatusOK, resp.StatusCode, "Failed to verify evidence creation") + assert.Contains(t, string(body), "demo-sonar", "Evidence not found in repository") + } + + // Test passed if either: + // 1. The command output contains success message, or + // 2. The direct API verification succeeded } -// KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, -// generates a new RSA key pair, and uploads it to Artifactory. func KeyPairGenerationAndUpload(t *testing.T) string { artifactoryURL := os.Getenv("PLATFORM_URL") apiKey := os.Getenv("PLATFORM_API_KEY") @@ -209,7 +235,6 @@ func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPa } } -// UploadSigningKeyPairToArtifactory reads private and public key files and uploads them to Artifactory. func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { privateKeyBytes, err := os.ReadFile(privateKeyPath) if err != nil { From 9f2ad16e4c7c91b8768145df5ba8a8c6a6b5994f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 12 Jun 2025 08:50:47 +0530 Subject: [PATCH 064/116] Updated artifactory evidence get --- sonarintegration_test.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 1c98cc489..27f999c08 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -137,15 +137,22 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { t.Logf("Command output: %s", output) if !strings.Contains(output, "Successfully created evidence") { t.Log("Success message not found in output, verifying evidence creation directly") - evidenceURL := fmt.Sprintf("%sevidence/api/v1/evidence?package.name=demo-sonar&package.version=1.0&package.repository=dev-maven-local", + + // According to the Evidence API docs (https://jfrog.com/help/r/jfrog-rest-apis/get-evidence) + // The correct endpoint is /artifactory/api/evidence/{packageType}/{repo}/{name}/{version} + evidenceURL := fmt.Sprintf("%sartifactory/api/evidence/sonar/dev-maven-local/demo-sonar/1.0", evidenceDetails.Url) + req, err := http.NewRequest(http.MethodGet, evidenceURL, nil) assert.NoError(t, err) + + // Set authorization header if evidenceDetails.AccessToken != "" { req.Header.Set("Authorization", "Bearer "+evidenceDetails.AccessToken) } else { req.SetBasicAuth(evidenceDetails.User, evidenceDetails.Password) } + client := &http.Client{} resp, err := client.Do(req) assert.NoError(t, err) @@ -153,6 +160,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { body, err := io.ReadAll(resp.Body) assert.NoError(t, err) + t.Logf("Evidence API response status: %s", resp.Status) t.Logf("Evidence API response body: %s", string(body)) From e501fa7c9814eed44d31e0a62d0d886892b17212 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 12 Jun 2025 09:40:15 +0530 Subject: [PATCH 065/116] Removed artifactory evidence get --- sonarintegration_test.go | 43 +++++----------------------------------- 1 file changed, 5 insertions(+), 38 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 27f999c08..d21b49121 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -122,6 +122,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") assert.NoError(t, err) defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") + // Change to the directory containing the Maven project and execute cli command origDir, err := os.Getwd() assert.NoError(t, err) newDir := "testdata/maven/mavenprojectwithsonar" @@ -134,46 +135,11 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) - t.Logf("Command output: %s", output) - if !strings.Contains(output, "Successfully created evidence") { - t.Log("Success message not found in output, verifying evidence creation directly") - - // According to the Evidence API docs (https://jfrog.com/help/r/jfrog-rest-apis/get-evidence) - // The correct endpoint is /artifactory/api/evidence/{packageType}/{repo}/{name}/{version} - evidenceURL := fmt.Sprintf("%sartifactory/api/evidence/sonar/dev-maven-local/demo-sonar/1.0", - evidenceDetails.Url) - - req, err := http.NewRequest(http.MethodGet, evidenceURL, nil) - assert.NoError(t, err) - - // Set authorization header - if evidenceDetails.AccessToken != "" { - req.Header.Set("Authorization", "Bearer "+evidenceDetails.AccessToken) - } else { - req.SetBasicAuth(evidenceDetails.User, evidenceDetails.Password) - } - - client := &http.Client{} - resp, err := client.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - assert.NoError(t, err) - - t.Logf("Evidence API response status: %s", resp.Status) - t.Logf("Evidence API response body: %s", string(body)) - - // Check if the evidence exists - assert.Equal(t, http.StatusOK, resp.StatusCode, "Failed to verify evidence creation") - assert.Contains(t, string(body), "demo-sonar", "Evidence not found in repository") - } - - // Test passed if either: - // 1. The command output contains success message, or - // 2. The direct API verification succeeded + assert.Empty(t, output) } +// KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, +// generates a new RSA key pair, and uploads it to Artifactory. func KeyPairGenerationAndUpload(t *testing.T) string { artifactoryURL := os.Getenv("PLATFORM_URL") apiKey := os.Getenv("PLATFORM_API_KEY") @@ -243,6 +209,7 @@ func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPa } } +// UploadSigningKeyPairToArtifactory reads private and public key files and uploads them to Artifactory. func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { privateKeyBytes, err := os.ReadFile(privateKeyPath) if err != nil { From f444e665a53fdf27f9d8445655b2dc7696ba35df Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 12 Jun 2025 10:46:09 +0530 Subject: [PATCH 066/116] Reverted checks --- sonarintegration_test.go | 78 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index d21b49121..7a9ab7dac 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -136,6 +136,8 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) assert.Empty(t, output) + evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + assert.NoError(t, err) } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, @@ -248,3 +250,79 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri t.Fatalf("Failed to upload private key, status: %s, body: %s", resp.Status, string(body)) } } + +// create a function to fetch the evidence from artifactory using docs https://jfrog.com/help/r/jfrog-rest-apis/get-evidence +// FetchEvidenceFromArtifactory fetches evidence using GraphQL API +func FetchEvidenceFromArtifactory(t *testing.T, artifactoryURL, apiKey, packageRepo, packageName, packageVersion string) ([]byte, error) { + // Construct the GraphQL API URL + url := fmt.Sprintf("%sonemodel/api/v1/graphql", clientUtils.AddTrailingSlashIfNeeded(artifactoryURL)) + + t.Logf("Fetching evidence from GraphQL API: %s", url) + + // Construct the GraphQL query + query := fmt.Sprintf(`{ + evidence(filter: { + package: { + repository: "%s", + name: "%s", + version: "%s" + } + }) { + edges { + node { + id + predicate + timestamp + published + created + signature + identity { + name + } + } + } + } + }`, packageRepo, packageName, packageVersion) + + // Create request payload + requestBody, err := json.Marshal(map[string]string{ + "query": query, + }) + if err != nil { + return nil, fmt.Errorf("failed to create GraphQL request: %v", err) + } + + // Create the request + req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(requestBody)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %v", err) + } + + // Set headers + req.Header.Set("Content-Type", "application/json") + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) + } + + // Execute the request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("failed to execute request: %v", err) + } + defer resp.Body.Close() + + // Read response body + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response body: %v", err) + } + + // Check response status + if resp.StatusCode != http.StatusOK { + return body, fmt.Errorf("evidence API returned non-OK status: %s, body: %s", + resp.Status, string(body)) + } + + return body, nil +} From 2af5d3d6822517fbe184f73c7ea2f315af884515 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 12 Jun 2025 10:53:42 +0530 Subject: [PATCH 067/116] Fixed compilation issue --- sonarintegration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 7a9ab7dac..765c5ea1a 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -138,6 +138,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { assert.Empty(t, output) evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) + t.Logf("Evidence response: %s", evidenceResponse) } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, From eb6be4807b9545c9c6caac4807c3e9d9fac24bb3 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 13 Jun 2025 13:08:01 +0530 Subject: [PATCH 068/116] Added fetch evidence from artifactory --- sonarintegration_test.go | 66 +++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 34 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 765c5ea1a..a8815e680 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -252,7 +252,6 @@ func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, pri } } -// create a function to fetch the evidence from artifactory using docs https://jfrog.com/help/r/jfrog-rest-apis/get-evidence // FetchEvidenceFromArtifactory fetches evidence using GraphQL API func FetchEvidenceFromArtifactory(t *testing.T, artifactoryURL, apiKey, packageRepo, packageName, packageVersion string) ([]byte, error) { // Construct the GraphQL API URL @@ -260,30 +259,27 @@ func FetchEvidenceFromArtifactory(t *testing.T, artifactoryURL, apiKey, packageR t.Logf("Fetching evidence from GraphQL API: %s", url) - // Construct the GraphQL query + // Construct the GraphQL query using the working format query := fmt.Sprintf(`{ - evidence(filter: { - package: { - repository: "%s", - name: "%s", - version: "%s" - } - }) { - edges { - node { - id - predicate - timestamp - published - created - signature - identity { + evidence { + searchEvidence(where:{hasSubjectWith:{repositoryKey:"%s"}}) { + edges { + node { name + path + repositoryKey + downloadPath + sha256 + predicateType + createdAt + createdBy + verified + predicateSlug } } } } - }`, packageRepo, packageName, packageVersion) + }`, packageRepo) // Create request payload requestBody, err := json.Marshal(map[string]string{ @@ -303,27 +299,29 @@ func FetchEvidenceFromArtifactory(t *testing.T, artifactoryURL, apiKey, packageR req.Header.Set("Content-Type", "application/json") if apiKey != "" { req.Header.Set("Authorization", "Bearer "+apiKey) + } else { + t.Fatal("API key is required to fetch evidence from Artifactory") } - - // Execute the request + // Send the request client := &http.Client{} resp, err := client.Do(req) if err != nil { - return nil, fmt.Errorf("failed to execute request: %v", err) + return nil, fmt.Errorf("failed to send request: %v", err) } - defer resp.Body.Close() - - // Read response body - body, err := io.ReadAll(resp.Body) + defer func(Body io.ReadCloser) { + err := Body.Close() + if err != nil { + assert.NoError(t, err, "Failed to close response body") + } + }(resp.Body) + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + return nil, fmt.Errorf("failed to fetch evidence, status: %s, body: %s", resp.Status, string(body)) + } + // Read the response body + bodyBytes, err := io.ReadAll(resp.Body) if err != nil { return nil, fmt.Errorf("failed to read response body: %v", err) } - - // Check response status - if resp.StatusCode != http.StatusOK { - return body, fmt.Errorf("evidence API returned non-OK status: %s, body: %s", - resp.Status, string(body)) - } - - return body, nil + return bodyBytes, nil } From bcb9d1a7ab690d9437016f65e3c557cd81b8c181 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 13 Jun 2025 15:28:10 +0530 Subject: [PATCH 069/116] Added to run only sonar integration tests --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 968cf1421..7402a18a6 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,4 +74,4 @@ jobs: JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + run: go test -v github.com/jfrog/jfrog-cli/sonarintegration_test.go --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} From 73eff661371a3c6fa9ed215bede801621d1c22ef Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 17 Jun 2025 11:53:16 +0530 Subject: [PATCH 070/116] Added to run sonar integration tests only --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 7402a18a6..51073166a 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,4 +74,4 @@ jobs: JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v github.com/jfrog/jfrog-cli/sonarintegration_test.go --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli/sonarintegration_test.go --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} From 53e79c85fd549a6f1820631eea9d540c574cca9a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 17 Jun 2025 12:40:33 +0530 Subject: [PATCH 071/116] Updated tests path --- .github/workflows/sonarIntegrationTests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 51073166a..000c12c05 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -74,4 +74,4 @@ jobs: JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }} PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} - run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli/sonarintegration_test.go --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} From 7703593259cf5a4675c7f582f962cbb60f7d02ba Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 17 Jun 2025 15:36:35 +0530 Subject: [PATCH 072/116] Added cleanup step --- .github/workflows/sonarIntegrationTests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 000c12c05..0b6bb39d6 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -75,3 +75,8 @@ jobs: PLATFORM_URL: ${{ secrets.PLATFORM_URL }} PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }} run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} + + - name: Clean up + run: | + echo "Cleaning up generated artifacts and maven packages..." + jf rt del "dev-maven-local/com/example/demo-sonar/1.0*" --recursive --fail-no-op From 034d810f4e2e4a8ab7d1391385a70a35eb7757e7 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 08:23:21 +0530 Subject: [PATCH 073/116] Trigger workflow From d9c6b252048b1a93a12d836969ee8f9cf1119e3d Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 13:06:38 +0530 Subject: [PATCH 074/116] Added zero config test case --- sonarintegration_test.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index a8815e680..11674e9c3 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -141,6 +141,36 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { t.Logf("Evidence response: %s", evidenceResponse) } +func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { + initSonarCli() + initSonarIntegrationTest(t) + privateKeyFilePath := KeyPairGenerationAndUpload(t) + err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") + assert.NoError(t, err) + defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") + // Change to the directory containing the Maven project and execute cli command + origDir, err := os.Getwd() + assert.NoError(t, err) + newDir := "testdata/maven/mavenprojectwithsonar" + err = os.Chdir(newDir) + assert.NoError(t, err) + defer func() { + err := os.Chdir(origDir) + assert.NoError(t, err) + }() + // Remove the directory .jfrog/evidence + evidenceDir := filepath.Join(".jfrog", "evidence") + err = os.RemoveAll(evidenceDir) + assert.NoError(t, err) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", + "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", + "--key-alias="+keyPairName, "--key="+privateKeyFilePath) + assert.Empty(t, output) + evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + assert.NoError(t, err) + t.Logf("Evidence response: %s", evidenceResponse) +} + // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, // generates a new RSA key pair, and uploads it to Artifactory. func KeyPairGenerationAndUpload(t *testing.T) string { From 7094e9b8d12d141ca4f1acd6c29d4ae405e5710e Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 13:13:17 +0530 Subject: [PATCH 075/116] Merged zero config test case --- sonarintegration_test.go | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 11674e9c3..ed3bdc939 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -139,34 +139,13 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) t.Logf("Evidence response: %s", evidenceResponse) -} - -func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { - initSonarCli() - initSonarIntegrationTest(t) - privateKeyFilePath := KeyPairGenerationAndUpload(t) - err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") - assert.NoError(t, err) - defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") - // Change to the directory containing the Maven project and execute cli command - origDir, err := os.Getwd() - assert.NoError(t, err) - newDir := "testdata/maven/mavenprojectwithsonar" - err = os.Chdir(newDir) - assert.NoError(t, err) - defer func() { - err := os.Chdir(origDir) - assert.NoError(t, err) - }() - // Remove the directory .jfrog/evidence evidenceDir := filepath.Join(".jfrog", "evidence") err = os.RemoveAll(evidenceDir) assert.NoError(t, err) - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", + sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) - assert.Empty(t, output) - evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + evidenceResponse, err = FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) t.Logf("Evidence response: %s", evidenceResponse) } From 2f3896cf0251d537176cd399794260eb1bc5d721 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 13:17:26 +0530 Subject: [PATCH 076/116] Removed zero config test --- sonarintegration_test.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ed3bdc939..a8815e680 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -139,15 +139,6 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) t.Logf("Evidence response: %s", evidenceResponse) - evidenceDir := filepath.Join(".jfrog", "evidence") - err = os.RemoveAll(evidenceDir) - assert.NoError(t, err) - sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", - "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", - "--key-alias="+keyPairName, "--key="+privateKeyFilePath) - evidenceResponse, err = FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") - assert.NoError(t, err) - t.Logf("Evidence response: %s", evidenceResponse) } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, From bec32626d355e547ec4ff54467e6b3bd5163b80e Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 16:51:23 +0530 Subject: [PATCH 077/116] Updated key pair --- sonarintegration_test.go | 79 ++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 23 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index a8815e680..e4c1dff0e 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -2,11 +2,7 @@ package main import ( "bytes" - "crypto/rand" - "crypto/rsa" - "crypto/x509" "encoding/json" - "encoding/pem" "fmt" configUtils "github.com/jfrog/jfrog-cli-core/v2/utils/config" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" @@ -156,31 +152,68 @@ func KeyPairGenerationAndUpload(t *testing.T) string { } func generateRSAKeyPair() (string, string, error) { - privateKey, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - return "", "", err - } - privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) - privateKeyPEM := &pem.Block{ - Type: "RSA PRIVATE KEY", - Bytes: privateKeyBytes, - } - pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) - if err != nil { - return "", "", err - } - pubPem := &pem.Block{ - Type: "PUBLIC KEY", - Bytes: pubBytes, - } + //privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + //if err != nil { + // return "", "", err + //} + //privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) + //privateKeyPEM := &pem.Block{ + // Type: "RSA PRIVATE KEY", + // Bytes: privateKeyBytes, + //} + //pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) + //if err != nil { + // return "", "", err + //} + //pubPem := &pem.Block{ + // Type: "PUBLIC KEY", + // Bytes: pubBytes, + //} + privateKeyString := `-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFgJe3kRIYML2R +Kjjp70XbF+WVsUWdZLN6H3Hzm3FVhVcHcYpLKGxGhbTVN3yAtAA5CLqe4+BXOybM +ACV2NboEV0KhSXcx6MAShyMm/6Ze4POF07yMifewjOstsrxGg4FkL38n3MYQm7y3 +bipFDXg93uGb8zVWG0wcqa5v1u0dD56xoTGSRrEtdjogFtkYVysXcyg7zKzzfQeH +zFwm3jZAG6wDwIlut00vTO62gVopnll+FZnTDSeYZy4nXh4Qo6v1F/gMmV0fIHNh +ZENjf2Y/TYROr0u67qH3XmgZqsi9hTi+OL2H14iRuwm6erKTenH4XhnvsTIOokcg +EdoE9LDFAgMBAAECggEAVEkvNjNOjg1K8UccF9W5sakunOYU5/kgURdXWZe2U8F+ +ZRpS4wVCxAvuoum1k/V9fNmZTxK/3GpNgdT0J9EA7DZTJKLGIAIM6jtKyKtklGwa +8Ttt5WpBztIs0YlMKSmZECjm8puY2WClNoDowCRh8sGJ9bRiyDcJEdhmLauC8JnI +YmJC1c/vFp0FBw/jw5euEPKa559nIFN5Wbwxrl/6A6S7Lp7AuebLlHeLanu7X7e0 +BNhT6sLOhnHjTFomex/z7eg9g5O577OjuYrw1a+81y6CkXTu6a35tnqg9RWtM7JX +WCjo/f/iO/ZE1F/qmu3x97b6Ljuv3yAFNeKfVEQatwKBgQDoH53rrunSCF+dXQTG +MZ9bTcUCw1a8saugC2guJ+xSt8HA0I6PYvqUZWfYgmMm6J8Vu/h1kj7kGIuugX0W +IX9OPIB86mQa/djTfPWaWmnPYwxRQ8DPkzxkdm2qcldY4UwrPo3nsFvGyD6Xfzkp +d7JlDv0cNtcE+rdIHMSTk/blswKBgQDZ0VCOP2sNAZ5uHeS+ksnmxAD00Jt6VukX +Sw9bsBNFeGP2G3m086xhCPMm0PlmuPitRCdzQypJcAJwQTaOFbf4KLBYpEIo2YJb +QXaiQaQZXeWRxzUWysBmsqcSfzAod4BLwimkSGXbHYC9ryanJ7iliNFzyWSpj/sV +ld9y9p1DpwKBgCHL6KxWDUk9Wt6ImpdYxkD+875RPqG+pKRqxMJjoa7xfk5aj0cl +PCK7GQGXCmSx3efGNIi5wFppkHzZ8aJ1QhncCUEmx2h+qUExonjUzS8a1sJGQR53 +64UdER6OA1W3h+WL+BFRxisNIL/iECqPePPp2MRw36Gj92eSeLScCIitAoGAKzyK +YgIirM1CdpdGfbHDlCQaEH6MLkesMyx6Gvgjiymvpf2kNhAcipJtOapHp2VWL4aU +0iNl9HfgdAnt21xiTUc+YgoQ++zZHGYtN14SRdrGpB5H4oNSl9Akq95FX/MAq4ka +HPsmBM2hbYWkBZAz7d/vu60hZysmaw158mcTpocCgYEAkkLv5jtKEHOCJjrdyYl0 +5Bv3Z22NTUdKaFY8wZnqmVBlJVsDG2D6Ypw3NEAQPKY5PJ44XSsM+nPjbBloyLpJ +k4UTtgRSG5/ZgMcDjJIDZIuIivah/g0I+ZkLBmyh8mOdEL/skGvj4iWH0It0V2l5 +IAecx7gdLfPlyBAFZ5Jp9rc= +-----END PRIVATE KEY-----` + publicKeyString := `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYCXt5ESGDC9kSo46e9F +2xfllbFFnWSzeh9x85txVYVXB3GKSyhsRoW01Td8gLQAOQi6nuPgVzsmzAAldjW6 +BFdCoUl3MejAEocjJv+mXuDzhdO8jIn3sIzrLbK8RoOBZC9/J9zGEJu8t24qRQ14 +Pd7hm/M1VhtMHKmub9btHQ+esaExkkaxLXY6IBbZGFcrF3MoO8ys830Hh8xcJt42 +QBusA8CJbrdNL0zutoFaKZ5ZfhWZ0w0nmGcuJ14eEKOr9Rf4DJldHyBzYWRDY39m +P02ETq9Luu6h915oGarIvYU4vji9h9eIkbsJunqyk3px+F4Z77EyDqJHIBHaBPSw +xQIDAQAB +-----END PUBLIC KEY-----` tempDir := os.TempDir() privateKeyPath := filepath.Join(tempDir, "private.pem") pubPath := filepath.Join(tempDir, "public.pem") - err = os.WriteFile(privateKeyPath, pem.EncodeToMemory(privateKeyPEM), 0600) + err := os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) if err != nil { return "", "", err } - err = os.WriteFile(pubPath, pem.EncodeToMemory(pubPem), 0644) + err = os.WriteFile(pubPath, []byte(publicKeyString), 0644) if err != nil { return "", "", err } From 7a5650bc539561db810bc9ad905d196a6c54b974 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 18:15:57 +0530 Subject: [PATCH 078/116] Improved to add key pair only when it is not available --- sonarintegration_test.go | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index e4c1dff0e..bbc0133ea 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -144,9 +144,12 @@ func KeyPairGenerationAndUpload(t *testing.T) string { apiKey := os.Getenv("PLATFORM_API_KEY") assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) + //deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) + if FetchSigningKeyPairFromArtifactory(t, artifactoryURL, apiKey) { + return privateKeyFilePath + } UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyFilePath, publicKeyFilePath) return privateKeyFilePath } @@ -220,6 +223,39 @@ xQIDAQAB return privateKeyPath, pubPath, nil } +func FetchSigningKeyPairFromArtifactory(t *testing.T, artifactoryURL, apiKey string) bool { + url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) + t.Logf("Fetching key pair from Artifactory: %s", url) + req, err := http.NewRequest(http.MethodGet, url, nil) + assert.NoError(t, err) + if apiKey != "" { + req.Header.Set("Authorization", "Bearer "+apiKey) + } + client := &http.Client{} + resp, err := client.Do(req) + assert.NoError(t, err) + defer func(Body io.ReadCloser) { + err := Body.Close() + assert.NoError(t, err, "Failed to close response body") + }(resp.Body) + + if resp.StatusCode != http.StatusOK { + body, _ := io.ReadAll(resp.Body) + t.Fatalf("Failed to fetch key pair, status: %s, body: %s", resp.Status, string(body)) + } + bodyBytes, err := io.ReadAll(resp.Body) + assert.NoError(t, err, "failed to read response body") + var keyPair KeyPair + err = json.Unmarshal(bodyBytes, &keyPair) + assert.NoError(t, err) + assert.Equal(t, keyPairName, keyPair.PairName) + t.Logf("Successfully fetched and saved key pair: %s", keyPair.PairName) + if keyPairName == keyPair.PairName { + return true + } + return false +} + func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPairName string) { assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") From ed2a5300fe055ec255c98f2eb2893fddf4913a79 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 18:36:38 +0530 Subject: [PATCH 079/116] Trigger workflow From 1cc0b0018bbfbc9fdeb364dc8c2d84406d60f07f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 18:41:39 +0530 Subject: [PATCH 080/116] Trigger workflow 1 From ca98db647c93ba9a1227117a0c58ba062bd840b1 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 21:17:25 +0530 Subject: [PATCH 081/116] Trigger workflow 2 From bd95f105b8acbe0aa0b65dfae87f0036288c925f Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 21:32:38 +0530 Subject: [PATCH 082/116] Added zero config test case --- sonarintegration_test.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index bbc0133ea..38b65419e 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -137,6 +137,36 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { t.Logf("Evidence response: %s", evidenceResponse) } +func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { + initSonarCli() + initSonarIntegrationTest(t) + privateKeyFilePath := KeyPairGenerationAndUpload(t) + err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") + assert.NoError(t, err) + defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") + // Change to the directory containing the Maven project and execute cli command + origDir, err := os.Getwd() + assert.NoError(t, err) + newDir := "testdata/maven/mavenprojectwithsonar" + err = os.Chdir(newDir) + assert.NoError(t, err) + defer func() { + err := os.Chdir(origDir) + assert.NoError(t, err) + }() + // Remove evidence configuration so that the zero config will be used + evidenceDir := filepath.Join(".jfrog", "evidence") + err = os.RemoveAll(evidenceDir) + assert.NoError(t, err) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", + "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", + "--key-alias="+keyPairName, "--key="+privateKeyFilePath) + assert.Empty(t, output) + evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + assert.NoError(t, err) + t.Logf("Evidence response: %s", evidenceResponse) +} + // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, // generates a new RSA key pair, and uploads it to Artifactory. func KeyPairGenerationAndUpload(t *testing.T) string { From 180ee5784080f182b2c73bd91c23a87fe9a60ace Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 21:43:24 +0530 Subject: [PATCH 083/116] Updated to check artifact path --- sonarintegration_test.go | 45 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 38b65419e..8d1b7b663 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -16,6 +16,7 @@ import ( "path/filepath" "strings" "testing" + "time" ) var ( @@ -31,6 +32,34 @@ type KeyPair struct { PublicKey string `json:"publicKey"` } +type EvidenceResponse struct { + Data Data `json:"data"` +} +type Node struct { + Name string `json:"name"` + Path string `json:"path"` + RepositoryKey string `json:"repositoryKey"` + DownloadPath string `json:"downloadPath"` + Sha256 string `json:"sha256"` + PredicateType string `json:"predicateType"` + CreatedAt time.Time `json:"createdAt"` + CreatedBy string `json:"createdBy"` + Verified bool `json:"verified"` + PredicateSlug string `json:"predicateSlug"` +} +type Edges struct { + Node Node `json:"node"` +} +type SearchEvidence struct { + Edges []Edges `json:"edges"` +} +type Evidence struct { + SearchEvidence SearchEvidence `json:"searchEvidence"` +} +type Data struct { + Evidence Evidence `json:"evidence"` +} + const ( KeyPairAlias = "evidence-local" keyPairName = "test-signing-key" @@ -132,8 +161,14 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) assert.Empty(t, output) - evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) + // Unmarshal the response into EvidenceResponse struct + var evidenceResponse EvidenceResponse + err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) + assert.NoError(t, err) + assert.Equal(t, 1, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) + assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[0].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") t.Logf("Evidence response: %s", evidenceResponse) } @@ -162,8 +197,14 @@ func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) assert.Empty(t, output) - evidenceResponse, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + assert.NoError(t, err) + // Unmarshal the response into EvidenceResponse struct + var evidenceResponse EvidenceResponse + err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) assert.NoError(t, err) + assert.Equal(t, 2, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) + assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") t.Logf("Evidence response: %s", evidenceResponse) } From b31ac33ba24618f789327ea627baafedcf408335 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 21:49:01 +0530 Subject: [PATCH 084/116] Fixed compilation errors --- sonarintegration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 8d1b7b663..9c6402ddc 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -169,7 +169,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 1, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[0].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") - t.Logf("Evidence response: %s", evidenceResponse) + t.Logf("Evidence response: %v", evidenceResponse) } func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { @@ -205,7 +205,7 @@ func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 2, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") - t.Logf("Evidence response: %s", evidenceResponse) + t.Logf("Evidence response: %v", evidenceResponse) } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, From 100dce63a516e4d34898d9a39e70bcddf9a69023 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 22:25:46 +0530 Subject: [PATCH 085/116] Added case for build publish --- sonarintegration_test.go | 60 ++++++++++++++++++- .../maven/mavenprojectwithsonar/evidence.yaml | 11 ++++ 2 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 testdata/maven/mavenprojectwithsonar/evidence.yaml diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 9c6402ddc..98d941b13 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -169,7 +169,6 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 1, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[0].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") - t.Logf("Evidence response: %v", evidenceResponse) } func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { @@ -205,7 +204,64 @@ func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 2, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") - t.Logf("Evidence response: %v", evidenceResponse) +} + +func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { + initSonarCli() + initSonarIntegrationTest(t) + //privateKeyFilePath := KeyPairGenerationAndUpload(t) + err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") + assert.NoError(t, err) + defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") + // Change to the directory containing the Maven project and execute cli command + origDir, err := os.Getwd() + assert.NoError(t, err) + newDir := "testdata/maven/mavenprojectwithsonar" + err = os.Chdir(newDir) + assert.NoError(t, err) + defer func() { + err := os.Chdir(origDir) + assert.NoError(t, err) + }() + copyEvidenceYaml(t) + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") + assert.Empty(t, output) + evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + assert.NoError(t, err) + var evidenceResponse EvidenceResponse + err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) + assert.NoError(t, err) + //assert.Equal(t, 2, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) + //assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") + t.Logf("Evidence created successfully with build info: %s", evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path) +} + +func copyEvidenceYaml(t *testing.T) { + src := "evidence.yaml" + dstDir := filepath.Join(".jfrog", "evidence") + dst := filepath.Join(dstDir, "evidence.yaml") + + err := os.MkdirAll(dstDir, 0755) + if err != nil { + t.Fatalf("Failed to create directory %s: %v", dstDir, err) + } + + srcFile, err := os.Open(src) + if err != nil { + t.Fatalf("Failed to open source file: %v", err) + } + defer srcFile.Close() + + dstFile, err := os.Create(dst) + if err != nil { + t.Fatalf("Failed to create destination file: %v", err) + } + defer dstFile.Close() + + _, err = io.Copy(dstFile, srcFile) + if err != nil { + t.Fatalf("Failed to copy file: %v", err) + } } // KeyPairGenerationAndUpload Deletes the existing signing key from Artifactory, diff --git a/testdata/maven/mavenprojectwithsonar/evidence.yaml b/testdata/maven/mavenprojectwithsonar/evidence.yaml new file mode 100644 index 000000000..86e36a516 --- /dev/null +++ b/testdata/maven/mavenprojectwithsonar/evidence.yaml @@ -0,0 +1,11 @@ +sonar: + url: http://localhost:9000 + reportTaskFile: target/sonar/report-task.txt + maxRetries: 3 + retryIntervalInSecs: 10 + proxy: "" +buildPublish: + enabled: true + evidenceProvider: sonar + keyAlias: test-signing-key + keyPath: /tmp/private.pem From 73313cba9518069651490d909d72e634f2743b0a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 22:44:48 +0530 Subject: [PATCH 086/116] Evidence with build publish fix --- sonarintegration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 98d941b13..a948cecc4 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -223,6 +223,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { err := os.Chdir(origDir) assert.NoError(t, err) }() + evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" copyEvidenceYaml(t) output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") assert.Empty(t, output) From c31139455d1e1a25b34c1eb6810bc5bfc53cb64b Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 18 Jun 2025 22:53:44 +0530 Subject: [PATCH 087/116] Run bp with rt --- .github/workflows/sonarIntegrationTests.yml | 1 + sonarintegration_test.go | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index 0b6bb39d6..fc2647beb 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -77,6 +77,7 @@ jobs: run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }} - name: Clean up + if: always() run: | echo "Cleaning up generated artifacts and maven packages..." jf rt del "dev-maven-local/com/example/demo-sonar/1.0*" --recursive --fail-no-op diff --git a/sonarintegration_test.go b/sonarintegration_test.go index a948cecc4..926f3912a 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -225,8 +225,8 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { }() evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" copyEvidenceYaml(t) - output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") - assert.Empty(t, output) + //output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") + runRt(t, "bp", "test-sonar-jf-cli-integration", "1", "--detailed-summary=true") evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) var evidenceResponse EvidenceResponse From 540421771deaa0951b39f189c23faeaa8c7d61e6 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 09:43:01 +0530 Subject: [PATCH 088/116] Updated cli init for build publish test --- sonarintegration_test.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 926f3912a..500c28616 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -69,7 +69,14 @@ func initSonarCli() { if sonarIntegrationCLI != nil { return } - sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence()) + sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(false)) +} + +func initSonarCliForBuildPublish() { + if sonarIntegrationCLI != nil { + return + } + sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(true)) } func initSonarIntegrationTest(t *testing.T) { @@ -82,11 +89,14 @@ func initSonarIntegrationTest(t *testing.T) { } } -func authenticateEvidence() string { +func authenticateEvidence(isBuildPublish bool) string { *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) evidenceDetails = &configUtils.ServerDetails{ Url: *tests.JfrogUrl} cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) + if isBuildPublish { + cred = fmt.Sprintf("--url=%s%s", *tests.JfrogUrl, "artifactory") + } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred += fmt.Sprintf(" --access-token=%s", evidenceDetails.AccessToken) @@ -207,7 +217,7 @@ func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { } func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { - initSonarCli() + initSonarCliForBuildPublish() initSonarIntegrationTest(t) //privateKeyFilePath := KeyPairGenerationAndUpload(t) err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") @@ -224,9 +234,9 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { assert.NoError(t, err) }() evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" + defer func() { evidenceDetails.Url = *tests.JfrogUrl }() copyEvidenceYaml(t) - //output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") - runRt(t, "bp", "test-sonar-jf-cli-integration", "1", "--detailed-summary=true") + sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) var evidenceResponse EvidenceResponse From 4002a7d66a5405c0135c9a2faf34797ea0a2daea Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 09:59:02 +0530 Subject: [PATCH 089/116] Updated cli to to rt cli for bp tests --- sonarintegration_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 500c28616..f6aa2e066 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -21,6 +21,7 @@ import ( var ( sonarIntegrationCLI *coreTests.JfrogCli + rtCLI *coreTests.JfrogCli evidenceDetails *configUtils.ServerDetails ) @@ -73,10 +74,10 @@ func initSonarCli() { } func initSonarCliForBuildPublish() { - if sonarIntegrationCLI != nil { + if rtCLI != nil { return } - sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(true)) + rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(true)) } func initSonarIntegrationTest(t *testing.T) { @@ -236,7 +237,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" defer func() { evidenceDetails.Url = *tests.JfrogUrl }() copyEvidenceYaml(t) - sonarIntegrationCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") + rtCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) var evidenceResponse EvidenceResponse From b9b43155f1d3801eba75f8d8f9aa26a96a03853b Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 14:05:28 +0530 Subject: [PATCH 090/116] Added url for evidence --- sonarintegration_test.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index f6aa2e066..02c2c54b4 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -93,10 +93,13 @@ func initSonarIntegrationTest(t *testing.T) { func authenticateEvidence(isBuildPublish bool) string { *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) evidenceDetails = &configUtils.ServerDetails{ - Url: *tests.JfrogUrl} + Url: *tests.JfrogUrl, + } cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) if isBuildPublish { - cred = fmt.Sprintf("--url=%s%s", *tests.JfrogUrl, "artifactory") + //cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) + evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" + evidenceDetails.Url = *tests.JfrogUrl } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -235,6 +238,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { assert.NoError(t, err) }() evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" + evidenceDetails.Url = *tests.JfrogUrl defer func() { evidenceDetails.Url = *tests.JfrogUrl }() copyEvidenceYaml(t) rtCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") From 63eb13c074a59c5ca5e8c47c83468112c7a15381 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 14:57:01 +0530 Subject: [PATCH 091/116] Removed url flag for build publish --- sonarintegration_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 02c2c54b4..ffd25bd46 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -95,11 +95,13 @@ func authenticateEvidence(isBuildPublish bool) string { evidenceDetails = &configUtils.ServerDetails{ Url: *tests.JfrogUrl, } - cred := fmt.Sprintf("--url=%s", *tests.JfrogUrl) + var cred string if isBuildPublish { //cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl + } else { + cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -239,7 +241,6 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { }() evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl - defer func() { evidenceDetails.Url = *tests.JfrogUrl }() copyEvidenceYaml(t) rtCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") From 9fa0858de35a0843f49a94e0797a472bd47be8e6 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 21:47:01 +0530 Subject: [PATCH 092/116] Updated sonar integration flags --- sonarintegration_test.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ffd25bd46..7c1ed6d7c 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -77,7 +77,8 @@ func initSonarCliForBuildPublish() { if rtCLI != nil { return } - rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(true)) + flags := authenticateEvidence(true) + rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", flags) } func initSonarIntegrationTest(t *testing.T) { @@ -105,11 +106,15 @@ func authenticateEvidence(isBuildPublish bool) string { } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken - cred += fmt.Sprintf(" --access-token=%s", evidenceDetails.AccessToken) + cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) } else { evidenceDetails.User = *tests.JfrogUser evidenceDetails.Password = *tests.JfrogPassword - cred += fmt.Sprintf(" --user=%s --password=%s", evidenceDetails.User, evidenceDetails.Password) + if cred != "" { + cred = fmt.Sprintf("%s --user=%s --password=%s", cred, evidenceDetails.User, evidenceDetails.Password) + } else { + cred = fmt.Sprintf("--user=%s --password=%s", evidenceDetails.User, evidenceDetails.Password) + } } return cred } @@ -225,11 +230,9 @@ func TestSonarIntegrationAsEvidenceWithZeroConfig(t *testing.T) { func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { initSonarCliForBuildPublish() initSonarIntegrationTest(t) - //privateKeyFilePath := KeyPairGenerationAndUpload(t) err := os.Setenv("JFROG_CLI_LOG_LEVEL", "DEBUG") assert.NoError(t, err) defer os.Unsetenv("JFROG_CLI_LOG_LEVEL") - // Change to the directory containing the Maven project and execute cli command origDir, err := os.Getwd() assert.NoError(t, err) newDir := "testdata/maven/mavenprojectwithsonar" From bb8ce7adf159aaf96c3175fe4416fa19bcbac160 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 22:11:37 +0530 Subject: [PATCH 093/116] Added trim space arounf flags --- sonarintegration_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 7c1ed6d7c..afb8e8175 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -78,7 +78,7 @@ func initSonarCliForBuildPublish() { return } flags := authenticateEvidence(true) - rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", flags) + rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", strings.TrimSpace(flags)) } func initSonarIntegrationTest(t *testing.T) { @@ -251,8 +251,6 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { var evidenceResponse EvidenceResponse err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) assert.NoError(t, err) - //assert.Equal(t, 2, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) - //assert.Equal(t, evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path, "com/example/demo-sonar/1.0/demo-sonar-1.0.pom") t.Logf("Evidence created successfully with build info: %s", evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path) } From a500cb8f17d11b80f3ec7c058f4b34e9d23fe3de Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Thu, 19 Jun 2025 22:34:40 +0530 Subject: [PATCH 094/116] Added rt url --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index afb8e8175..bd6ad6869 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -98,7 +98,7 @@ func authenticateEvidence(isBuildPublish bool) string { } var cred string if isBuildPublish { - //cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) + cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl+"artifactory") evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl } else { From 5c56030b54ecbcf37d5c9b2782f445ee6de17571 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 00:42:43 +0530 Subject: [PATCH 095/116] Added jf config before running bp command --- sonarintegration_test.go | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index bd6ad6869..00a4e4583 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -98,7 +98,6 @@ func authenticateEvidence(isBuildPublish bool) string { } var cred string if isBuildPublish { - cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl+"artifactory") evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl } else { @@ -178,6 +177,7 @@ func TestSonarIntegrationAsEvidence(t *testing.T) { err := os.Chdir(origDir) assert.NoError(t, err) }() + output := sonarIntegrationCLI.RunCliCmdWithOutput(t, "evd", "create", "--predicate-type=sonar", "--package-name=demo-sonar", "--package-version=1.0", "--package-repo-name=dev-maven-local", "--key-alias="+keyPairName, "--key="+privateKeyFilePath) @@ -245,7 +245,14 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl copyEvidenceYaml(t) - rtCLI.RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1") + CreateJfrogConfigWithUserPass(t, sonarIntegrationCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl, *tests.JfrogUser, *tests.JfrogPassword) + rtCLI.RunCliCmdWithOutput(t, + "rt", + "bp", + "test-sonar-jf-cli-integration", + "1", + fmt.Sprintf("--url=%s", *tests.JfrogUrl+"artifactory"), + ) evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) var evidenceResponse EvidenceResponse @@ -254,6 +261,18 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { t.Logf("Evidence created successfully with build info: %s", evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path) } +func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, artifactoryUrl, user, password string) string { + cmd := []string{ + "c", "add", "evidence-config", + "--url=" + url, + "--artifactory-url=" + artifactoryUrl, + "--user=" + user, + "--password=" + password, + "--interactive=false", + } + return cli.RunCliCmdWithOutput(t, cmd...) +} + func copyEvidenceYaml(t *testing.T) { src := "evidence.yaml" dstDir := filepath.Join(".jfrog", "evidence") From e401ad62e35f3735dd897e2e08d508a1a5b4a09a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 00:51:16 +0530 Subject: [PATCH 096/116] Removed user and password from server configuration --- sonarintegration_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 00a4e4583..1042b7f26 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -266,8 +266,6 @@ func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, a "c", "add", "evidence-config", "--url=" + url, "--artifactory-url=" + artifactoryUrl, - "--user=" + user, - "--password=" + password, "--interactive=false", } return cli.RunCliCmdWithOutput(t, cmd...) From fc3ca345ccf15279f5b5f689696e9bab809748f8 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:05:57 +0530 Subject: [PATCH 097/116] Added logs dependency --- go.mod | 2 +- go.sum | 4 ++-- sonarintegration_test.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 08a8b2aa5..12e6c2616 100644 --- a/go.mod +++ b/go.mod @@ -193,6 +193,6 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645 +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index d49193520..467f90c50 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645 h1:2TmHsZ26G/kVmcOffHcEj2aKpaQgvfKGToJ8uZ0xSdE= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250608172733-cd7bbd728645/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f h1:u45tgidRfRI5OeNVDW4F79PyvZv2USvIAW+OWgL34JI= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 1042b7f26..ccb8377ca 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -105,7 +105,7 @@ func authenticateEvidence(isBuildPublish bool) string { } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken - cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) + cred = fmt.Sprintf("%s --access-token=%s ", cred, evidenceDetails.AccessToken) } else { evidenceDetails.User = *tests.JfrogUser evidenceDetails.Password = *tests.JfrogPassword From d7f54a357abaeb409dc8ef4f94c9052b6a9f21aa Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:09:39 +0530 Subject: [PATCH 098/116] Fixed command exec --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ccb8377ca..1042b7f26 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -105,7 +105,7 @@ func authenticateEvidence(isBuildPublish bool) string { } if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken - cred = fmt.Sprintf("%s --access-token=%s ", cred, evidenceDetails.AccessToken) + cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) } else { evidenceDetails.User = *tests.JfrogUser evidenceDetails.Password = *tests.JfrogPassword From 6db266a6cb1fe2cd8a543888ad85aa4666a2bd61 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:29:17 +0530 Subject: [PATCH 099/116] Fixed windows not resizing --- sonarintegration_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 1042b7f26..97e53188a 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -251,7 +251,6 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { "bp", "test-sonar-jf-cli-integration", "1", - fmt.Sprintf("--url=%s", *tests.JfrogUrl+"artifactory"), ) evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) From 45b2f305c3a27d92b570ef3e35a0a4701896e486 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:34:43 +0530 Subject: [PATCH 100/116] Added url in server config --- sonarintegration_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 97e53188a..a1bb7cca6 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -100,9 +100,8 @@ func authenticateEvidence(isBuildPublish bool) string { if isBuildPublish { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl - } else { - cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) } + cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) From ecbc28d388c7252c5bf11b30688109e40d5ba6be Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:40:52 +0530 Subject: [PATCH 101/116] Added artifactory url for server details --- sonarintegration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index a1bb7cca6..6337714d4 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -102,6 +102,7 @@ func authenticateEvidence(isBuildPublish bool) string { evidenceDetails.Url = *tests.JfrogUrl } cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) + cred = fmt.Sprintf("----artifactory-url=%s", *tests.JfrogUrl+"artifactory") if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) From e77253d1bdd493bc7a38310311007813e3bd5240 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:43:51 +0530 Subject: [PATCH 102/116] Fixed artifactory url --- sonarintegration_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 6337714d4..61a15999b 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -101,8 +101,7 @@ func authenticateEvidence(isBuildPublish bool) string { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl } - cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) - cred = fmt.Sprintf("----artifactory-url=%s", *tests.JfrogUrl+"artifactory") + cred = fmt.Sprintf("--url=%s ----artifactory-url=%s", *tests.JfrogUrl, *tests.JfrogUrl+"artifactory") if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) From e77ed8976f15740f6c54a6710844bad3f2275c34 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 01:47:37 +0530 Subject: [PATCH 103/116] Fixed artifactory url --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 61a15999b..3fe572bb1 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -101,7 +101,7 @@ func authenticateEvidence(isBuildPublish bool) string { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl } - cred = fmt.Sprintf("--url=%s ----artifactory-url=%s", *tests.JfrogUrl, *tests.JfrogUrl+"artifactory") + cred = fmt.Sprintf("--url=%s --artifactory-url=%s", *tests.JfrogUrl, *tests.JfrogUrl+"artifactory") if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) From 8c519b42ac7c29e64576b80537eb842aa742e9af Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 11:26:39 +0530 Subject: [PATCH 104/116] Updated to use evidence config --- sonarintegration_test.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 3fe572bb1..71d3dda59 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -101,7 +101,7 @@ func authenticateEvidence(isBuildPublish bool) string { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" evidenceDetails.Url = *tests.JfrogUrl } - cred = fmt.Sprintf("--url=%s --artifactory-url=%s", *tests.JfrogUrl, *tests.JfrogUrl+"artifactory") + cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) @@ -266,7 +266,11 @@ func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, a "--artifactory-url=" + artifactoryUrl, "--interactive=false", } - return cli.RunCliCmdWithOutput(t, cmd...) + cli.RunCliCmdWithOutput(t, cmd...) + configUseCmd := []string{ + "c", "use", "evidence-config", + } + return cli.RunCliCmdWithOutput(t, configUseCmd...) } func copyEvidenceYaml(t *testing.T) { From 2ad174c21df76bcb66af1f23cb583067d20b7140 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Mon, 23 Jun 2025 14:13:52 +0530 Subject: [PATCH 105/116] Fixed command failure --- sonarintegration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 71d3dda59..5445cd080 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -244,7 +244,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl copyEvidenceYaml(t) - CreateJfrogConfigWithUserPass(t, sonarIntegrationCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl, *tests.JfrogUser, *tests.JfrogPassword) + CreateJfrogConfigWithUserPass(t, rtCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl, *tests.JfrogUser, *tests.JfrogPassword) rtCLI.RunCliCmdWithOutput(t, "rt", "bp", From 36be1efdf12f655c071f7d2c40480fb82d0e86a4 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 16:29:50 +0530 Subject: [PATCH 106/116] Updated to run sonar integration with bp --- sonarintegration_test.go | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 5445cd080..299093612 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -22,6 +22,7 @@ import ( var ( sonarIntegrationCLI *coreTests.JfrogCli rtCLI *coreTests.JfrogCli + configCLI *coreTests.JfrogCli evidenceDetails *configUtils.ServerDetails ) @@ -79,6 +80,7 @@ func initSonarCliForBuildPublish() { } flags := authenticateEvidence(true) rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", strings.TrimSpace(flags)) + configCLI = coreTests.NewJfrogCli(execMain, "jfrog", "") } func initSonarIntegrationTest(t *testing.T) { @@ -97,10 +99,10 @@ func authenticateEvidence(isBuildPublish bool) string { Url: *tests.JfrogUrl, } var cred string - if isBuildPublish { - evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" - evidenceDetails.Url = *tests.JfrogUrl - } + //if isBuildPublish { + // evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" + // evidenceDetails.Url = *tests.JfrogUrl + //} cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -244,8 +246,9 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl copyEvidenceYaml(t) - CreateJfrogConfigWithUserPass(t, rtCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl, *tests.JfrogUser, *tests.JfrogPassword) - rtCLI.RunCliCmdWithOutput(t, + output := CreateJfrogConfigWithUserPass(t, configCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl) + t.Logf(output) + rtCLI.WithoutCredentials().RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", @@ -259,9 +262,11 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { t.Logf("Evidence created successfully with build info: %s", evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path) } -func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, artifactoryUrl, user, password string) string { +func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, artifactoryUrl string) string { cmd := []string{ - "c", "add", "evidence-config", + "c", + "add", + "evidence-config", "--url=" + url, "--artifactory-url=" + artifactoryUrl, "--interactive=false", From 74f20b415cc43dfdbbe84c9772dc42c4cf0f794c Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 18:49:23 +0530 Subject: [PATCH 107/116] Updated to use signing keys for tests --- go.mod | 2 +- go.sum | 4 +-- sonarintegration_test.go | 33 +++++++------------ .../maven/mavenprojectwithsonar/evidence.yaml | 2 +- 4 files changed, 16 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 12e6c2616..7d088020e 100644 --- a/go.mod +++ b/go.mod @@ -193,6 +193,6 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 467f90c50..d64f09ae9 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f h1:u45tgidRfRI5OeNVDW4F79PyvZv2USvIAW+OWgL34JI= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b h1:Dahd4tA8Lq7xgzVRtTRUshFvBNjOuOSPBYCXg12SvgE= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 299093612..b4c5108f9 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -24,6 +24,7 @@ var ( rtCLI *coreTests.JfrogCli configCLI *coreTests.JfrogCli evidenceDetails *configUtils.ServerDetails + privateKeyPath = "" ) type KeyPair struct { @@ -253,6 +254,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { "bp", "test-sonar-jf-cli-integration", "1", + "--server-id=evidence-config", ) evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) @@ -270,6 +272,8 @@ func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, a "--url=" + url, "--artifactory-url=" + artifactoryUrl, "--interactive=false", + "--user=" + evidenceDetails.User, + "--password=" + evidenceDetails.Password, } cli.RunCliCmdWithOutput(t, cmd...) configUseCmd := []string{ @@ -324,23 +328,6 @@ func KeyPairGenerationAndUpload(t *testing.T) string { } func generateRSAKeyPair() (string, string, error) { - //privateKey, err := rsa.GenerateKey(rand.Reader, 2048) - //if err != nil { - // return "", "", err - //} - //privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) - //privateKeyPEM := &pem.Block{ - // Type: "RSA PRIVATE KEY", - // Bytes: privateKeyBytes, - //} - //pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) - //if err != nil { - // return "", "", err - //} - //pubPem := &pem.Block{ - // Type: "PUBLIC KEY", - // Bytes: pubBytes, - //} privateKeyString := `-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFgJe3kRIYML2R Kjjp70XbF+WVsUWdZLN6H3Hzm3FVhVcHcYpLKGxGhbTVN3yAtAA5CLqe4+BXOybM @@ -378,10 +365,14 @@ QBusA8CJbrdNL0zutoFaKZ5ZfhWZ0w0nmGcuJ14eEKOr9Rf4DJldHyBzYWRDY39m P02ETq9Luu6h915oGarIvYU4vji9h9eIkbsJunqyk3px+F4Z77EyDqJHIBHaBPSw xQIDAQAB -----END PUBLIC KEY-----` - tempDir := os.TempDir() - privateKeyPath := filepath.Join(tempDir, "private.pem") - pubPath := filepath.Join(tempDir, "public.pem") - err := os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) + keysPath := filepath.Join("testdata", "maven", "mavenprojectwithsonar", "keys") + err := os.MkdirAll(keysPath, 0755) + if err != nil { + return "", "", err + } + privateKeyPath = filepath.Join(keysPath, "private.pem") + pubPath := filepath.Join(keysPath, "public.pem") + err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) if err != nil { return "", "", err } diff --git a/testdata/maven/mavenprojectwithsonar/evidence.yaml b/testdata/maven/mavenprojectwithsonar/evidence.yaml index 86e36a516..df038b287 100644 --- a/testdata/maven/mavenprojectwithsonar/evidence.yaml +++ b/testdata/maven/mavenprojectwithsonar/evidence.yaml @@ -8,4 +8,4 @@ buildPublish: enabled: true evidenceProvider: sonar keyAlias: test-signing-key - keyPath: /tmp/private.pem + keyPath: testdata/maven/mavenprojectwithsonar/keys/private.pem From 1807e9d8de8eb8d5de90c2e07177636c5be4cc95 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 19:15:49 +0530 Subject: [PATCH 108/116] Updated to use home path for private keys --- go.mod | 2 +- go.sum | 4 ++-- sonarintegration_test.go | 22 ++++++++++++++----- .../maven/mavenprojectwithsonar/evidence.yaml | 2 +- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 7d088020e..75dbb6119 100644 --- a/go.mod +++ b/go.mod @@ -193,6 +193,6 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index d64f09ae9..0ac61ff35 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b h1:Dahd4tA8Lq7xgzVRtTRUshFvBNjOuOSPBYCXg12SvgE= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624111623-7c7cfbad654b/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d h1:wguwUgYLQ6OLnny+cocbtqxaVvGnNzCRYBb7VNIU0/I= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= diff --git a/sonarintegration_test.go b/sonarintegration_test.go index b4c5108f9..0db199b29 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -8,6 +8,7 @@ import ( coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" clientUtils "github.com/jfrog/jfrog-client-go/utils" + "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/stretchr/testify/assert" "io" @@ -370,12 +371,13 @@ xQIDAQAB if err != nil { return "", "", err } - privateKeyPath = filepath.Join(keysPath, "private.pem") + _, privateKeyPath := createFileInHomeDirAndWrite([]byte(privateKeyString), "private.pem") + //privateKeyPath = filepath.Join(keysPath, "private.pem") pubPath := filepath.Join(keysPath, "public.pem") - err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) - if err != nil { - return "", "", err - } + //err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) + //if err != nil { + // return "", "", err + //} err = os.WriteFile(pubPath, []byte(publicKeyString), 0644) if err != nil { return "", "", err @@ -383,6 +385,16 @@ xQIDAQAB return privateKeyPath, pubPath, nil } +func createFileInHomeDirAndWrite(data []byte, fileName string) (testFileRelPath string, testFileAbsPath string) { + testFileRelPath = filepath.Join("~", fileName) + testFileAbsPath = filepath.Join(fileutils.GetHomeDir(), fileName) + err := os.WriteFile(testFileAbsPath, data, 0644) + if err != nil { + return + } + return +} + func FetchSigningKeyPairFromArtifactory(t *testing.T, artifactoryURL, apiKey string) bool { url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) t.Logf("Fetching key pair from Artifactory: %s", url) diff --git a/testdata/maven/mavenprojectwithsonar/evidence.yaml b/testdata/maven/mavenprojectwithsonar/evidence.yaml index df038b287..dea51d147 100644 --- a/testdata/maven/mavenprojectwithsonar/evidence.yaml +++ b/testdata/maven/mavenprojectwithsonar/evidence.yaml @@ -8,4 +8,4 @@ buildPublish: enabled: true evidenceProvider: sonar keyAlias: test-signing-key - keyPath: testdata/maven/mavenprojectwithsonar/keys/private.pem + keyPath: $HOME/private.pem From beea844f13d0b28e94f624c6b6a569883560b0f2 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 19:28:11 +0530 Subject: [PATCH 109/116] Updated tests to copy keys to home dir --- sonarintegration_test.go | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 0db199b29..ab258036f 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -321,13 +321,39 @@ func KeyPairGenerationAndUpload(t *testing.T) string { //deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) + copyFilesToHomeDir(t, privateKeyFilePath, publicKeyFilePath) if FetchSigningKeyPairFromArtifactory(t, artifactoryURL, apiKey) { return privateKeyFilePath } + + assert.NoError(t, err) UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyFilePath, publicKeyFilePath) return privateKeyFilePath } +func copyFilesToHomeDir(t *testing.T, files ...string) { + homeDir, err := os.UserHomeDir() + if err != nil { + t.Fatalf("Failed to get home directory: %v", err) + } + for _, src := range files { + dst := filepath.Join(homeDir, filepath.Base(src)) + srcFile, err := os.Open(src) + if err != nil { + t.Fatalf("Failed to open source file %s: %v", src, err) + } + defer srcFile.Close() + dstFile, err := os.Create(dst) + if err != nil { + t.Fatalf("Failed to create destination file %s: %v", dst, err) + } + defer dstFile.Close() + if _, err := io.Copy(dstFile, srcFile); err != nil { + t.Fatalf("Failed to copy %s to %s: %v", src, dst, err) + } + } +} + func generateRSAKeyPair() (string, string, error) { privateKeyString := `-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFgJe3kRIYML2R @@ -371,13 +397,12 @@ xQIDAQAB if err != nil { return "", "", err } - _, privateKeyPath := createFileInHomeDirAndWrite([]byte(privateKeyString), "private.pem") - //privateKeyPath = filepath.Join(keysPath, "private.pem") + privateKeyPath = filepath.Join(keysPath, "private.pem") pubPath := filepath.Join(keysPath, "public.pem") - //err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) - //if err != nil { - // return "", "", err - //} + err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) + if err != nil { + return "", "", err + } err = os.WriteFile(pubPath, []byte(publicKeyString), 0644) if err != nil { return "", "", err From 034919b2dbd373afd812982a9ae33044c149a0c0 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 21:37:01 +0530 Subject: [PATCH 110/116] Moved back to old implementation --- go.mod | 2 +- go.sum | 4 +- sonarintegration_test.go | 70 ++++++------------- .../maven/mavenprojectwithsonar/evidence.yaml | 2 +- 4 files changed, 25 insertions(+), 53 deletions(-) diff --git a/go.mod b/go.mod index 75dbb6119..12e6c2616 100644 --- a/go.mod +++ b/go.mod @@ -193,6 +193,6 @@ replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 -replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d +replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 diff --git a/go.sum b/go.sum index 0ac61ff35..467f90c50 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d h1:wguwUgYLQ6OLnny+cocbtqxaVvGnNzCRYBb7VNIU0/I= -github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250624134000-44b2aec4278d/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f h1:u45tgidRfRI5OeNVDW4F79PyvZv2USvIAW+OWgL34JI= +github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI= github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ab258036f..299093612 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -8,7 +8,6 @@ import ( coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" clientUtils "github.com/jfrog/jfrog-client-go/utils" - "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/stretchr/testify/assert" "io" @@ -25,7 +24,6 @@ var ( rtCLI *coreTests.JfrogCli configCLI *coreTests.JfrogCli evidenceDetails *configUtils.ServerDetails - privateKeyPath = "" ) type KeyPair struct { @@ -255,7 +253,6 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { "bp", "test-sonar-jf-cli-integration", "1", - "--server-id=evidence-config", ) evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") assert.NoError(t, err) @@ -273,8 +270,6 @@ func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, a "--url=" + url, "--artifactory-url=" + artifactoryUrl, "--interactive=false", - "--user=" + evidenceDetails.User, - "--password=" + evidenceDetails.Password, } cli.RunCliCmdWithOutput(t, cmd...) configUseCmd := []string{ @@ -321,40 +316,31 @@ func KeyPairGenerationAndUpload(t *testing.T) string { //deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) - copyFilesToHomeDir(t, privateKeyFilePath, publicKeyFilePath) if FetchSigningKeyPairFromArtifactory(t, artifactoryURL, apiKey) { return privateKeyFilePath } - - assert.NoError(t, err) UploadSigningKeyPairToArtifactory(t, artifactoryURL, apiKey, privateKeyFilePath, publicKeyFilePath) return privateKeyFilePath } -func copyFilesToHomeDir(t *testing.T, files ...string) { - homeDir, err := os.UserHomeDir() - if err != nil { - t.Fatalf("Failed to get home directory: %v", err) - } - for _, src := range files { - dst := filepath.Join(homeDir, filepath.Base(src)) - srcFile, err := os.Open(src) - if err != nil { - t.Fatalf("Failed to open source file %s: %v", src, err) - } - defer srcFile.Close() - dstFile, err := os.Create(dst) - if err != nil { - t.Fatalf("Failed to create destination file %s: %v", dst, err) - } - defer dstFile.Close() - if _, err := io.Copy(dstFile, srcFile); err != nil { - t.Fatalf("Failed to copy %s to %s: %v", src, dst, err) - } - } -} - func generateRSAKeyPair() (string, string, error) { + //privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + //if err != nil { + // return "", "", err + //} + //privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) + //privateKeyPEM := &pem.Block{ + // Type: "RSA PRIVATE KEY", + // Bytes: privateKeyBytes, + //} + //pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) + //if err != nil { + // return "", "", err + //} + //pubPem := &pem.Block{ + // Type: "PUBLIC KEY", + // Bytes: pubBytes, + //} privateKeyString := `-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFgJe3kRIYML2R Kjjp70XbF+WVsUWdZLN6H3Hzm3FVhVcHcYpLKGxGhbTVN3yAtAA5CLqe4+BXOybM @@ -392,14 +378,10 @@ QBusA8CJbrdNL0zutoFaKZ5ZfhWZ0w0nmGcuJ14eEKOr9Rf4DJldHyBzYWRDY39m P02ETq9Luu6h915oGarIvYU4vji9h9eIkbsJunqyk3px+F4Z77EyDqJHIBHaBPSw xQIDAQAB -----END PUBLIC KEY-----` - keysPath := filepath.Join("testdata", "maven", "mavenprojectwithsonar", "keys") - err := os.MkdirAll(keysPath, 0755) - if err != nil { - return "", "", err - } - privateKeyPath = filepath.Join(keysPath, "private.pem") - pubPath := filepath.Join(keysPath, "public.pem") - err = os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) + tempDir := os.TempDir() + privateKeyPath := filepath.Join(tempDir, "private.pem") + pubPath := filepath.Join(tempDir, "public.pem") + err := os.WriteFile(privateKeyPath, []byte(privateKeyString), 0600) if err != nil { return "", "", err } @@ -410,16 +392,6 @@ xQIDAQAB return privateKeyPath, pubPath, nil } -func createFileInHomeDirAndWrite(data []byte, fileName string) (testFileRelPath string, testFileAbsPath string) { - testFileRelPath = filepath.Join("~", fileName) - testFileAbsPath = filepath.Join(fileutils.GetHomeDir(), fileName) - err := os.WriteFile(testFileAbsPath, data, 0644) - if err != nil { - return - } - return -} - func FetchSigningKeyPairFromArtifactory(t *testing.T, artifactoryURL, apiKey string) bool { url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) t.Logf("Fetching key pair from Artifactory: %s", url) diff --git a/testdata/maven/mavenprojectwithsonar/evidence.yaml b/testdata/maven/mavenprojectwithsonar/evidence.yaml index dea51d147..86e36a516 100644 --- a/testdata/maven/mavenprojectwithsonar/evidence.yaml +++ b/testdata/maven/mavenprojectwithsonar/evidence.yaml @@ -8,4 +8,4 @@ buildPublish: enabled: true evidenceProvider: sonar keyAlias: test-signing-key - keyPath: $HOME/private.pem + keyPath: /tmp/private.pem From ee9cb517ac8afe27d1f0bec432fb05eba5262d99 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 22:13:45 +0530 Subject: [PATCH 111/116] Updated with creds --- sonarintegration_test.go | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 299093612..0dd9499e5 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -99,10 +99,6 @@ func authenticateEvidence(isBuildPublish bool) string { Url: *tests.JfrogUrl, } var cred string - //if isBuildPublish { - // evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory" - // evidenceDetails.Url = *tests.JfrogUrl - //} cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) if *tests.JfrogAccessToken != "" { evidenceDetails.AccessToken = *tests.JfrogAccessToken @@ -269,6 +265,8 @@ func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, a "evidence-config", "--url=" + url, "--artifactory-url=" + artifactoryUrl, + "--user=" + *tests.JfrogUser, + "--password=" + *tests.JfrogPassword, "--interactive=false", } cli.RunCliCmdWithOutput(t, cmd...) @@ -313,7 +311,6 @@ func KeyPairGenerationAndUpload(t *testing.T) string { apiKey := os.Getenv("PLATFORM_API_KEY") assert.NotEmpty(t, artifactoryURL) assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - //deleteSigningKeyFromArtifactory(t, artifactoryURL, apiKey, keyPairName) privateKeyFilePath, publicKeyFilePath, err := generateRSAKeyPair() assert.NoError(t, err) if FetchSigningKeyPairFromArtifactory(t, artifactoryURL, apiKey) { @@ -324,23 +321,6 @@ func KeyPairGenerationAndUpload(t *testing.T) string { } func generateRSAKeyPair() (string, string, error) { - //privateKey, err := rsa.GenerateKey(rand.Reader, 2048) - //if err != nil { - // return "", "", err - //} - //privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) - //privateKeyPEM := &pem.Block{ - // Type: "RSA PRIVATE KEY", - // Bytes: privateKeyBytes, - //} - //pubBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey) - //if err != nil { - // return "", "", err - //} - //pubPem := &pem.Block{ - // Type: "PUBLIC KEY", - // Bytes: pubBytes, - //} privateKeyString := `-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFgJe3kRIYML2R Kjjp70XbF+WVsUWdZLN6H3Hzm3FVhVcHcYpLKGxGhbTVN3yAtAA5CLqe4+BXOybM From 67f77166d7fdec4c162bd9758c09223c5caf2a86 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 22:21:10 +0530 Subject: [PATCH 112/116] Removed new cli config --- sonarintegration_test.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 0dd9499e5..ac758aa05 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -87,7 +87,6 @@ func initSonarIntegrationTest(t *testing.T) { if !*tests.TestSonar { t.Skip("Skipping Access test. To run Access test add the '-test.sonarIntegration=true' option.") } - // check if JF_SONARQUBE_ACCESS_TOKEN env variable is empty then throw an error if os.Getenv("JF_SONARQUBE_ACCESS_TOKEN") == "" { t.Fatal("JF_SONARQUBE_ACCESS_TOKEN environment variable is not set. Please set it to run the SonarQube integration test.") } @@ -242,8 +241,8 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl copyEvidenceYaml(t) - output := CreateJfrogConfigWithUserPass(t, configCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl) - t.Logf(output) + //output := CreateJfrogConfigWithUserPass(t, configCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl) + //t.Logf(output) rtCLI.WithoutCredentials().RunCliCmdWithOutput(t, "rt", "bp", From 4bf8b91af7e8db598601629067363f9b6d75d5ea Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 23:07:12 +0530 Subject: [PATCH 113/116] Added fetch evidence for build info --- sonarintegration_test.go | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index ac758aa05..58ced5df0 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -8,7 +8,6 @@ import ( coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli/utils/tests" clientUtils "github.com/jfrog/jfrog-client-go/utils" - "github.com/jfrog/jfrog-client-go/utils/log" "github.com/stretchr/testify/assert" "io" "net/http" @@ -241,20 +240,19 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { evidenceDetails.ArtifactoryUrl = *tests.JfrogUrl + "artifactory/" evidenceDetails.Url = *tests.JfrogUrl copyEvidenceYaml(t) - //output := CreateJfrogConfigWithUserPass(t, configCLI, *tests.JfrogUrl, evidenceDetails.ArtifactoryUrl) - //t.Logf(output) rtCLI.WithoutCredentials().RunCliCmdWithOutput(t, "rt", "bp", "test-sonar-jf-cli-integration", "1", ) - evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "dev-maven-local", "demo-sonar", "1.0") + evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "artifactory-build-info", "demo-sonar", "1.0") assert.NoError(t, err) var evidenceResponse EvidenceResponse err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) assert.NoError(t, err) - t.Logf("Evidence created successfully with build info: %s", evidenceResponse.Data.Evidence.SearchEvidence.Edges[1].Node.Path) + t.Logf("Build Info Evidence %+v", evidenceResponse) + t.Logf("Evidence created successfully with build info: %d", len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) } func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, artifactoryUrl string) string { @@ -404,31 +402,6 @@ func FetchSigningKeyPairFromArtifactory(t *testing.T, artifactoryURL, apiKey str return false } -func deleteSigningKeyFromArtifactory(t *testing.T, artifactoryURL, apiKey, keyPairName string) { - assert.NotEmpty(t, artifactoryURL) - assert.NotEmpty(t, apiKey, "PLATFORM_API_KEY should not be empty") - url := fmt.Sprintf("%sartifactory/api/security/keypair/%s", artifactoryURL, keyPairName) - log.Debug(url) - req, err := http.NewRequest(http.MethodDelete, url, nil) - assert.NoError(t, err) - if apiKey != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - client := &http.Client{} - resp, err := client.Do(req) - assert.NoError(t, err) - defer func(Body io.ReadCloser) { - err := Body.Close() - if err != nil { - assert.NoError(t, err, "Failed to close response body") - } - }(resp.Body) - if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent { - body, _ := io.ReadAll(resp.Body) - t.Fatalf("Failed to delete private key, status: %s, body: %s", resp.Status, string(body)) - } -} - // UploadSigningKeyPairToArtifactory reads private and public key files and uploads them to Artifactory. func UploadSigningKeyPairToArtifactory(t *testing.T, artifactoryURL, apiKey, privateKeyPath, publicKeyPath string) { privateKeyBytes, err := os.ReadFile(privateKeyPath) From ccbf0d3b180b87f031c14c33ef0a3a28ac961b10 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 23:25:27 +0530 Subject: [PATCH 114/116] Updated to clean build info --- .github/workflows/sonarIntegrationTests.yml | 1 + sonarintegration_test.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarIntegrationTests.yml b/.github/workflows/sonarIntegrationTests.yml index fc2647beb..5ab4164e7 100644 --- a/.github/workflows/sonarIntegrationTests.yml +++ b/.github/workflows/sonarIntegrationTests.yml @@ -81,3 +81,4 @@ jobs: run: | echo "Cleaning up generated artifacts and maven packages..." jf rt del "dev-maven-local/com/example/demo-sonar/1.0*" --recursive --fail-no-op + jf rt bdi test-sonar-jf-cli-integration diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 58ced5df0..0e769ca8d 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -64,6 +64,7 @@ type Data struct { const ( KeyPairAlias = "evidence-local" keyPairName = "test-signing-key" + buildName = "test-sonar-jf-cli-integration" ) func initSonarCli() { @@ -243,7 +244,7 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { rtCLI.WithoutCredentials().RunCliCmdWithOutput(t, "rt", "bp", - "test-sonar-jf-cli-integration", + buildName, "1", ) evidenceResponseBytes, err := FetchEvidenceFromArtifactory(t, *tests.JfrogUrl, *tests.JfrogAccessToken, "artifactory-build-info", "demo-sonar", "1.0") From f0894aecd8271836b45e01dc496381f4fb87e295 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Tue, 24 Jun 2025 23:46:11 +0530 Subject: [PATCH 115/116] Updated with assert statements --- sonarintegration_test.go | 62 ++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 40 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index 0e769ca8d..e150e537d 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -71,14 +71,14 @@ func initSonarCli() { if sonarIntegrationCLI != nil { return } - sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence(false)) + sonarIntegrationCLI = coreTests.NewJfrogCli(execMain, "jfrog", authenticateEvidence()) } func initSonarCliForBuildPublish() { if rtCLI != nil { return } - flags := authenticateEvidence(true) + flags := authenticateEvidence() rtCLI = coreTests.NewJfrogCli(execMain, "jfrog", strings.TrimSpace(flags)) configCLI = coreTests.NewJfrogCli(execMain, "jfrog", "") } @@ -92,28 +92,6 @@ func initSonarIntegrationTest(t *testing.T) { } } -func authenticateEvidence(isBuildPublish bool) string { - *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) - evidenceDetails = &configUtils.ServerDetails{ - Url: *tests.JfrogUrl, - } - var cred string - cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) - if *tests.JfrogAccessToken != "" { - evidenceDetails.AccessToken = *tests.JfrogAccessToken - cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) - } else { - evidenceDetails.User = *tests.JfrogUser - evidenceDetails.Password = *tests.JfrogPassword - if cred != "" { - cred = fmt.Sprintf("%s --user=%s --password=%s", cred, evidenceDetails.User, evidenceDetails.Password) - } else { - cred = fmt.Sprintf("--user=%s --password=%s", evidenceDetails.User, evidenceDetails.Password) - } - } - return cred -} - func TestSonarPrerequisites(t *testing.T) { initSonarIntegrationTest(t) reportFilePath := "testdata/maven/mavenprojectwithsonar/target/sonar/report-task.txt" @@ -252,26 +230,30 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { var evidenceResponse EvidenceResponse err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) assert.NoError(t, err) - t.Logf("Build Info Evidence %+v", evidenceResponse) - t.Logf("Evidence created successfully with build info: %d", len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) + assert.Equal(t, 1, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) + assert.True(t, strings.HasPrefix(evidenceResponse.Data.Evidence.SearchEvidence.Edges[0].Node.Path, "test-sonar-jf-cli-integration/1")) } -func CreateJfrogConfigWithUserPass(t *testing.T, cli *coreTests.JfrogCli, url, artifactoryUrl string) string { - cmd := []string{ - "c", - "add", - "evidence-config", - "--url=" + url, - "--artifactory-url=" + artifactoryUrl, - "--user=" + *tests.JfrogUser, - "--password=" + *tests.JfrogPassword, - "--interactive=false", +func authenticateEvidence() string { + *tests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*tests.JfrogUrl) + evidenceDetails = &configUtils.ServerDetails{ + Url: *tests.JfrogUrl, } - cli.RunCliCmdWithOutput(t, cmd...) - configUseCmd := []string{ - "c", "use", "evidence-config", + var cred string + cred = fmt.Sprintf("--url=%s", *tests.JfrogUrl) + if *tests.JfrogAccessToken != "" { + evidenceDetails.AccessToken = *tests.JfrogAccessToken + cred = fmt.Sprintf("%s --access-token=%s", cred, evidenceDetails.AccessToken) + } else { + evidenceDetails.User = *tests.JfrogUser + evidenceDetails.Password = *tests.JfrogPassword + if cred != "" { + cred = fmt.Sprintf("%s --user=%s --password=%s", cred, evidenceDetails.User, evidenceDetails.Password) + } else { + cred = fmt.Sprintf("--user=%s --password=%s", evidenceDetails.User, evidenceDetails.Password) + } } - return cli.RunCliCmdWithOutput(t, configUseCmd...) + return cred } func copyEvidenceYaml(t *testing.T) { From d179755e64458b6cf9b1c95f6cead1a1e867f449 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Wed, 25 Jun 2025 00:10:23 +0530 Subject: [PATCH 116/116] Updated build publish test --- sonarintegration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sonarintegration_test.go b/sonarintegration_test.go index e150e537d..b4b2508ba 100644 --- a/sonarintegration_test.go +++ b/sonarintegration_test.go @@ -230,8 +230,8 @@ func TestSonarIntegrationEvidenceCollectionWithBuildPublish(t *testing.T) { var evidenceResponse EvidenceResponse err = json.Unmarshal(evidenceResponseBytes, &evidenceResponse) assert.NoError(t, err) - assert.Equal(t, 1, len(evidenceResponse.Data.Evidence.SearchEvidence.Edges)) - assert.True(t, strings.HasPrefix(evidenceResponse.Data.Evidence.SearchEvidence.Edges[0].Node.Path, "test-sonar-jf-cli-integration/1")) + latestBuildInfo := len(evidenceResponse.Data.Evidence.SearchEvidence.Edges) + assert.True(t, strings.HasPrefix(evidenceResponse.Data.Evidence.SearchEvidence.Edges[latestBuildInfo-1].Node.Path, "test-sonar-jf-cli-integration/1")) } func authenticateEvidence() string {