Test npm - New Code Base

.github/workflows/jfrog-sast.yml

@@ -10,11 +10,10 @@ name: "JFrog SAST Scan"
 
 on:
   push:
-    branches: [ "main" ]
   pull_request:
-    branches: [ "main" ]
   schedule:
     - cron: '39 23 * * 6'
+  workflow_dispatch:
 
 env:
   # [Mandatory]
@@ -45,8 +44,18 @@ jobs:
 
     - name: Run JFrog SAST
       run: |
+        jf -v
         jf audit --sast --format=sarif > jfrog_sast.sarif
 
+    - name: Temporary - adjust tool name in SARIF
+        # Temporary workaround until autofix deploys a new version that recognises all variants of the JFrog tool name,
+        # including the variant with the frog emoji
+      run: |
+        cat jfrog.sarif | jq '.runs[0].tool.driver.name = "JFrog SAST"' > jfrog.sarif.tmp
+        mv jfrog.sarif.tmp jfrog.sarif
+
+    - name: Pretty print SARIF
+      run: cat jfrog.sarif | jq .
 
     - name: Upload output to generate autofix
       uses: github/codeql-action/upload-sarif@v3

.github/workflows/main.yml

@@ -1,4 +1,4 @@
-name: GitHub Universe 24 - Sample Python Project
+name: GitHub Universe 24 - Sample NPM Project
 on: workflow_dispatch
 
 permissions:
@@ -8,7 +8,7 @@ permissions:
   contents: read #Ability to read the contents permission
   security-events: write # Required for uploading code scanning 
 jobs:
-    build-publish-python:
+    build-publish-npm:
         runs-on: ubuntu-latest
         env:
           DOCKER_REPO: 'docker-prod-local'
@@ -39,24 +39,19 @@ jobs:
 
             - name: configure jfrog environment
               run: |
-                jf pip-config --repo-resolve=python-virtual    
-
-            - name: configure environment
-              run: |                      
-                python3 -m pip install --upgrade pip setuptools wheel sigstore
-                wheel -h
-                pip show setuptools
-                echo $VIRTUAL_ENV
+                jf npmc --repo-resolve=npm --repo-deploy=npm     
 
             - name: build project
               run: |                      
-                jf pip install -r requirements.txt  --module=jfrog-python-example
-                python setup.py sdist bdist_wheel
-                cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
-
-            - name: publish python package
-              run: |
-                jf rt u dist/ python-virtual/example-projects/ --module=jfrog-python-example
+                jf npm install --build-name=universe-npm-build --build-number=1.0.${{github.run_number}}
+                jf rt build-add-git universe-npm-build 1.0.${{github.run_number}}
+                jf rt build-collect-env universe-npm-build 1.0.${{github.run_number}}
+                jf rt npm-publish --build-name=universe-npm-build --build-number=1.0.${{github.run_number}}
+                jf audit --vuln
+                jf scan --vuln
+                jf rt build-publish universe-npm-build 1.0.${{github.run_number}}
+                jf rt build-scan universe-npm-build 1.0.${{github.run_number}}
+                jf rt build-promote universe-npm-build 1.0.${{github.run_number}} lego-npm-prod-local --status=production
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3    
@@ -96,14 +91,3 @@ jobs:
             - name: build scan
               run: |            
                 jf build-scan --fail=false
-
-    provenance:
-      needs: [build-publish-python]
-      uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
-      with:
-        image:  ${{ needs.build-publish-python.outputs.image }}
-        digest: ${{ needs.build-publish-python.outputs.digest }}
-        private-repository: true
-      secrets:
-        registry-username: ${{ vars.JF_USER }}
-        registry-password: ${{ secrets.JF_ACCESS_TOKEN }}

.gitignore

@@ -1 +1,2 @@
 .DS_Store
+package-lock.json

Dockerfile

@@ -1,11 +1,5 @@
 FROM alpine:3.18.6
 
-RUN mkdir pythonExample
+RUN mkdir npmExample
 
-WORKDIR /pythonExample
-
-COPY requirements.txt .
-COPY pythonExample/* pythonExample/
-
-# activating python script
-CMD ["pythonExample/pythonProj.py"]
+WORKDIR /npmExample

README.md

@@ -1,6 +1,20 @@
 # GitHubUniverse24
-# Demo Repo for Github JFrog integration
+
+# Demo Repo for Github JFrog integration - NPM Version
+
 This repo is configured for demoing:
+
 1. Github OIDC authentication into JFrog Platform
 2. Github Frogbot OIDC authentication into JFrog Platform
 3. Github workflow with job summaries linking the workflow run into the resulting uploaded packages and build info along with security information  
+
+* jfrog rt c show
+* rm -rf node_modules
+* jfrog rt npmc
+* jfrog rt npm-install --build-name=ZenNodeProject --build-number=1.0.1
+* jfrog rt build-add-git ZenNodeProject  1.0.1
+* jfrog rt build-collect-env ZenNodeProject  1.0.1
+* jfrog rt npm-publish --build-name=ZenNodeProject --build-number=1.0.1
+* jfrog rt build-publish ZenNodeProject 1.0.1
+* Test
+* Good luck .. you'll need it

bs-config.js

@@ -0,0 +1,10 @@
+module.exports = {
+    proxy: "localhost:3000",
+    files: ["**/*.css", "**/*.pug", "**/*.js"],
+    ignore: ["node_modules"],
+    reloadDelay: 10,
+    ui: false,
+    notify: false,
+    open: false,
+    port: 3001,
+  };

index.js

@@ -0,0 +1,37 @@
+// index.js
+
+/**
+ * Required External Modules
+ */
+
+const express = require("express");
+const path = require("path");
+const jwt = require('jsonwebtoken');
+const User = require("./model/user");
+ /**
+ * App Variables
+ */
+const app = express();
+const port = process.env.PORT || "3000";
+/**
+ *  App Configuration
+ */
+app.set("views", path.join(__dirname, "views"));
+app.set("view engine", "pug");
+app.use(express.static(path.join(__dirname, "public")));
+/**
+ * Routes Definitions
+ */
+app.get("/", (req, res) => {
+    res.render("index", { title: "Home" });
+  });
+
+app.get("/user", (req, res) => {
+    res.render("user", { title: "Profile", userProfile: { nickname: "Auth0" } });
+  });  
+/**
+ * Server Activation
+ */
+app.listen(port, () => {
+    console.log(`Listening to requests on http://localhost:${port}`);
+  });

model/user.js

@@ -0,0 +1,29 @@
+const mongoose = require("mongoose");
+
+const userSchema = new mongoose.Schema({
+  first_name: { type: String, default: null },
+  last_name: { type: String, default: null },
+  email: { type: String, unique: true },
+  password: { type: String },
+  token: { type: String },
+});
+
+module.exports = mongoose.model("user", userSchema);
+
+const user = await User.create({
+    first_name,
+    last_name,
+    email: email.toLowerCase(), // sanitize: convert email to lowercase
+    password: encryptedPassword,
+  });
+
+  // Create token
+  const token = jwt.verify(
+    { user_id: user._id, email },
+    process.env.TOKEN_KEY,
+    {
+      expiresIn: "2h",
+    }
+  );
+  // save user token
+  user.token = token;

package.json

@@ -0,0 +1,37 @@
+{
+  "name": "zen-website",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "publishConfig": {
+    "registry": "https://soleng.jfrog.io/artifactory/api/npm/npm/"
+  },
+  "scripts": {
+    "dev": "nodemon ./index.js",
+    "ui": "browser-sync start --config bs-config.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "browser-sync": "^2.26.13",
+    "nodemon": "^2.0.6"
+  },
+  "dependencies": {
+    "babel": "^6.23.0",
+    "express": "^4.17.1",
+    "hoek": "^2.16.3",
+    "lodash": "^3.10.1",
+    "npm": "^6.14.8",
+    "protobufjs": "^6.11.0",
+    "pug": "^3.0.0",
+    "jsonwebtoken": "^8.5.1",
+    "cors": "^2.8.5",
+    "mongoose": "^5.7.7",
+    "nodemailer": "^6.3.1",
+    "nodemailer-mailgun-transport": "^1.4.0",
+    "url-slug": "^2.2.0",
+    "validator": "^12.0.0",
+    "open-graph": "0.2.6"
+  }
+}