Fix the Build-Publish-Scan workflow

2026-02-11 09:01:10 +00:00 · 2026-02-06 11:41:23 +02:00 · 2026-02-06 11:41:23 +02:00 · 0929a50540
commit 0929a50540
parent 0213a72b79
1 changed files with 13 additions and 9 deletions
--- a/.github/workflows/build-publish-scan.yml
+++ b/.github/workflows/build-publish-scan.yml
@ -4,12 +4,15 @@ on:
  push:
    branches:
      - feature/test-change
+  pull_request:
+    branches:
+      - main
  workflow_dispatch: {}

 permissions:
  contents: read
  pull-requests: write
-  id-token: write # Required for OIDC handshake
+  id-token: write 

 jobs:
  build-and-scan:
@ -18,8 +21,8 @@ jobs:
    
    env:
      JF_URL: ${{ secrets.JF_URL }}
-      JF_REPO: "maven-repo" # Using your newly created repo
-      BUILD_NAME: "spring-petclinic-build"
+      JF_REPO: ${{ secrets.JF_REPO }}
+      BUILD_NAME: "maven-build-scan"
      BUILD_NUMBER: ${{ github.run_number }}

    steps:
@ -33,37 +36,38 @@ jobs:
          distribution: 'temurin'
          cache: maven

-      # 1. Setup JFrog CLI with OIDC
      - name: Set up JFrog CLI
        uses: jfrog/setup-jfrog-cli@v4
        with:
          oidc-provider-name: github-oidc
          oidc-audience: jfrog-github

-      # 2. Build Project
      - name: Build with Maven
        run: ./mvnw -B -DskipTests package

-      # 3. Publish Artifact (Fixes the 405 error by using the explicit repo key)
      - name: Publish artifact to Artifactory
        run: |
-          jf rt upload "target/*.jar" "${{ env.JF_REPO }}/petclinic/${{ env.BUILD_NUMBER }}/" \
+          jf rt upload "target/*.jar" "${{ env.JF_REPO }}/builds/${{ github.run_number }}/" \
            --build-name="${{ env.BUILD_NAME }}" \
            --build-number="${{ env.BUILD_NUMBER }}" \
            --flat=false

-      # 4. Publish Build Info (Required for Xray to scan the build)
      - name: Publish Build Info
        run: |
          jf rt build-collect-env ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }}
          jf rt bp ${{ env.BUILD_NAME }} ${{ env.BUILD_NUMBER }}

-      # 5. Run Frogbot Xray Scan
      - name: Run Frogbot Scan
        uses: jfrog/frogbot@v2
        env:
          JF_URL: ${{ env.JF_URL }}
          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # FIX: Explicitly set technology to avoid Gradle timeout
+          JF_RELEVANT_TECHNOLOGIES: "maven"
+          # FIX: If "build-watch" doesn't exist in Xray UI, Frogbot will fail. 
+          # Remove the next line if you haven't created that specific Watch.
+          JF_WATCHES: "build-watch"
+          JF_INCLUDE_ALL_VULNERABILITIES: "true"
        with:
          oidc-provider-name: github-oidc
          oidc-audience: jfrog-github