If you have not already signed up for a free tier Cloud JFrog account, do so here: https://bit.ly/MelissaWKSHP
Fork and clone the DevRel Github repository
git clone https://github.com/<your_user>/DevRel.git
Navigate to the 'complete' directory:
cd Workshops/DevOps_For_Java_Developers/gs-spring-boot-docker/complete
Build the project!
mvn clean install mvn package && java -jar target/spring-boot-docker-0.1.0.jar
Create repositories
Two LOCAL repositories of type MAVEN:
ws-mvn-snapshot-local ws-mvn-release-local
One REMOTE repository of type MAVEN:
ws-mvn-remote (url: https://repo1.maven.org/maven2/)
One VIRTUAL repository of type MAVEN:
ws-mvn-virtual (add all maven repositories and set default deployment repo to ws-mvn-release-local)
Download and configure the JFrog CLI: https://jfrog.com/getcli/
jfrog rt c
Example settings:
Artifactory server ID: myartifactory (This is a nickname for you to remember. It can be anything you want.) JFrog Artifactory URL: https://SERVERNAME.jfrog.io/artifactory (Use your artifactory URL here. Don't forget the "/artifactory" part! Access token (Leave blank for username and password/API key): (blank) User: USERNAME (This is either the username you use to login to your JFrog Platform instance or any other username you set up) Password/API key: (Your password) For commands which don't use external tools or the JFrog Distribution service, JFrog CLI supports replacing the configured username and password/API key with automatically created access token that's refreshed hourly. Enable this setting? (y/n)? n Is the Artifactory reverse proxy configured to accept a client certificate? (y/n)? n
Configure Maven project to resolve artifacts through Artifactory NOTE: Make sure that you are in the "complete" directory where the .pom file is before running this command
jfrog rt mvn-config
(Set all resolution and deployment repositories to ws-mvn-virtual)
Example settings:
Resolve dependencies from Artifactory? (y/n)? y Set Artifactory server ID: myartifactory (This is the same 'Artifactory server ID' that you set when running `jfrog rt c`) Set resolution repository for release dependencies (press Tab for options): ws-mvn-virtual Set resolution repository for snapshot dependencies (press Tab for options): ws-mvn-virtual Deploy project artifacts to Artifactory? (y/n)? y Set Artifactory server ID: myartifactory (Same setting as above - this is the same 'Artifactory server ID' that you set when running `jfrog rt c`) Set repository for release artifacts deployment (press Tab for options): ws-mvn-virtual Set repository for snapshot artifacts deployment (press Tab for options): ws-mvn-virtual
This configuration will create the following file: .jfrog/projects/maven.yaml
Since you have built this project already with maven in Step 3, all of the project dependencies will be cached in your local maven repository on your machine (they will not be redownloaded). The easiest thing to do is to either remove or backup your local maven repository using one of the following commands:
rm -rf ~/.m2/repository
OR
mv ~/.m2/repository ~/.m2/repository_BAK
With a clean repository, you can now use the JFrog CLI to resolve all of your project dependencies using the following command:
jfrog rt mvn clean install
Create Docker Repositories
Three Docker Repositories (one LOCAL, one REMOTE, one VIRTUAL)
ws-docker-local ws-docker-remote ws-docker-virtual (add both local and remote Docker repositories and set default deployment repo to ws-docker-local)
Containerize!
Change FROM directive in the Dockerfile.
FROM openjdk:8-jdk-alpine
becomes
FROM SERVER_NAME.jfrog.io/VIRTUAL_REPO_NAME/openjdk:8-jdk-alpine
For example:
FROM mjdevops.jfrog.io/ws-docker-virtual/openjdk:8-jdk-alpine
Build and Tag
docker login SERVERNAME.jfrog.io
From the same directory as your Dockerfile, build and tag the image:
mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar)
docker build --tag SERVERNAME.jfrog.io/ws-docker-virtual/workshop:latest .
Pssst! Don’t forget that trailing "." in the Docker build command!
Ensure your artifacts from PART 1 show up in your JFrog Platform instance
Login to your JFrog Platform instance in your browser. You should see artifacts in cache for both your Docker and Maven remote repository caches
ws-docker-remote-cache ws-mvn-remote-cache
Index your repositories
In your JFrog Platform instance, navigate to the Administration module.
Expand the "Xray" menu, click on "Settings", and then choose "Indexed Resources".
The following repositories should be included. Click "Add a Repository" to include any that are missing.
ws-docker-local ws-docker-remote ws-mvn-release-local ws-mvn-remote ws-mvn-snapshot-local
It may take awhile to index all of the artifacts. The index column will indicate the status.
Define a Security Policy
Navigate to the Administration module in your JFrog Platform instance, expand the "Xray" menu and select "Watches & Policies".
Create a new policy called ws-security, of type Security.
Add a Rule called ws-rule and select "High" in the Minimal Severity dropdown.
Define a Watch
Navigate to the Administration module in your JFrog Platform instance, expand the "Xray" menu and select "Watches & Policies".
Create a new watch called ws-watch, with your repositories for your workshop project and your "ws-security" policy assigned to it by clicking "Manage Policies".
Run a Scan
Hover over your Watch and click the "Apply on Existing Content" icon to manually trigger it. (This may take some time to complete)
Setup your XRay integration with the JFrog plugin
Install and configure the plugin with your Xray url and your login credentials.
Example URL setting: https://SERVERNAME.jfrog.io/xray