Comments (7)
Hi @yahavi ,
That looks like a good solution, and would work our firmwide Artifactory instance.
from setup-jfrog-cli.
Hi @samsmithnz, thanks for requesting this feature! 🚀
We had a team conversation about it and we think that the solution should be a bit different - instead of providing a full URL, provide a name of a remote generic repository in Artifactory pointing to https://releases.jfrog.io/artifactory/jfrog-cli/. For example:
- uses: jfrog/setup-jfrog-cli@v2
with:
repo: jfrog-cli-remote
This suggested solution is similar to the one used in the JFrog Azure DevOps extension: https://www.jfrog.com/confluence/display/JFROG/JFrog+Azure+DevOps+Extension#JFrogAzureDevOpsExtension-JFrogToolsInstaller
We will add this feature to our plan and will keep you updated.
Please let me know what do you think.
from setup-jfrog-cli.
@samsmithnz @croydondiasms,
Setup JFrog CLI 2.3.0 is released. This release includes the download-repository
input:
- uses: jfrog/setup-jfrog-cli@v2
with:
# jfrog-cli-remote is a generic remote repository in your Artifactory pointing to https://releases.jfrog.io/artifactory/jfrog-cli/
download-repository: jfrog-cli-remote
Read more about this feature here: https://github.com/jfrog/setup-jfrog-cli#downloading-jfrog-cli-from-jfrog-artifactory.
We'd appreciate your feedback on that.
from setup-jfrog-cli.
Hi @yahavi ,
Apologies, but I had misread the earlier suggestion.
So now we have the ability to set a different remote repo (via the download-repository) . That's great!
We'd also like the ability to override the default host (releases.jfrog.io) from when the jfrog cli binary is pulled in, to our privately hosted Artifactory instance.
- uses: jfrog/setup-jfrog-cli@v2
with:
# jfrog-cli-remote is a generic remote repository in your Artifactory pointing to https://releases.jfrog.io/artifactory/jfrog-cli/
download-repository: jfrog-cli-remote
# Replace https://releases.jfrog.io/ with https://company-specific-id.jfrog.io/
remote: company-specific-id.jfrog.io
Our runners run in a secure environment and don't have access to public urls on the internet like https://releases.jfrog.io/*
from setup-jfrog-cli.
@croydondiasms, thanks for your feedback.
Obviously, the runners can't access https://releases.jfrog.io, but AFAIK the recommended configuration in this situation is to whitelist external trusted sources of dependencies to the local Artifactory - Runners download from https://company-specific-id.jfrog.io/artifactory/jfrog-cli-remote which in turn acts as a proxy to https://releases.jfrog.io/artifactory/jfrog-cli:
Runner
↓ download CLI from ↓
https://company-specific-id.jfrog.io/artifactory/jfrog-cli-remote
↓ download CLI from ↓
releases.jfrog.io
If there is no choice and your Artifactory is completely isolated from the world, you can use the download-repository
as a local repository or as a remote repository to your second Artifactory. For example create a local generic repository named jfrog-cli
and upload the CLI binary to the following path: https://one-of-the-artifactories.jfrog.io/artifactory/jfrog-cli/v2/2.15.0/jfrog-cli-linux-amd64/jfrog:
Runner
↓ download CLI from ↓
https://company-specific-id.jfrog.io/artifactory/jfrog-cli
Or:
Runner
↓ download CLI from ↓
https://company-specific-id.jfrog.io/artifactory/jfrog-cli-remote
↓ download CLI from ↓
https://company-specific-2nd-id.jfrog.io/artifactory/jfrog-cli
Another option is to export 2 JFrog environments, such as the first one (alphabetically) will be the one to download the CLI from:
- uses: jfrog/setup-jfrog-cli@v2
env:
# The environment to download the JFrog CLI:
JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}
# The working environment:
JF_ENV_2: ${{ secrets.JF_SECRET_ENV_2 }}
with:
download-repository: jfrog-cli-remote
- run: |
# Set the JFrog configuration to use by providing the server ID (configured by the 'jf c add' command).
jf c use local-2
# Ping local-2 Artifactory server
jf rt ping
Please let me know if that helped.
from setup-jfrog-cli.
AFAIK the recommended configuration in this situation is to whitelist external trusted sources of dependencies to the local Artifactory - Runners
Unfortuantely we won't be able to do that due to security concerns.
The second option that you've listed would work, but it adds a lot of complexity for our end users when trying to just install the jfrog cli. If we could allow overriding the default remote (remote: company-specific-id.jfrog.io
) that would be a clean way for end users to consume the jfrog binary without adding too much complexity in the actions yaml.
from setup-jfrog-cli.
@croydondiasms,
Thanks for your important feedback.
Please understand that we decided to not override the download URL for several reasons - Complexity is one of them - From the end user's perspective, it is easier to add only one argument, instead of duplicating the remote URL in many workflow files.
Other reasons for using a remote repository are -
- Authentication - using the same credentials as the JFrog environment
- Single access to the world - use only 1 artifactory to download dependencies, (only 1 JFrog environment to manage in your workflows)
- Speed - the CLI will be cached in your local Artifactory
- More ....
Your remote URL implies that it is a remote Artifactory server, therefore you can use it as a remote repository for your second Artifactory server which contains the JFrog binary.
Do you see any blocker for using this configuration?
from setup-jfrog-cli.
Related Issues (20)
- Windows runner pwsh not exiting on invalid jf rt upload command
- jfrog commad stuck at configuration and failing HOT 3
- JFrog CLI not reading environment variables correctly HOT 12
- Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name HOT 9
- Provide the token as output of OIDC authentication HOT 7
- Upgrade to Node.js 20 LTS HOT 3
- (short feature description) HOT 1
- Certificate is Expired HOT 9
- using this action with OIDC auth mechanism produces refreshable token HOT 3
- Paralell jfrog-setup-cli mess up the jfrog-cli.conf.v6 format HOT 1
- Patch request
- Multiple GitHub Runners on self-hosted runner cause permission issue HOT 2
- OIDC integration does not work with Docker when the Identity Mapping is set to Group as the Token Scope on Artifactory's side HOT 2
- Authentication fails with version 4.0.2 HOT 6
- Artifactory returns 404 for private GitHub Docker Repository
- sudden OIDC failures: Failed to get public key HOT 3
- Automatically configured JFROG_CLI_BUILD_NAME not specific enough
- Job Summary Hyperlink Uses Wrong Anchor
- Add option to disable Summary output HOT 1
- Bug in Job summary display using v4.1.2 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-jfrog-cli.