@@ -46,6 +46,7 @@ const core_1 = require("@octokit/core");
4646const github = __importStar ( require ( "@actions/github" ) ) ;
4747const zlib_1 = require ( "zlib" ) ;
4848const util_1 = require ( "util" ) ;
49+ const js_yaml_1 = require ( "js-yaml" ) ;
4950class Utils {
5051 /**
5152 * Retrieves server credentials for accessing JFrog's server
@@ -74,8 +75,9 @@ class Utils {
7475 catch ( error ) {
7576 throw new Error ( `Getting openID Connect JSON web token failed: ${ error . message } ) ;
7677 }
78+ const applicationKey = yield this . getApplicationKey ( ) ;
7779 try {
78- jfrogCredentials = yield this . getJfrogAccessTokenThroughOidcProtocol ( jfrogCredentials , jsonWebToken , oidcProviderName ) ;
80+ jfrogCredentials = yield this . getJfrogAccessTokenThroughOidcProtocol ( jfrogCredentials , jsonWebToken , oidcProviderName , applicationKey ) ;
7981 // Set environment variable to track OIDC logins in the usage report.
8082 core . exportVariable ( 'JFROG_CLI_USAGE_CONFIG_OIDC' , 'TRUE' ) ;
8183 return jfrogCredentials ;
@@ -85,6 +87,65 @@ class Utils {
8587 }
8688 } ) ;
8789 }
90+ /**
91+ * Retrieves the application key from .jfrog/config file.
92+ *
93+ * This method attempts to read config file from the file system.
94+ * If the configuration file exists and contains the application key, it returns the key.
95+ * If the configuration file does not exist or does not contain the application key, it returns an empty string.
96+ *
97+ * @returns A promise that resolves to the application key as a string.
98+ */
99+ static getApplicationKey ( ) {
100+ return __awaiter ( this , void 0 , void 0 , function * ( ) {
101+ const configFilePath = path . join ( this . JF_CONFIG_DIR_NAME , this . JF_CONFIG_FILE ) ;
102+ try {
103+ const config = yield this . readConfigFromFileSystem ( configFilePath ) ;
104+ if ( ! config ) {
105+ console . debug ( 'Config file is empty or not found.' ) ;
106+ return '' ;
107+ }
108+ const configObj = ( 0 , js_yaml_1 . load ) ( config ) ;
109+ const application = configObj [ this . APPLICATION_ROOT_YML ] ;
110+ if ( ! application ) {
111+ console . log ( 'Application root is not found in the config file.' ) ;
112+ return '' ;
113+ }
114+ const applicationKey = application [ this . KEY ] ;
115+ if ( ! applicationKey ) {
116+ console . log ( 'Application key is not found in the config file.' ) ;
117+ return '' ;
118+ }
119+ console . debug ( 'Found application key: ' + applicationKey ) ;
120+ return applicationKey ;
121+ }
122+ catch ( error ) {
123+ console . error ( 'Error reading config:' , error ) ;
124+ return '' ;
125+ }
126+ } ) ;
127+ }
128+ /**
129+ * Reads .jfrog configuration file from file system.
130+ *
131+ * This method attempts to read .jfrog configuration file from the specified relative path.
132+ * If the file exists, it reads the file content and returns it as a string.
133+ * If the file does not exist, it returns an empty string.
134+ *
135+ * @param configRelativePath - The relative path to the configuration file.
136+ * @returns A promise that resolves to the content of the configuration file as a string.
137+ */
138+ static readConfigFromFileSystem ( configRelativePath ) {
139+ return __awaiter ( this , void 0 , void 0 , function * ( ) {
140+ core . debug ( `Reading config from file system. Looking for ${ configRelativePath } ) ;
141+ if ( ! ( 0 , fs_1 . existsSync ) ( configRelativePath ) ) {
142+ core . debug ( `config.yml not found in ${ configRelativePath } ) ;
143+ return '' ;
144+ }
145+ core . debug ( `config.yml found in ${ configRelativePath } ) ;
146+ return yield fs_1 . promises . readFile ( configRelativePath , 'utf-8' ) ;
147+ } ) ;
148+ }
88149 /**
89150 * Gathers JFrog's credentials from environment variables and delivers them in a JfrogCredentials structure
90151 * @returns JfrogCredentials struct with all credentials found in environment variables
@@ -117,9 +178,10 @@ class Utils {
117178 * @param jfrogCredentials existing JFrog credentials - url, access token, username + password
118179 * @param jsonWebToken JWT achieved from GitHub JWT provider
119180 * @param oidcProviderName OIDC provider name
181+ * @param applicationKey
120182 * @returns an access token for the requested Artifactory server
121183 */
122- static getJfrogAccessTokenThroughOidcProtocol ( jfrogCredentials , jsonWebToken , oidcProviderName ) {
184+ static getJfrogAccessTokenThroughOidcProtocol ( jfrogCredentials , jsonWebToken , oidcProviderName , applicationKey ) {
123185 return __awaiter ( this , void 0 , void 0 , function * ( ) {
124186 // If we've reached this stage, the jfrogCredentials.jfrogUrl field should hold a non-empty value obtained from process.env.JF_URL
125187 const exchangeUrl = jfrogCredentials . jfrogUrl . replace ( / \/ $ / , '' ) + '/access/api/v1/oidc/token' ;
@@ -135,7 +197,8 @@ class Utils {
135197 "provider_name": "${ oidcProviderName }
136198 "project_key": "${ projectKey }
137199 "gh_job_id": "${ jobId }
138- "gh_run_id": "${ runId }
200+ "gh_run_id": "${ runId }
201+ "application_key": "${ applicationKey }
139202 }` ;
140203 const additionalHeaders = {
141204 'Content-Type' : 'application/json' ,
@@ -813,6 +876,16 @@ Utils.CLI_REMOTE_ARG = 'download-repository';
813876Utils . OIDC_AUDIENCE_ARG = 'oidc-audience' ;
814877// OpenID Connect provider_name input
815878Utils . OIDC_INTEGRATION_PROVIDER_NAME = 'oidc-provider-name' ;
879+ // Application yaml root key
880+ Utils . APPLICATION_ROOT_YML = 'application' ;
881+ // Application Config file key, yaml should look like:
882+ // application:
883+ // key: <application key>
884+ Utils . KEY = 'key' ;
885+ // Config file directory name
886+ Utils . JF_CONFIG_DIR_NAME = '.jfrog' ;
887+ // Config file name
888+ Utils . JF_CONFIG_FILE = 'config.yml' ;
816889// Disable Job Summaries feature flag
817890Utils . JOB_SUMMARY_DISABLE = 'disable-job-summary' ;
818891// Disable auto build info publish feature flag
0 commit comments