Created new release using workflows and deleted old one #940
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…to match old pipeline
* fix python descriptor file resolution * added comment for readability
- Remove jf audit step - Build and run Frogbot scan-repository on itself - True dogfooding: Frogbot scanning Frogbot 🐸 - Fails if vulnerabilities found
- Replace manual go build + run with jfrog/frogbot@v2 action - Simpler, faster, and more reliable - Added JF_FAIL flag to fail on security issues
- Frogbot will scan and fail on issues - Won't attempt to create automatic fix pull requests
- Replace 'jf go build' with 'go build' to remove JFrog CLI overhead - Add cache warmup step before parallel builds - Pre-download dependencies once - Warm up Go build cache with initial build - Should significantly reduce parallel build time from 6min to 2-3min
This reverts commit edfd425.
- When a config profile is fetched from XSC, explicitly set CreateAutoFixPr = false - This ensures autofix is disabled for repositories using config profiles - Autofix behavior can still be controlled via environment variables when not using config profiles
eranturgeman
reviewed
Jan 1, 2026
go.mod
Outdated
| module github.com/jfrog/frogbot/v2 | ||
|
|
||
| go 1.24.6 | ||
| go 1.25.4 |
Contributor
There was a problem hiding this comment.
the current version is v3 is 1.25.5
is there a reason for the downgrade?
eranturgeman
reviewed
Jan 1, 2026
go.mod
Outdated
| github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20251023084247-a56afca52451 | ||
| github.com/jfrog/jfrog-cli-security v1.21.9 | ||
| github.com/jfrog/jfrog-client-go v1.55.1-0.20251023073119-78f187c9afbf | ||
| github.com/jfrog/jfrog-cli-security v1.22.0 |
Contributor
There was a problem hiding this comment.
I assume this is a pr you started to work on a while ago, the dependencies versions are already higher please ensure you are not downgrading versions for our dependencies
- Resolved conflicts by taking v3_er changes - Kept new release.yml workflow - Updated buildAndUpload.sh for parallel builds - Removed JFrog Pipelines templates - Removed frogbot-config.yml schema
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.