I would like to configure build artifacts and dependencies scan for vulnerabilities and license violations for a .NET project through the pipeline. I am new to JFrog Artifactory and Xray and currently my pipeline is failing with error:
[Error] resolver information is missing within /builds/project-name/.jfrog/projects/dotnet.yaml
I followed this documentation. It's never mentioned that I have to have this file and I can't find how this file should look like in their docs. Did someone else had similar issue?
This is current state of my configuration file for GitLab's pipeline:
......
xray:
stage: Xray
image: mcr.microsoft.com/dotnet/sdk:3.1
before_script:
- PROXY_ADDRESS="${PROXY_ADDRESS}"
- chmod +x add-proxy.sh
- ./add-proxy.sh "PROXY_ADDRESS"
- source /etc/profile.d/proxy.sh
script:
- apt update && apt upgrade --yes
- apt install curl --yes
- curl -fL https://getcli.jfrog.io | sh
- ./jfrog config add project-name --artifactory-url="${JFROG_FULL_URL}" --user="${JFROG_USER}" --access-token="${JFROG_TOKEN}"
- ./jfrog config show
- ./jfrog config use project-name
- ./jfrog rt dotnet-config
- ./jfrog rt dotnet restore -s nuget.config --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID
- ./jfrog rt dotnet pack ./project-name/project-name.csproj --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID
- ./jfrog rt build-collect-env $CI_JOB_NAME $CI_JOB_ID
- ./jfrog rt build-add-git $CI_JOB_NAME $CI_JOB_ID
- ./jfrog rt build-publish $CI_JOB_NAME $CI_JOB_ID
- ./jfrog rt build-scan $CI_JOB_NAME $CI_JOB_ID
Error is thrown on this line:
- ./jfrog rt dotnet restore -s nuget.config --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID
The
jfrog rt dotnet-config
command is an interactive command by default.The command creates a project configuration used by the
jfrog rt dotnet
command.Since you are running it in CI, you may provide the config command your resolution details with flags. See the command help for more info:
P.S:
This blog is a bit outdated, and still suggests using an older version of JFrog CLI.
Since you are configuring a new pipeline, I suggest upgrading to JFrog CLI v2. It requires a bit of modifications to your script, but since v1 hardly gets any updates now, it should be worth the effort.
The installation command should change to
curl -fL https://install-cli.jfrog.io | sh
, which will install the CLI globally, with the new executable namejf
. This means./jfrog
in your script should be changed tojf
.Dotnet commands were moved to the
jf
namespace (./jfrog rt dotnet ...
->jf dotnet ...
)All changes are documented here.