Skip to content

Fix V3 action and improve OIDC error recognition#1332

Merged
eranturgeman merged 3 commits into
jfrog:v3_erfrom
eranturgeman:fix-v3-action-and-oidc-error-recognition
May 28, 2026
Merged

Fix V3 action and improve OIDC error recognition#1332
eranturgeman merged 3 commits into
jfrog:v3_erfrom
eranturgeman:fix-v3-action-and-oidc-error-recognition

Conversation

@eranturgeman
Copy link
Copy Markdown
Collaborator

@eranturgeman eranturgeman commented May 27, 2026
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.
  • Update documentation about new features / new supported technologies

This PR improves the OIDC mechanism error detection and fix some issues regarding incorrect env vars + fixes the test by removing redundant claim from the id-mapping generation
In addition if fixes a local dev issue where when working on action files all node_modules including devDependencies are being pushed

Tests are validated to pass in a fork

@eranturgeman eranturgeman force-pushed the fix-v3-action-and-oidc-error-recognition branch from eb996bc to 1d61a09 Compare May 27, 2026 11:13
@eranturgeman eranturgeman force-pushed the fix-v3-action-and-oidc-error-recognition branch from 1d61a09 to a0a28c1 Compare May 28, 2026 06:52
@eranturgeman eranturgeman added bug Something isn't working safe to test Approve running integration tests on a pull request labels May 28, 2026
@github-actions github-actions Bot removed the safe to test Approve running integration tests on a pull request label May 28, 2026
@eranturgeman
Fix OIDC token exchange error handling and test
d0b4047 
action/src/utils.ts + action/lib/utils.js:
- Check HTTP status code before parsing response; @actions/http-client
  never throws on 4xx/5xx so failures were previously silent
- Handle OAuth2 error format (error/error_description) in addition to
  JFrog format (errors array)
- Set JF_ACCESS_TOKEN only after validating access_token is present;
  previously undefined coerced to the string "undefined", causing
  frogbot to run with Authorization: Bearer undefined

.github/workflows/oidc-test.yml:
- Remove username from identity mapping token_spec; the referenced user
  did not exist on the test server, causing all token exchanges to fail

action/test/main.spec.ts:
- Add explicit string type annotations (ESLint typedef rule)
- Fix afterEach cleanup: delete JF_PASSWORD not PASSWORD

.gitignore + action/.husky/pre-commit:
- Add /action/node_modules/ to gitignore to hide devDep untracked files
- Force-add and restore devDeps after prune so IDE stays working
@eranturgeman eranturgeman force-pushed the fix-v3-action-and-oidc-error-recognition branch from 3253e59 to d0b4047 Compare May 28, 2026 09:50
@eranturgeman eranturgeman requested a review from attiasas May 28, 2026 10:22
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label May 28, 2026
@github-actions github-actions Bot removed the safe to test Approve running integration tests on a pull request label May 28, 2026
attiasas
attiasas approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eranturgeman eranturgeman merged commit 72e741e into jfrog:v3_er May 28, 2026
23 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@attiasas attiasas attiasas approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eranturgeman @attiasas