Merge branch 'dev' of https://github.com/jfrog/jfrog-cli into artifac…

…tory-resolution-frogbot-tests

# Conflicts:
#	go.mod
#	go.sum

.github/workflows/pythonTests.yml

@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        suite: [ pip, pipenv, poetry ]
+        suite: [ pip, pipenv ]
         os: [ ubuntu, windows, macos ]
     runs-on: ${{ matrix.os }}-latest
     steps:
@@ -35,9 +35,6 @@ jobs:
       - name: Setup Pipenv
         if: ${{ matrix.suite == 'pipenv' }}
         run: python -m pip install pipenv
-      - name: Setup Poetry
-        if: ${{ matrix.suite == 'poetry' }}
-        run: python -m pip install poetry
       - name: Checkout code
         uses: actions/checkout@v3
         with:

CONTRIBUTING.md

@@ -104,7 +104,6 @@ The available test types are:
 | `-test.go`           | Go tests           |
 | `-test.pip`          | Pip tests          |
 | `-test.pipenv`       | Pipenv tests       |
-| `-test.poetry`       | Poetry tests       |
 | `-test.nuget`        | Nuget tests        |
 | `-test.plugins`      | Plugins tests      |
 | `-test.distribution` | Distribution tests |

distribution_test.go

@@ -445,7 +445,7 @@ func TestUpdateBundleProps(t *testing.T) {
 	cleanDistributionTest(t)
 }
 
-func TestBundlePathMapping(t *testing.T) {
+func TestBundlePathMappingFromPatternAndTarget(t *testing.T) {
 	initDistributionTest(t)
 
 	// Upload files
@@ -465,6 +465,28 @@ func TestBundlePathMapping(t *testing.T) {
 	cleanDistributionTest(t)
 }
 
+func TestBundlePathMappingFromPatternAndTargetUsingSpec(t *testing.T) {
+	initDistributionTest(t)
+
+	// Upload files
+	specFile, err := tests.CreateSpec(tests.DistributionUploadSpecB)
+	assert.NoError(t, err)
+	runRt(t, "u", "--spec="+specFile)
+
+	// Create and distribute release bundle with path mapping from <DistRepo1>/data/ to <DistRepo2>/target/
+	spec, err := tests.CreateSpec(tests.DistributionCreateWithPatternAndTarget)
+	assert.NoError(t, err)
+	runDs(t, "rbc", tests.BundleName, bundleVersion, "--sign", "--spec="+spec)
+	runDs(t, "rbd", tests.BundleName, bundleVersion, "--site=*", "--sync")
+
+	// Validate files are distributed to the target mapping
+	spec, err = tests.CreateSpec(tests.DistributionMappingDownload)
+	assert.NoError(t, err)
+	inttestutils.VerifyExistInArtifactory(tests.GetBundleMappingExpected(), spec, serverDetails, t)
+
+	cleanDistributionTest(t)
+}
+
 func TestBundlePathMappingUsingSpec(t *testing.T) {
 	initDistributionTest(t)
 

documentation/CLI-for-JFrog-Curation.md

@@ -1,68 +1 @@
-JFrog CLI : CLI for JFrog Curation
-======================================
-
-
-Overview
---------
-JFrog Curation enables you to block malicious or risky open-source packages entering your software supply chain.
-What can you do with Curation?
-* Track the open-source packages downloaded by your organization to gain centralized visibility and control.
-* Prevent harmful packages from getting into your software development pipelines.
-* Protect against known and unknown threats, allowing only trusted software packages into your SDLC.
-* Create policies to block packages with known vulnerabilities, malicious code, operational risk, or license compliance issues.
-
-For more information on JFrog Curation and how to set it up, see the JFrog Curation general documentation at https://jfrog.com/help.
-
-JFrog Curation requires [Xray version 3.78.9](https://jfrog.com/help/r/jfrog-release-information/xray-3.78.9) and above, and [Artifactory version 7.63.5](https://jfrog.com/help/r/jfrog-release-information/artifactory-7.63) and above. It also requires Enterprise X and Enterprise + subscriptions.
-
----
-
-### Commands
-
-Audit your Project with JFrog Curation
-
-
-**Note**
-> The **curation-audit** command currently only supports npm projects.
-
-The **jf curation-audit** command enables developers to scan project dependencies to find packages that were blocked by the JFrog curation service. This command provides developers with more detailed information, such as whether the blocked package is the project’s direct dependency or is a transitive dependency. This information helps developers to resolve blocked packages more efficiently as they will be able to make a more informative decision based on what Policy violation occurred and what exactly needs to be resolved.
-
-For each blocked package the CLI provides the violated Curation Policies. The command builds a deep dependencies graph for the project, and requests the Curation status by a HEAD request for each node in the tree. It uses the package manager that is used in the project to build the dependencies graph.
-
-Before running the command, do the following:
-1) Connect the JFrog CLI to your JFrog Platform instance by running the **jf c add** command.
-2) Ensure your project is configured in the JFrog CLI with the repository you would like to resolve dependencies from. Set the repository with the **jf npmc** command inside the project directory.
-   <br><br>
-
-
-|                       |                                                                                                                                   |
-|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------|
-| **Command name**      | curation-audit                                                                                                                    |
-| **Abbreviation**      | ca                                                                                                                                |
-| **Command options**   |                                                                                                                                   |
-| --format              | \[Default: table\]<br><br>Defines the output format of the command. Acceptable values are: table and json.                        |
-| --working-dirs        | \[Optional\]<br><br>A comma separated list of relative working directories, to determine the audit targets locations.             |
-| --threads             | \[Default: 10\]<br><br>The number of parallel threads used to determine the curation status for each package in the project tree. |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-
-#### **Output Example**
-
-![image](images/jf-ca-output.png)
-
-
-**Example 1**
-
-Audit the project in the current directory. Displays all known packages that were blocked by Curation Policies.
-
-	jf curation-audit
-
-**Example 2**
-
-Audit the projects according to the specific paths defined in the "working-dirs" option. Displays all known packages that were blocked by Curation Policies for all projects. The data is displayed in separate tables.
-
-	jf curation-audit --working-dirs="/path/to/project/npm_project1,/path/to/project/npm_project2"
-
-**Example 3**
-
-Audit the project in the current directory using 5 threads to check the packages Curation status in parallel. Displays all known packages blocked by Curation Policies.
-
-	jf curation-audit --threads=5
+The documentation for JFrog CLI has been relocated to [this](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli) website.