Customize commit email author (#377)

jfrog · Jul 6, 2023 · 78b006b · 78b006b
1 parent 5702c86
commit 78b006b
Show file tree

Hide file tree

Showing 30 changed files with 144 additions and 49 deletions.
diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"

diff --git a/commands/testdata/config/frogbot-config-test-unmarshal.yml b/commands/testdata/config/frogbot-config-test-unmarshal.yml
@@ -4,6 +4,7 @@
       branches:
         - master
         - main
+      emailAuthor: "myemail@jfrog.com"
     scan:
       projects:
         - installCommand: nuget restore

diff --git a/commands/utils/consts.go b/commands/utils/consts.go
@@ -79,6 +79,7 @@ const (
 	GitPullRequestIDEnv  = "JF_GIT_PULL_REQUEST_ID"
 	GitApiEndpointEnv    = "JF_GIT_API_ENDPOINT"
 	GitAggregateFixesEnv = "JF_GIT_AGGREGATE_FIXES"
+	GitEmailAuthorEnv    = "JF_GIT_EMAIL_AUTHOR"
 
 	// Comment
 	vulnerabilitiesTableHeader        = "\n| SEVERITY                | DIRECT DEPENDENCIES                  | IMPACTED DEPENDENCY                   | FIXED VERSIONS                       |\n| :---------------------: | :----------------------------------: | :-----------------------------------: | :---------------------------------: |"

diff --git a/commands/utils/git.go b/commands/utils/git.go
@@ -215,7 +215,7 @@ func (gm *GitManager) commit(commitMessage string) error {
 	_, err = worktree.Commit(commitMessage, &git.CommitOptions{
 		Author: &object.Signature{
 			Name:  frogbotAuthorName,
-			Email: frogbotAuthorEmail,
+			Email: gm.git.EmailAuthor,
 			When:  time.Now(),
 		},
 	})

diff --git a/commands/utils/params.go b/commands/utils/params.go
@@ -191,6 +191,7 @@ type Git struct {
 	BranchNameTemplate       string `yaml:"branchNameTemplate,omitempty"`
 	CommitMessageTemplate    string `yaml:"commitMessageTemplate,omitempty"`
 	PullRequestTitleTemplate string `yaml:"pullRequestTitleTemplate,omitempty"`
+	EmailAuthor              string `yaml:"emailAuthor,omitempty"`
 	AggregateFixes           bool   `yaml:"aggregateFixes,omitempty"`
 	PullRequestID            int
 }
@@ -223,7 +224,14 @@ func (g *Git) setDefaultsIfNeeded(git *Git) (err error) {
 	}
 	g.AggregateFixes = git.AggregateFixes
 	if !g.AggregateFixes {
-		g.AggregateFixes, err = getBoolEnv(GitAggregateFixesEnv, false)
+		if g.AggregateFixes, err = getBoolEnv(GitAggregateFixesEnv, false); err != nil {
+			return
+		}
+	}
+	if g.EmailAuthor == "" {
+		if g.EmailAuthor = getTrimmedEnv(GitEmailAuthorEnv); g.EmailAuthor == "" {
+			g.EmailAuthor = frogbotAuthorEmail
+		}
 	}
 	// Non-mandatory git branch pr id.
 	if pullRequestIDString := getTrimmedEnv(GitPullRequestIDEnv); pullRequestIDString != "" {

diff --git a/commands/utils/params_test.go b/commands/utils/params_test.go
@@ -137,6 +137,7 @@ func TestExtractAndAssertRepoParams(t *testing.T) {
 		GitBaseBranchEnv:     "dev",
 		GitPullRequestIDEnv:  "1",
 		GitAggregateFixesEnv: "true",
+		GitEmailAuthorEnv:    "myemail@jfrog.com",
 		MinSeverityEnv:       "high",
 		FixableOnlyEnv:       "true",
 	})
@@ -164,7 +165,7 @@ func TestExtractAndAssertRepoParams(t *testing.T) {
 		assert.Equal(t, "High", repo.MinSeverity)
 		assert.True(t, repo.FixableOnly)
 		assert.Equal(t, true, repo.AggregateFixes)
-
+		assert.Equal(t, "myemail@jfrog.com", repo.EmailAuthor)
 		assert.ElementsMatch(t, []string{"watch-2", "watch-1"}, repo.Watches)
 		for _, project := range repo.Projects {
 			testExtractAndAssertProjectParams(t, project)
@@ -191,6 +192,7 @@ func TestBuildRepoAggregatorWithEmptyScan(t *testing.T) {
 	configAggregator, err := BuildRepoAggregator(configFileContent, gitParams, server)
 	assert.NoError(t, err)
 	assert.Len(t, configAggregator, 1)
+	assert.Equal(t, frogbotAuthorEmail, configAggregator[0].EmailAuthor)
 	assert.False(t, configAggregator[0].AggregateFixes)
 	scan := configAggregator[0].Scan
 	assert.False(t, scan.IncludeAllVulnerabilities)
@@ -398,6 +400,7 @@ func TestFrogbotConfigAggregator_unmarshalFrogbotConfigYaml(t *testing.T) {
 	assert.NoError(t, err)
 	firstRepo := configAggregator[0]
 	assert.Equal(t, "npm-repo", firstRepo.RepoName)
+	assert.Equal(t, "myemail@jfrog.com", firstRepo.EmailAuthor)
 	assert.ElementsMatch(t, []string{"master", "main"}, firstRepo.Branches)
 	assert.False(t, *firstRepo.FailOnSecurityIssues)
 	firstRepoProject := firstRepo.Projects[0]

diff --git a/docs/install-azure-repos.md b/docs/install-azure-repos.md
@@ -170,6 +170,10 @@ To install Frogbot on Azure Repos repositories, follow these steps.
             # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
             # The following values are accepted: Low, Medium, High or Critical
             # JF_MIN_SEVERITY: ""
+
+            # [Optional, Default: eco-system+frogbot@jfrog.com]
+            # Set the email of the commit author
+            # JF_GIT_EMAIL_AUTHOR: ""
          displayName: 'Download and Run Frogbot'   
          inputs:
            script: |

diff --git a/docs/install-bitbucket-server.md b/docs/install-bitbucket-server.md
@@ -86,17 +86,17 @@
                // JF_RELEASES_REPO= ""
                
                ///////////////////////////////////////////////////////////////////////////
-            //   If your project uses a 'frogbot-config.yml' file, you should define //
-            //   the following variables inside the file, instead of here.           //
-            ///////////////////////////////////////////////////////////////////////////
-
-            // [Mandatory]
-            // The name of the repository
-            JF_GIT_REPO: ""
- 
-            // [Mandatory]
-            // The name of the branch on which Frogbot will perform the scan
-            JF_GIT_BASE_BRANCH: ""
+               //   If your project uses a 'frogbot-config.yml' file, you should define //
+               //   the following variables inside the file, instead of here.           //
+               ///////////////////////////////////////////////////////////////////////////
+   
+               // [Mandatory]
+               // The name of the repository
+               JF_GIT_REPO= ""
+    
+               // [Mandatory]
+               // The name of the branch on which Frogbot will perform the scan
+               JF_GIT_BASE_BRANCH= ""
                
                // [Mandatory if the two conditions below are met]
                // 1. The project uses yarn 2, NuGet or .NET to download its dependencies
@@ -168,6 +168,10 @@
                // Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
                // The following values are accepted: Low, Medium, High or Critical
                // JF_MIN_SEVERITY= ""
+     
+               // [Optional, Default: eco-system+frogbot@jfrog.com]
+               // Set the email of the commit author
+               // JF_GIT_EMAIL_AUTHOR: ""
          }
          
          stages {
@@ -204,15 +208,12 @@
                       // powershell """.\frogbot.exe scan-and-fix-repos"""
                   }
               }
-         }
-   }
-   ```
-     
-      **Important**
-
-      - Make sure that either **JF_USER** and **JF_PASSWORD** or **JF_ACCESS_TOKEN** are set in the Jenkinsfile, but not both.
-      - Make sure that all the build tools that are used to build the project are installed on the Jenkins agent.
-      </details>
+          }
+      }
    </details>
+</details>
 
+**Important**
+- Make sure that either **JF_USER** and **JF_PASSWORD** or **JF_ACCESS_TOKEN** are set in the Jenkinsfile, but not both.
+- Make sure that all the build tools that are used to build the project are installed on the Jenkins agent.
 
diff --git a/docs/install-github.md b/docs/install-github.md
@@ -196,6 +196,10 @@
           // Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           // The following values are accepted: Low, Medium, High or Critical
           // JF_MIN_SEVERITY= ""
+  
+          // [Optional, Default: eco-system+frogbot@jfrog.com]
+          // Set the email of the commit author
+          // JF_GIT_EMAIL_AUTHOR: ""
       }
       stages {
                stage('Download Frogbot') {

diff --git a/docs/install-gitlab.md b/docs/install-gitlab.md
@@ -134,6 +134,10 @@ frogbot-scan:
     # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
     # The following values are accepted: Low, Medium, High or Critical
     # JF_MIN_SEVERITY: ""
+
+    # [Optional, Default: eco-system+frogbot@jfrog.com]
+    # Set the email of the commit author
+    # JF_GIT_EMAIL_AUTHOR: ""
   script:
     # For Linux / MacOS runner:
     - |

diff --git a/docs/templates/.frogbot/frogbot-config.yml b/docs/templates/.frogbot/frogbot-config.yml
@@ -34,6 +34,10 @@
       # If false, Frogbot creates a separate pull request for each fix.
       # aggregateFixes: false
 
+      # [Optional, Default: eco-system+frogbot@jfrog.com]
+      # Set the email of the commit author
+      # emailAuthor: ""
+
     # Frogbot scanning parameters
     scan:
       # [Default: false]

diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-go.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-go.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -57,8 +58,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -115,3 +114,7 @@ jobs:
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
           # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-maven.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-maven.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -58,8 +59,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -116,3 +115,7 @@ jobs:
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
           # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-npm.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-npm.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -57,8 +58,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -121,4 +120,8 @@ jobs:
           # [Optional]
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-pip.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-pip.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -57,8 +58,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -118,4 +117,8 @@ jobs:
           # [Optional]
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-pipenv.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-pipenv.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -60,8 +61,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -121,4 +120,8 @@ jobs:
           # [Optional]
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-poetry.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-poetry.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -61,8 +62,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -118,4 +117,8 @@ jobs:
           # [Optional]
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-yarn.yml b/docs/templates/github-actions/scan-and-fix/frogbot-scan-and-fix-yarn.yml
@@ -1,5 +1,6 @@
 name: "Frogbot Scan and Fix"
 on:
+  workflow_dispatch:
   schedule:
     # The repository will be scanned once a day at 00:00 GMT.
     - cron: "0 0 * * *"
@@ -57,8 +58,6 @@ jobs:
           # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
           # JF_RELEASES_REPO: ""
 
-
-
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
           ##   the following variables inside the file, instead of here.          ##
@@ -121,4 +120,8 @@ jobs:
           # [Optional]
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
-          # JF_MIN_SEVERITY: ""
+          # JF_MIN_SEVERITY: ""
+
+          # [Optional, Default: eco-system+frogbot@jfrog.com]
+          # Set the email of the commit author
+          # JF_GIT_EMAIL_AUTHOR: ""
diff --git a/docs/templates/jfrog-pipelines/pipelines-dotnet.yml b/docs/templates/jfrog-pipelines/pipelines-dotnet.yml
@@ -143,6 +143,10 @@ pipelines:
             # The following values are accepted: Low, Medium, High or Critical
             # JF_MIN_SEVERITY: ""
 
+            # [Optional, Default: eco-system+frogbot@jfrog.com]
+            # Set the email of the commit author
+            # JF_GIT_EMAIL_AUTHOR: ""
+
         execution:
           onExecute:
             - cd $res_frogbotGitRepo_resourcePath