frogbot-scan-pr.yml

name: "Frogbot Scan Pull Request"
on:
  pull_request_target:
    types: [ opened, synchronize ]
permissions:
  pull-requests: write
  contents: read
jobs:
  scan-pull-request:
    runs-on: ubuntu-latest
    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
    # "frogbot" GitHub environment can approve the pull request to be scanned.
    environment: frogbot
    steps:
      - name: Setup Go with cache
        uses: jfrog/.github/actions/install-go-with-cache@main

      - uses: jfrog/frogbot@v2
        env:
          # [Mandatory]
          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
          JF_URL: ${{ secrets.FROGBOT_URL }}

          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
          # JFrog access token with 'read' permissions on Xray service
          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}

          # [Mandatory]
          # The GitHub token automatically generated for the job
          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}