Frogbot using wrong URL to download dependencies from private repo that are already downloaded #897
Description
Describe the bug
I have a maven project that I install using mvn install before running Frogbot. This means that the dependencies have already been pulled to the machine but for some reason Frogbot still tries to download the dependencies from the remote repository. I understand that this may be caused by maven and my project's setup, but I'm passing Frogbot the exact same maven command that succeeds earlier in my build - I wonder if it's ignoring it? The issue with the downloading is that artifacts are available from our repository using the path https://my-company.jfrog.io/, but Frogbot is attempting to pull them from https://my-company.jfrog.io/artifactory/ and is failing.
I would expect that Frogbot can access my maven dependencies the same way that maven can when running outside of Frogbot.
I'm able to scan my project without issues using the CLI, but I want to use some particular functionality that's only in the bot.
Current behavior
Logs:
/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request
18:05:12 [Info] Frogbot version: 2.27.1
18:05:13 [Info] Successfully downloaded frogbot-config.yml file from <my-repo/refs/pull/46/merge>
18:05:13 [Info] Running Frogbot "scan-pull-request" command
18:05:14 [Info] Scanning Pull Request #46 (from source branch: to target branch: )
18:05:14 [Info] -----------------------------------------------------------
18:05:14 [Info] Getting resources (git repository: my-repo.git) active watches...
18:05:15 [Info] Found 0 active watches in the following resources - git repository: my-repo.git
18:05:15 [Info] Downloading source branch code...
18:05:16 [Info] my-repo repository downloaded successfully. Starting with repository extraction...
18:05:16 [Info] Extracted repository successfully
18:05:16 [Info] my-repo repository downloaded successfully. Starting with repository extraction...
18:05:16 [Info] Extracted repository successfully
18:05:18 [Info] Calculating Maven dependencies...
18:05:21 [Info] [INFO] Scanning for projects...
[INFO] Artifact dependency:pom:2.0.2 is present in the local repository, but cached from a remote repository ID that is unavailable in current build context, verifying that is downloadable from [artifactory (https://my-company.jfrog.io/artifactory/my-dependency-repo, default, releases+snapshots)]
[INFO] Artifact dependency:pom:2.0.2 is present in the local repository, but cached from a remote repository ID that is unavailable in current build context, verifying that is downloadable from [artifactory (https://my-company.jfrog.io/artifactory/my-dependency-repo, default, releases+snapshots)]
[INFO] Downloading from artifactory: https://my-company.jfrog.io/artifactory/my-dependency-repo/dependency/2.0.2/dependency-2.0.2.pom
Error: ] Some problems were encountered while processing the POMs:
Error: Non-resolvable import POM: The following artifacts could not be resolved: dependency:pom:2.0.2 (present, but unavailable): Could not find artifact dependency:pom:2.0.2 in artifactory (https://my-company.jfrog.io/artifactory/my-dependency-repo) @ line 28, column 25
Reproduction steps
Frogbot step:
- uses: jfrog/frogbot@v2
env:
JF_URL: https://my-company.jfrog.io
JF_USER: ${{ secrets.ARTIFACTORY_USERNAME }}
JF_PASSWORD: ${{ secrets.ARTIFACTORY_TOKEN }}
JF_GIT_TOKEN: ${{ secrets.TROY_FROGBOT_GITHUB_KEY }}
JF_INSTALL_DEPS_CMD: maven -o -f $SERVICE_NAME/pom.xml -s=$SERVICE_NAME/settings.xml install -DskipTests -DmavenUser=${{ secrets.ARTIFACTORY_USERNAME }} -DmavenPassword=${{ secrets.ARTIFACTORY_TOKEN }}
JF_DEPS_REPO: my-dependency-repo(Normally don't use -o option but was trying it to get around this downloading error)
Expected behavior
No response
JFrog Frogbot version
2.27.1
Package manager info
Maven, my-service/pom.xml.
Git provider
GitHub
JFrog Frogbot configuration yaml file
No response
Operating system type and version
ubuntu-latest
JFrog Xray version
No response