Installation
Step 1: Set Up Repository Secrets
- Go to Settings > Secrets and variables > Actions.
- Add the following secrets:
| Secret Name | Description | Notes |
|---|---|---|
JF_URL | JFrog platform URL | |
JF_ACCESS_TOKEN | JFrog access token | OIDC is recommended |
JF_GIT_TOKEN | GitHub personal access token | Must have repo and read:packages scopes |
JF_USER + JF_PASSWORD | JFrog user name and password | Alternative to the JF_ACCESS_TOKEN secret |
Step 2: Allow Frogbot to open Pull Requests
- In GitHub, navigate to the Settings tab.
- From the main menu, select Actions > General and check the Allow GitHub Actions to create and approve pull requests check box.
Step 3: Create an Execution Environment (Recommended for Open Source Projects Only)
- In GitHub, navigate to the Settings tab.
- From the main menu, select Environments and click on New environment.
The Environments window opens. - Create a new GitHub environment named frogbot.
- Add people or public teams as reviewers.
The chosen reviewers can trigger Frogbot scans on pull requests. - If the environment is required for execution, specify it in the relevant job within the CI workflow.
Step 4: Create the GitHub Actions Workflows
- Create the two workflow files as described in the Frogbot Workflow Templates section.
- Before setting up Frogbot, ensure all required tools and technologies are installed on your system and are available in your system's
$PATH.