Configure JFROG CLI and Xray through the GitLab pipeline for dotnet project

Question

I would like to configure build artifacts and dependencies scan for vulnerabilities and license violations for a .NET project through the pipeline. I am new to JFrog Artifactory and Xray and currently my pipeline is failing with error:

[Error] resolver information is missing within /builds/project-name/.jfrog/projects/dotnet.yaml

I followed this documentation. It's never mentioned that I have to have this file and I can't find how this file should look like in their docs. Did someone else had similar issue?

This is current state of my configuration file for GitLab's pipeline:

......
    xray:
      stage: Xray
      image: mcr.microsoft.com/dotnet/sdk:3.1
      before_script:
        - PROXY_ADDRESS="${PROXY_ADDRESS}"
        - chmod +x add-proxy.sh
        - ./add-proxy.sh "PROXY_ADDRESS"
        - source /etc/profile.d/proxy.sh
      script:
        - apt update && apt upgrade --yes
        - apt install curl --yes
        - curl -fL https://getcli.jfrog.io | sh
        - ./jfrog config add project-name --artifactory-url="${JFROG_FULL_URL}" --user="${JFROG_USER}" --access-token="${JFROG_TOKEN}"
        - ./jfrog config show
        - ./jfrog config use project-name
        - ./jfrog rt dotnet-config
        - ./jfrog rt dotnet restore -s nuget.config --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID
        - ./jfrog rt dotnet pack ./project-name/project-name.csproj --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID
        - ./jfrog rt build-collect-env $CI_JOB_NAME $CI_JOB_ID
        - ./jfrog rt build-add-git $CI_JOB_NAME $CI_JOB_ID
        - ./jfrog rt build-publish $CI_JOB_NAME $CI_JOB_ID
        - ./jfrog rt build-scan $CI_JOB_NAME $CI_JOB_ID

Error is thrown on this line:

- ./jfrog rt dotnet restore -s nuget.config --build-name=$CI_JOB_NAME --build-number=$CI_JOB_ID

Can you verify you aren't missing a repository for dependencies resolution? --repo-resolve — shaibz, Dec 21 '22 at 13:52

Prostagma · Answer 1 · 2022-12-21T14:28:23.720

The jfrog rt dotnet-config command is an interactive command by default.

The command creates a project configuration used by the jfrog rt dotnet command.

Since you are running it in CI, you may provide the config command your resolution details with flags. See the command help for more info:

$ jfrog dotnet-config -h

Name:
  jfrog dotnet-config - Generate dotnet configuration.

Usage:
  jfrog dotnet-config [command options]

Options:
  --global               [Default: false] Set to true if you'd like the configuration to be global (for all projects). Specific projects can override the global configuration.
  --nuget-v2             [Default: false] Set to true if you'd like to use the NuGet V2 protocol when restoring packages from Artifactory.
  --repo-resolve         [Optional] Repository for dependencies resolution.
  --server-id-resolve    [Optional] Artifactory server ID for resolution. The server should configured using the 'jfrog c add' command.

P.S:

This blog is a bit outdated, and still suggests using an older version of JFrog CLI.

Since you are configuring a new pipeline, I suggest upgrading to JFrog CLI v2. It requires a bit of modifications to your script, but since v1 hardly gets any updates now, it should be worth the effort.

The installation command should change to curl -fL https://install-cli.jfrog.io | sh, which will install the CLI globally, with the new executable name jf. This means ./jfrog in your script should be changed to jf.

Dotnet commands were moved to the jf namespace (./jfrog rt dotnet ... -> jf dotnet ...)

All changes are documented here.

Hi Prostagma, thank you for your answer. I already tried to configure in my pipeline JFrog CLI v2 but in a different way and it didn't work. Thanks to your comment I have managed to achieve this. Regarding my first issue :) I have reconfigured dotnet-config line like this jf rt dotnet-config --nuget-v2=false --repo-resolve=https://www.nuget.org --server-id-resolve=project-name and now error is thrown: Unable to load the service index for source https://company_artifactory_path/api/nuget/v3/https:/www.nuget.org. [/builds/project-name.sln] — Milica Nikolić, Dec 22 '22 at 10:15
@MilicaNikolić repo-resolve should be a repository in Artifactory. If you wish to resolve from nuget.org, create a remote repository pointing there. Also try replacing `jf rt dotnet-config ...` -> `jf dotnet-config ...`. — Prostagma, Dec 22 '22 at 10:36
I have created remote repo as you suggested but now I am getting this error: [Debug] Sending HTTP GET request to: https://artifactory.company.domain/api/system/version [Debug] Usage Report: failed while attempting to get Artifactory version: server response: 404 Not Found 404 page not found Determining projects to restore... /usr/share/dotnet/sdk/3.1.426/NuGet.targets(128,5): error : Unable to load the service index for source https://artifactory.company.domain/api/nuget/v3/project-nuget-dev-remote. [/builds/project/Project.sln] Do you have any idea how to proceed ? — Milica Nikolić, Dec 30 '22 at 09:30

Configure JFROG CLI and Xray through the GitLab pipeline for dotnet project

1 Answers1