OIDC Logic Isolation and Backward Compatibility Improvements

[EyalDelarea]

• All tests passed. If this feature is not already covered by the tests, I added new tests.
• I used npm run format for formatting the code before submitting the pull request.

---

🎯 Purpose

This PR introduces a major refactor to the setup-jfrog-cli action to improve readability, testability, and backward compatibility around OpenID Connect (OIDC) authentication. The core goal is to isolate OIDC logic from general utility logic, while ensuring older CLI versions continue to work without regressions.

---

💡 Motivation

Previously, we relied on jf c add with OIDC parameters. However, this approach does not expose the required step outputs (oidc-user, oidc-token) that users depend on for downstream authentication flows (e.g., docker login, helm repo add, etc.).

To solve this:

• We now use jf eot internally to exchange the OIDC token and manually set the access token in configuration.
• This ensures compatibility with older workflows while unlocking output control.

Implementing this flow cleanly across CLI versions required isolating the OIDC logic, which led to a broader refactor to reduce complexity and overhead.

---

✅ What's Included

🧱 Codebase Structure Refactor

• Extracted OIDC-related logic to a new module: oidc-utils.ts
• Split additional logic into:
  • utils.ts (core reusable logic)
  • jobsummary-utils.ts (markdown/summary formatting)
  • types.ts (centralized interfaces)
• Added strict type annotations throughout the codebase per ESLint rules

---

🔐 OIDC Token Exchange Flow

• Uses jf eot if CLI version ≥ 2.75.0
• Falls back to manual exchange if CLI < 2.75.0
• Always sets step outputs:
  • oidc-user
  • oidc-token
• Exports usage tracking flags:
  • JFROG_CLI_USAGE_CONFIG_OIDC
  • JFROG_CLI_USAGE_OIDC_USED

---

🧪 Improved Test Coverage

• Split test suite into:
  • utils.spec.ts
  • oidc-utils.spec.ts
  • jobsummary-utils.spec.ts
• Added cases for:
  • CLI-based vs manual OIDC exchange
  • Step outputs across CLI versions
  • JSON and regex-based CLI output parsing
  • Usage tracking behavior

---

🧬 Integration Workflow Overhaul

• Introduced new matrix-based GitHub Actions workflow: oidc-integration-test.yml
• Runs on:
  • OS: ubuntu, macos, windows
  • CLI versions: 2.74.1, 2.75.0, latest
• Dynamically creates and deletes real OIDC providers + mappings using JFROG_PLATFORM_URL
• Validates:
  • CLI connectivity via jf rt ping
  • Presence of oidc-user and oidc-token outputs
  • Compatibility with naming rules (e.g. replacing . in CLI versions with -)

---

🔍 Why This Matters

• ✅ Enables the action to support both modern and legacy CLI versions without breakage
• ✅ Removes 1000+ lines of entangled logic and paves the way for easier long-term maintenance
• ✅ Ensures plugin authors and integrators can rely on consistent output behavior, no matter the underlying auth mechanism

[asafgabai]

Is there a difference between this test and the one above?

[EyalDelarea]

Yeah, we have a test to make sure we export the steps output with CLI exchange or manual exchange.
They have different flow

[github-actions]

---

🐸 JFrog Frogbot