frogbot
frogbot copied to clipboard
Not able to scan PR with frogbot exited with error
I got the below error, I used the github action template for Python package scanning
/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request
[14](https://github.com/telia-company/cirrus-ml-experimentation/runs/8191097884?check_suite_focus=true#step:5:15):37:39 [Info] Running Frogbot "scan-pull-request" command
14:37:39 [Info] Auditing /runner/_work/cirrus-ml-experimentation/cirrus-ml-experimentation
Error: 9 [Error] could not determine the package manager / build tool used by this project.
Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code [1](https://github.com/telia-company/cirrus-ml-experimentation/runs/8191097884?check_suite_focus=true#step:9:1)
Hi @mangeishp, Thanks for reporting this issue. Frogbot detects the technology type by the descriptor files (package.json / yarn.lock / etc..) on your project's root directory. Can you please provide your project's root dir files list?
I do not have such descriptor file as I was executing this on my package management workflow repository where I have only requirement.txt file. is there any other way to solve this. or it only with project repositories
Hi @mangeishp and thank you for the update. For such cases, we have a specific environment variable.
Add the following environment to your YAML file:
JF_REQUIREMENTS_FILE: "requirements.txt"
Please let me know if it worked for you. Thank you!
It proceed further and detect package type as pip however it give invalid token, However the same token I can use for package download from jfrog repo
Hi @mangeishp, can you share the logs? I am guessing that you used Identity or Reference Token, Unfortunately, Identity/Reference tokens are currently not supported by JFrog CLI package manager commands because they need a username in addition to the token.
You can use:
- JFrog Access Token
- User + Password
- set the Reference/Identity Token as a password ( supported by Saas Artifactory 7.42.0 / onPrem Artifactory 7.43.0, on earlier versions use the following workaround - https://github.com/jfrog/jfrog-cli/issues/1616#issuecomment-1217734448
Hi,
As you suggested I have used the username and identity access toke generated on Jfrog ui. Here is the logs,
Frogbot /opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request 06:54:27 [Info] Running Frogbot "scan-pull-request" command 06:54:27 [Info] Auditing /runner/_work/cirrus-poc-package-scanning/cirrus-poc-package-scanning 06:54:27 [Info] Detected: pip. 06:57:18 [Info] JFrog Xray version is: 3.30.1 06:57:18 [Info] Scanning module imbalanced-learn:0.8.1... Error: 8 [Error] Scanning imbalanced-learn:0.8.1 failed with error: Found invalid token Error: 8 [Error] pip Audit command failed: Audit command failed due to Xray internal error Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1
@sverdlov93 Hi, I managed get authenticated with jfrog however now it failed with below errors, can you help
panic: runtime error: index out of range [4] with length 4
goroutine 1 [running]:
github.com/jfrog/frogbot/commands.createNewIssuesRows({0xc0001cc780, 0x4, 0x0?}, {0xc0003f8000, 0xc, 0x0?})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8[58](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:59)3230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:90 +0x4c6
github.com/jfrog/frogbot/commands.scanPullRequest(0xc0001fa400, {0x10e4b98, 0xc000330ab0})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:58 +0x211
github.com/jfrog/frogbot/commands.ScanPullRequestCmd.Run(...)
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:30
github.com/jfrog/frogbot/commands.Exec({0x10dc380, 0x1848b68}, {0xf4f7e9, 0x11})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:28 +0x1ef
github.com/jfrog/frogbot/commands.GetCommands.func1(0xc00033c3[60](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:61)?)
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:44 +0x32
github.com/urfave/cli/v2.(*Command).Run(0xc00033c360, 0xc00030cbc0)
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:173 +0x6a2
github.com/urfave/cli/v2.(*App).RunContext(0xc00018a8c0, {0x10e0998?, 0xc00013e000}, {0xc00012e000, 0x2, 0x2})
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:382 +0xfb5
github.com/urfave/cli/v2.(*App).Run(...)
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:251
main.ExecMain()
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:27 +0x158
main.main()
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:16 +0x1e
Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x[64](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:65)/frogbot' failed with exit code 2
my workflow
name: "Frogbot Scan Pull Request"
on:
pull_request_target:
types: [opened, synchronize]
permissions:
pull-requests: write
contents: read
jobs:
scan-pull-request:
runs-on: ubuntu-latest
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
# "frogbot" GitHub environment can approve the pull request to be scanned.
environment: frogbot
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
# Install prerequisites
- uses: actions/setup-python@v3
with:
python-version: "3.7"
- uses: jfrog/frogbot@v2
env:
# [Mandatory]
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
JF_URL: ${{ secrets.JF_URL }}
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
JF_USER: ${{ secrets.JF_USER }}
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog password. Must be provided with JF_USER
JF_PASSWORD: ${{ secrets.JF_ACCESS_TOKEN }}
# [Mandatory]
# The GitHub token automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# [Optional, default: "."]
# Relative path to the project in the git repository
JF_REQUIREMENTS_FILE: "requirements.txt"
#JF_WORKING_DIR: cirrus-ml-experimentation/src/project_template/