Support application key configuration

lib/utils.js

@@ -46,6 +46,7 @@ const core_1 = require("@octokit/core");
 const github = __importStar(require("@actions/github"));
 const zlib_1 = require("zlib");
 const util_1 = require("util");
+const js_yaml_1 = require("js-yaml");
 class Utils {
     /**
      * Retrieves server credentials for accessing JFrog's server
@@ -74,8 +75,9 @@ class Utils {
             catch (error) {
                 throw new Error(`Getting openID Connect JSON web token failed: ${error.message}`);
             }
+            const applicationKey = yield this.getApplicationKey();
             try {
-                jfrogCredentials = yield this.getJfrogAccessTokenThroughOidcProtocol(jfrogCredentials, jsonWebToken, oidcProviderName);
+                jfrogCredentials = yield this.getJfrogAccessTokenThroughOidcProtocol(jfrogCredentials, jsonWebToken, oidcProviderName, applicationKey);
                 // Set environment variable to track OIDC logins in the usage report.
                 core.exportVariable('JFROG_CLI_USAGE_CONFIG_OIDC', 'TRUE');
                 return jfrogCredentials;
@@ -85,6 +87,65 @@ class Utils {
             }
         });
     }
+    /**
+     * Retrieves the application key from .jfrog/config file.
+     *
+     * This method attempts to read config file from the file system.
+     * If the configuration file exists and contains the application key, it returns the key.
+     * If the configuration file does not exist or does not contain the application key, it returns an empty string.
+     *
+     * @returns A promise that resolves to the application key as a string.
+     */
+    static getApplicationKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const configFilePath = path.join(this.JF_CONFIG_DIR_NAME, this.JF_CONFIG_FILE);
+            try {
+                const config = yield this.readConfigFromFileSystem(configFilePath);
+                if (!config) {
+                    console.debug('Config file is empty or not found.');
+                    return '';
+                }
+                const configObj = (0, js_yaml_1.load)(config);
+                const application = configObj[this.APPLICATION_ROOT_YML];
+                if (!application) {
+                    console.log('Application root is not found in the config file.');
+                    return '';
+                }
+                const applicationKey = application[this.KEY];
+                if (!applicationKey) {
+                    console.log('Application key is not found in the config file.');
+                    return '';
+                }
+                console.debug('Found application key: ' + applicationKey);
+                return applicationKey;
+            }
+            catch (error) {
+                console.error('Error reading config:', error);
+                return '';
+            }
+        });
+    }
+    /**
+     * Reads .jfrog configuration file from file system.
+     *
+     * This method attempts to read .jfrog configuration file from the specified relative path.
+     * If the file exists, it reads the file content and returns it as a string.
+     * If the file does not exist, it returns an empty string.
+     *
+     * @param configRelativePath - The relative path to the configuration file.
+     * @returns A promise that resolves to the content of the configuration file as a string.
+     */
+    static readConfigFromFileSystem(configRelativePath) {
+        return __awaiter(this, void 0, void 0, function* () {
+            core.debug(`Reading config from file system. Looking for ${configRelativePath}`);
+            if (!(0, fs_1.existsSync)(configRelativePath)) {
+                core.debug(`config.yml not found in ${configRelativePath}`);
+                return '';
+            }
+            core.debug(`config.yml found in ${configRelativePath}`);
+            return yield fs_1.promises.readFile(configRelativePath, 'utf-8');
+        });
+    }
     /**
      * Gathers JFrog's credentials from environment variables and delivers them in a JfrogCredentials structure
      * @returns JfrogCredentials struct with all credentials found in environment variables
@@ -117,9 +178,10 @@ class Utils {
      * @param jfrogCredentials existing JFrog credentials - url, access token, username + password
      * @param jsonWebToken JWT achieved from GitHub JWT provider
      * @param oidcProviderName OIDC provider name
+     * @param applicationKey
      * @returns an access token for the requested Artifactory server
      */
-    static getJfrogAccessTokenThroughOidcProtocol(jfrogCredentials, jsonWebToken, oidcProviderName) {
+    static getJfrogAccessTokenThroughOidcProtocol(jfrogCredentials, jsonWebToken, oidcProviderName, applicationKey) {
         return __awaiter(this, void 0, void 0, function* () {
             // If we've reached this stage, the jfrogCredentials.jfrogUrl field should hold a non-empty value obtained from process.env.JF_URL
             const exchangeUrl = jfrogCredentials.jfrogUrl.replace(/\/$/, '') + '/access/api/v1/oidc/token';
@@ -135,7 +197,8 @@ class Utils {
             "provider_name": "${oidcProviderName}",
             "project_key": "${projectKey}",
             "gh_job_id": "${jobId}",
-            "gh_run_id": "${runId}"
+            "gh_run_id": "${runId}",
+            "application_key": "${applicationKey}"
         }`;
             const additionalHeaders = {
                 'Content-Type': 'application/json',
@@ -813,6 +876,16 @@ Utils.CLI_REMOTE_ARG = 'download-repository';
 Utils.OIDC_AUDIENCE_ARG = 'oidc-audience';
 // OpenID Connect provider_name input
 Utils.OIDC_INTEGRATION_PROVIDER_NAME = 'oidc-provider-name';
+// Application yaml root key
+Utils.APPLICATION_ROOT_YML = 'application';
+// Application Config file key, yaml should look like:
+// application:
+//   key: <application key>
+Utils.KEY = 'key';
+// Config file directory name
+Utils.JF_CONFIG_DIR_NAME = '.jfrog';
+// Config file name
+Utils.JF_CONFIG_FILE = 'config.yml';
 // Disable Job Summaries feature flag
 Utils.JOB_SUMMARY_DISABLE = 'disable-job-summary';
 // Disable auto build info publish feature flag