From 27eb073ea6f82ed093a13eeee6048e6b0980858f Mon Sep 17 00:00:00 2001
From: Michael Sverdlov <michaelsv@jfrog.com>
Date: Thu, 3 Aug 2023 11:45:38 +0300
Subject: [PATCH] update crypto

Signed-off-by: Michael Sverdlov <michaelsv@jfrog.com>
---
 .github/workflows/frogbot-scan-and-fix.yml | 40 ++++++++++++++++++++++
 .github/workflows/frogbot-scan-pr.yml      | 37 ++++++++++++++++++++
 cli/cli.go                                 |  2 +-
 3 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/frogbot-scan-and-fix.yml
 create mode 100644 .github/workflows/frogbot-scan-pr.yml

diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml
new file mode 100644
index 00000000..aa34c12c
--- /dev/null
+++ b/.github/workflows/frogbot-scan-and-fix.yml
@@ -0,0 +1,40 @@
+name: "Frogbot Scan and Fix"
+on:
+  schedule:
+    # The repository will be scanned once a day at 00:00 GMT.
+    - cron: "0 0 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  create-fix-pull-requests:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # The repository scanning will be triggered periodically on the following branches.
+        branch: [ "dev" ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ matrix.branch }}
+
+      # Install prerequisites
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          # JFrog platform URL
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml
new file mode 100644
index 00000000..d57c83e9
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pr.yml
@@ -0,0 +1,37 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [ opened, synchronize ]
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
+    # "frogbot" GitHub environment can approve the pull request to be scanned.
+    environment: frogbot
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      # Install prerequisites
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/cli/cli.go b/cli/cli.go
index 3a95f07f..59ff3bbd 100644
--- a/cli/cli.go
+++ b/cli/cli.go
@@ -55,7 +55,7 @@ func GetCommands(logger utils.Log) []*clitool.Command {
 				}
 				err = goModule.CalcDependencies()
 				if err != nil {
-					// return
+					return
 				}
 				return printBuild(bld, context.String(formatFlag))
 			},