JFrog and GitHub Integration Developer Workflow

JFrog and GitHub Integration Guide

ft:sourceType
Paligo

This section illustrates GitHub and JFrog Integration Developer workflow diagram and the sequence of steps to be followed.

DeveloperActivities.png

Prerequisites

The following are the prerequisites for the developer's workflow:

The following table describes GitHub and JFrog Integration Developer workflow steps:

#

Task

Description

For more information, see...

#

Configure JFrog GitHub Copilot Extension in IDE

Configures JFrog GitHub Copilot Extension in IDE

Configure JFrog GitHub Copilot Extension in IDE

1

Clone Repository

Clones repository

Cloning a repository

2

Create Feature Branch

Creates feature branch

Creating a branch

3

Write Code

Writes code. Use Configure JFrog GitHub Copilot Extension in IDE to speed up development activity.

Configure JFrog GitHub Copilot Extension in IDE

4

Commit Feature Code

Commits feature code to their branch repository

Pushing commits to a remote repository

4.1

Trigger Workflows

Triggers workflows if configured for the commit

NA

5

Create Pull Request (PR)

Creates PR on GitHub and adds reviewers to review their code

Creating a pull request

6

Trigger Workflows

Triggers corresponding workflows. Frogbot scan PR workflow waits for the maintainer's approval

Triggering a workflow

7

Approve Frogbot Scan Workflow

Maintainer approves Frogbot Scan Workflow

Scan GitHub Pull Request

8

Trigger Frogbot Scan Workflow

On maintainer's approval, Frogbot scan PR workflow scans code for security vulnerabilities

NA

8.1

Security Vulnerabilities

If there are any security vulnerabilities, Frogbot opens a PR for resolving the vulnerabilities

Pull Request Scan Results

9

Review PR and Approve

Reviewer reviews the PR and approves it

Approving a pull request with required reviews

10

Merge PR

Developer merges PR with the main branch.

Merging a pull request

11

Trigger Workflows

Triggers workflows, builds artifacts, scans, pushes to Artifactory as per the configuration

Triggering a workflow

11.1

Resolve Dependencies

Resolves dependencies as required by the workflow

N/A

11.2

Generates Job Summary

Generates Job Summary

NA

12

View Job Summary

On successful merging, workflows are triggered and pushes build artifacts to Artifactory and Security results to Xray as configured. The workflow generates a job summary.

View JFrog Job Summary

13

View Security vulnerabilities

View scan results on GitHub Advanced Security Dashboard

View GitHub Advanced Security Results

14

View Build Artifacts and Xray Scans in Artifactory

Refer Artifactory and Xray on JPD platform to learn about the produced artifacts and security results.

Note

From the Job Summary, you can navigate between the job summary and corresponding JFrog Artifactory areas.

View JFrog Job Summary

View Xray Scan Results