From c366f56e76be65017c8e360b563145dff6e2842c Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 14:45:12 +0530 Subject: [PATCH 01/13] Create frogbot.yaml --- .github/workflows/frogbot.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/frogbot.yaml diff --git a/.github/workflows/frogbot.yaml b/.github/workflows/frogbot.yaml new file mode 100644 index 0000000000..67b144c104 --- /dev/null +++ b/.github/workflows/frogbot.yaml @@ -0,0 +1,17 @@ +name: "Frogbot Scan" +on: + pull_request: + types: [opened, synchronize] +permissions: + pull-requests: write + contents: write + security-events: write +jobs: + frogbot-scan: + runs-on: ubuntu-latest + steps: + - uses: jfrog/frogbot@v2 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 3b7092cf9ee375bc84a5647a7ccb7f9f425bcda1 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 14:57:19 +0530 Subject: [PATCH 02/13] Update frogbot.yaml --- .github/workflows/frogbot.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/frogbot.yaml b/.github/workflows/frogbot.yaml index 67b144c104..88148feb9f 100644 --- a/.github/workflows/frogbot.yaml +++ b/.github/workflows/frogbot.yaml @@ -5,7 +5,6 @@ on: permissions: pull-requests: write contents: write - security-events: write jobs: frogbot-scan: runs-on: ubuntu-latest @@ -14,4 +13,4 @@ jobs: env: JF_URL: ${{ secrets.JF_URL }} JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + JF_GIT_TOKEN: ${{ secrets.JF_GIT_TOKEN }} From d382e489028a9735242d1317499d81d0085aa992 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:04:24 +0530 Subject: [PATCH 03/13] Update package.json --- npm-example/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npm-example/package.json b/npm-example/package.json index fb3158a09c..6846c6d195 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -5,9 +5,9 @@ "start": "node helloworld" }, "dependencies": { - "send": "^0.16.2" + "send": "0.11.0" }, "devDependencies": { - "debug": "^4.1.1" + "debug": "2.0.0" } } From d1dc12a170025fe324e47c44c919f6422a5018a6 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:14:18 +0530 Subject: [PATCH 04/13] Create frogbot.yml --- .github/workflows/frogbot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/frogbot.yml diff --git a/.github/workflows/frogbot.yml b/.github/workflows/frogbot.yml new file mode 100644 index 0000000000..88148feb9f --- /dev/null +++ b/.github/workflows/frogbot.yml @@ -0,0 +1,16 @@ +name: "Frogbot Scan" +on: + pull_request: + types: [opened, synchronize] +permissions: + pull-requests: write + contents: write +jobs: + frogbot-scan: + runs-on: ubuntu-latest + steps: + - uses: jfrog/frogbot@v2 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + JF_GIT_TOKEN: ${{ secrets.JF_GIT_TOKEN }} From e8325fb349431745321c102bd46403187295d631 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:14:29 +0530 Subject: [PATCH 05/13] Delete .github/workflows/frogbot.yaml --- .github/workflows/frogbot.yaml | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .github/workflows/frogbot.yaml diff --git a/.github/workflows/frogbot.yaml b/.github/workflows/frogbot.yaml deleted file mode 100644 index 88148feb9f..0000000000 --- a/.github/workflows/frogbot.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name: "Frogbot Scan" -on: - pull_request: - types: [opened, synchronize] -permissions: - pull-requests: write - contents: write -jobs: - frogbot-scan: - runs-on: ubuntu-latest - steps: - - uses: jfrog/frogbot@v2 - env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - JF_GIT_TOKEN: ${{ secrets.JF_GIT_TOKEN }} From 945aaca151937d0e8e5cd5e4988a9330ec3fd317 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:17:54 +0530 Subject: [PATCH 06/13] Update package.json --- npm-example/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npm-example/package.json b/npm-example/package.json index fb3158a09c..6846c6d195 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -5,9 +5,9 @@ "start": "node helloworld" }, "dependencies": { - "send": "^0.16.2" + "send": "0.11.0" }, "devDependencies": { - "debug": "^4.1.1" + "debug": "2.0.0" } } From bd3da630a96dc6b395eb2047299ecf4f10d1b945 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:21:27 +0530 Subject: [PATCH 07/13] Update package.json --- npm-example/package.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/npm-example/package.json b/npm-example/package.json index 6846c6d195..11581f129b 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -11,3 +11,5 @@ "debug": "2.0.0" } } + + From aa83cf59d25d61ce467d0fbdc9a727aa1f7c6fd8 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:27:37 +0530 Subject: [PATCH 08/13] Update package.json --- npm-example/package.json | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/npm-example/package.json b/npm-example/package.json index 11581f129b..73bf15428d 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -1,15 +1,13 @@ { - "name": "npm-example", - "version": "0.0.3", - "scripts": { - "start": "node helloworld" - }, - "dependencies": { - "send": "0.11.0" - }, - "devDependencies": { - "debug": "2.0.0" - } +  "name": "npm-example", +  "version": "0.0.3", +  "scripts": { +    "start": "node helloworld" +  }, +  "dependencies": { +    "send": "^0.16.2" +  }, +  "devDependencies": { +    "debug": "^4.1.1" +  } } - - From e946ba4955be2cb9b433360ed325a50bc22e91f1 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:28:35 +0530 Subject: [PATCH 09/13] Update package.json From 3317cfddd4b1aefb2cf228f096f54a0acf33bdc6 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 15:41:27 +0530 Subject: [PATCH 10/13] Update package.json --- npm-example/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/npm-example/package.json b/npm-example/package.json index 6846c6d195..5994e49d2c 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -11,3 +11,4 @@ "debug": "2.0.0" } } + From 855d7b097bfeaf4f9b0ea78bc3b6fa87b7d0b198 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Mon, 9 Mar 2026 16:58:45 +0530 Subject: [PATCH 11/13] Update frogbot.yml --- .github/workflows/frogbot.yml | 41 +++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/.github/workflows/frogbot.yml b/.github/workflows/frogbot.yml index 88148feb9f..ff249c0c73 100644 --- a/.github/workflows/frogbot.yml +++ b/.github/workflows/frogbot.yml @@ -1,16 +1,35 @@ -name: "Frogbot Scan" +name: "CLA Assistant" on: - pull_request: - types: [opened, synchronize] -permissions: - pull-requests: write - contents: write + # issue_comment triggers this action on each comment on issues and pull requests + issue_comment: + types: [created] + pull_request_target: + types: [opened,synchronize] + jobs: - frogbot-scan: + CLAssistant: runs-on: ubuntu-latest steps: - - uses: jfrog/frogbot@v2 + - uses: actions-ecosystem/action-regex-match@v2 + id: sign-or-recheck + with: + text: ${{ github.event.comment.body }} + regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheckcla)\s*' + + - name: "CLA Assistant" + if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }} + # Alpha Release + uses: cla-assistant/github-action@v2.1.1-beta env: - JF_URL: ${{ secrets.JF_URL }} - JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - JF_GIT_TOKEN: ${{ secrets.JF_GIT_TOKEN }} + # Generated and maintained by github + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # JFrog organization secret + JF_ACCESS_TOKEN : ${{ secrets.CLA_SIGN_TOKEN }} + with: + path-to-signatures: 'signed_clas.json' + path-to-document: 'https://jfrog.com/cla/' + remote-organization-name: 'jfrog' + remote-repository-name: 'jfrog-signed-clas' + # branch should not be protected + branch: 'master' + allowlist: bot* From 4b04b27d69e854a959586503a03d4e3a04ea7162 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Tue, 10 Mar 2026 09:28:22 +0530 Subject: [PATCH 12/13] test package.json --- npm-example/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm-example/package.json b/npm-example/package.json index 5994e49d2c..e67462beb4 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -1,3 +1,4 @@ + { "name": "npm-example", "version": "0.0.3", @@ -11,4 +12,3 @@ "debug": "2.0.0" } } - From 7bf4b89ee2b1e508bfbee6f7ad90d8d33ddf9185 Mon Sep 17 00:00:00 2001 From: vikith-jfrog Date: Tue, 10 Mar 2026 09:51:58 +0530 Subject: [PATCH 13/13] Update package.json --- npm-example/package.json | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/npm-example/package.json b/npm-example/package.json index e67462beb4..6e0559c034 100644 --- a/npm-example/package.json +++ b/npm-example/package.json @@ -1,14 +1,8 @@ - { - "name": "npm-example", - "version": "0.0.3", - "scripts": { - "start": "node helloworld" - }, + "name": "my-project", + "version": "1.0.0", "dependencies": { - "send": "0.11.0" - }, - "devDependencies": { - "debug": "2.0.0" + "lodash": "4.17.15", + "debug": "4.4.2" } }