Запуск действий JFrog Xray Github для проекта Android ⇐ Android

[Anonymous]

Я пытаюсь интегрировать xray в свой конвейер ci/cd, но у меня возникли некоторые трудности.
Вот мой файл .yml:

Код: Выделить всё

name: JFrog - Xray

on:
workflow_dispatch:

jobs:
unit_tests:
name: Run Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2
- uses: actions/setup-java@v4.5.0
with:
distribution: "temurin"
java-version: 17

- name: Change wrapper permissions
run: chmod +x ./gradlew

build:
name: Build and analyze
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2
with:
fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

- name: Authenticate JFrog
uses: jfrog/setup-jfrog-cli@v4.4.1
env:
JF_URL: ${{ secrets.J_FROG_URL }}
JF_USER: ${{ secrets.J_FROG_USERNAME }}
JF_PASSWORD: ${{ secrets.J_FROG_PASSWORD }}

- name: Set up JDK 17
uses: actions/setup-java@v4.5.0
with:
distribution: "temurin"
java-version: 17

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Change wrapper permissions
run: chmod +x ./gradlew

- name: Run Tests and Analysis
run: ./gradlew testsAndAnalysis

scan-repository:
runs-on: ubuntu-latest
strategy:
matrix:
branch: ["main"]

steps:
- uses: actions/setup-java@v4.5.0
with:
distribution: "temurin"
java-version: 17

- uses: jfrog/frogbot@v2
env:
JF_URL: ${{ secrets.J_FROG_URL }}
JF_USER: ${{ secrets.J_FROG_USERNAME }}
JF_PASSWORD: ${{ secrets.J_FROG_PASSWORD }}
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JF_GIT_BASE_BRANCH: ${{ matrix.branch }}

При запуске этого рабочего процесса в моем конвейере появляется следующее:

Код: Выделить всё

  {
"xray_version": "3.107.11",
"jas_entitled": false,
"command_type": "source_code",
"multi_scan_id": "97e80f8e-ac16-11ef-99fe-62877ead494e",
"targets": [
{
"target": "/tmp/jfrog.cli.temp.-1732639850-1331667116",
"technology": "gradle",
"sca_scans": {
"descriptors": [
"/tmp/jfrog.cli.temp.-1732639850-1331667116/app/build.gradle.kts",
"/tmp/jfrog.cli.temp.-1732639850-1331667116/build.gradle.kts",
"/tmp/jfrog.cli.temp.-1732639850-1331667116/buildSrc/build.gradle.kts",
"/tmp/jfrog.cli.temp.-1732639850-1331667116/cropper/build.gradle"
]
}
}
]
}
16:50:52 [Info] Not entitled for JAS, skipping advance security scans...
16:50:52 [Info] Calculating Gradle dependencies...
16:50:52 [Info] Running gradle deps tree command: ./gradlew clean generateDepTrees -I /tmp/jfrog.cli.temp.-1732639852-134659587/gradledeptree.init -q -Dcom.jfrog.depsTreeOutputFile=/tmp/jfrog.cli.temp.-1732639852-134659587/gradledeptree.out -Dcom.jfrog.includeAllBuildFiles=true
16:53:38 [Info] [Thread 0] Running SCA scan for /tmp/jfrog.cli.temp.-1732639850-1331667116 vulnerable dependencies in /tmp/jfrog.cli.temp.-1732639850-1331667116 directory...
16:53:38 [Info] Scanning 341 gradle dependencies...
16:53:38 [Info] Waiting for scan to complete on JFrog Xray...
16:53:54 [Info] Xray scan completed
Error: 7 [Error] the following errors occured while fixing vulnerabilities in '/tmp/jfrog.cli.temp.-1732639850-1331667116':
impacted package 'org.apache.commons:commons-text' was not found or could not be fixed in all descriptor files
Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1

Я везде искал решение, но ничего интуитивного не нашел. Может кто-нибудь сказать мне, что здесь не так, пожалуйста?

Подробнее здесь: https://stackoverflow.com/questions/792 ... id-project