From 3bf61db5f44c2bca96cfd0423aecc4c300de9767 Mon Sep 17 00:00:00 2001
From: Serhii Mamontov <sergey@pubnub.com>
Date: Wed, 21 Feb 2024 15:40:40 +0200
Subject: [PATCH 1/5] build(jfrog): add xray scan

---
 .../workflows/frogbot-scan-pull-request.yml   | 24 ++++++++++++++
 .github/workflows/frogbot-scan-repository.yml | 33 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 .github/workflows/frogbot-scan-pull-request.yml
 create mode 100644 .github/workflows/frogbot-scan-repository.yml

diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
new file mode 100644
index 000000000..cf274ab6c
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -0,0 +1,24 @@
+name: "Frogbot Scan Pull Request"
+on:
+  push:
+  workflow_dispatch:
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the
+    # "frogbot" GitHub environment can approve the pull request to be scanned.
+    environment: frogbot
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          JF_URL: ${{ secrets.JF_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*;*karma*;*dist*;*lib*"
+          JF_MIN_SEVERITY: "Medium"
+          JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+          # JF_PR_COMMENT_TITLE: ""
\ No newline at end of file
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
new file mode 100644
index 000000000..f18dc4b99
--- /dev/null
+++ b/.github/workflows/frogbot-scan-repository.yml
@@ -0,0 +1,33 @@
+name: "Frogbot Scan Repository"
+on:
+  workflow_dispatch:
+  schedule:
+    # The repository will be scanned once a day at 00:00 GMT.
+    - cron: "0 0 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  scan-repository:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: ["master"]
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          JF_URL: ${{ secrets.JF_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
+          JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*;*karma*;*dist*;*lib*"
+          JF_MIN_SEVERITY: "Medium"
+          JF_GIT_EMAIL_AUTHOR: "120067856+pubnub-release-bot@users.noreply.github.com"
+          JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+          # JF_BRANCH_NAME_TEMPLATE: "frogbot-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"
+          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+          # JF_PR_COMMENT_TITLE: ""
\ No newline at end of file

From 1fc4a71f88d02bca3ac38af619e13f0438232731 Mon Sep 17 00:00:00 2001
From: Serhii Mamontov <sergey@pubnub.com>
Date: Wed, 21 Feb 2024 15:42:38 +0200
Subject: [PATCH 2/5] build(jfrog): add missing checkout step

---
 .github/workflows/frogbot-scan-pull-request.yml | 2 ++
 .github/workflows/frogbot-scan-repository.yml   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
index cf274ab6c..76ea633fc 100644
--- a/.github/workflows/frogbot-scan-pull-request.yml
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -12,6 +12,8 @@ jobs:
     # "frogbot" GitHub environment can approve the pull request to be scanned.
     environment: frogbot
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
       - uses: jfrog/frogbot@v2
         env:
           JF_URL: ${{ secrets.JF_URL }}
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
index f18dc4b99..676cc601f 100644
--- a/.github/workflows/frogbot-scan-repository.yml
+++ b/.github/workflows/frogbot-scan-repository.yml
@@ -16,6 +16,8 @@ jobs:
         # The repository scanning will be triggered periodically on the following branches.
         branch: ["master"]
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
       - uses: jfrog/frogbot@v2
         env:
           JF_URL: ${{ secrets.JF_URL }}

From 04d3ed6530e676037d1b1a8db09ba950d2f36d1e Mon Sep 17 00:00:00 2001
From: Serhii Mamontov <parfeon@me.com>
Date: Wed, 21 Feb 2024 17:07:56 +0200
Subject: [PATCH 3/5] Update frogbot-scan-pull-request.yml

---
 .github/workflows/frogbot-scan-pull-request.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
index 76ea633fc..0300d6b40 100644
--- a/.github/workflows/frogbot-scan-pull-request.yml
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the
     # "frogbot" GitHub environment can approve the pull request to be scanned.
-    environment: frogbot
+    # environment: frogbot
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -23,4 +23,4 @@ jobs:
           JF_MIN_SEVERITY: "Medium"
           JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
           # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-          # JF_PR_COMMENT_TITLE: ""
\ No newline at end of file
+          # JF_PR_COMMENT_TITLE: ""

From 742a7a48f8d2115f5f7edca59bc28da72c043d96 Mon Sep 17 00:00:00 2001
From: Serhii Mamontov <parfeon@me.com>
Date: Wed, 21 Feb 2024 17:09:52 +0200
Subject: [PATCH 4/5] Update frogbot-scan-pull-request.yml

---
 .github/workflows/frogbot-scan-pull-request.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
index 0300d6b40..d273c6dd4 100644
--- a/.github/workflows/frogbot-scan-pull-request.yml
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -4,6 +4,7 @@ on:
   workflow_dispatch:
 permissions:
   pull-requests: write
+  security-events: write
   contents: read
 jobs:
   scan-pull-request:

From 11d1d4bf38bae1f8d6405abf325fdd86b5a826b8 Mon Sep 17 00:00:00 2001
From: Serhii Mamontov <parfeon@me.com>
Date: Wed, 21 Feb 2024 17:27:29 +0200
Subject: [PATCH 5/5] Update frogbot-scan-pull-request.yml

---
 .github/workflows/frogbot-scan-pull-request.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
index d273c6dd4..28b3f9e58 100644
--- a/.github/workflows/frogbot-scan-pull-request.yml
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -22,6 +22,6 @@ jobs:
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*;*karma*;*dist*;*lib*"
           JF_MIN_SEVERITY: "Medium"
-          JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+          JF_ALLOWED_LICENSES: "Apache-2.0"
           # JF_AVOID_EXTRA_MESSAGES: "TRUE"
           # JF_PR_COMMENT_TITLE: ""