{"id":44092411,"url":"https://github.com/jfrog/fly-action","last_synced_at":"2026-04-19T12:03:40.944Z","repository":{"id":320080915,"uuid":"979257755","full_name":"jfrog/fly-action","owner":"jfrog","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-12T10:15:28.000Z","size":241331,"stargazers_count":4,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-12T12:13:00.263Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-07T08:32:22.000Z","updated_at":"2026-04-12T10:15:31.000Z","dependencies_parsed_at":"2025-10-21T21:38:54.168Z","dependency_job_id":"70b1421f-1de4-4169-bfe7-63974e02f33f","html_url":"https://github.com/jfrog/fly-action","commit_stats":null,"previous_names":["jfrog/fly-action"],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/fly-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Ffly-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Ffly-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Ffly-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Ffly-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/fly-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Ffly-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32005837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-08T11:15:06.656Z","updated_at":"2026-04-19T12:03:40.929Z","avatar_url":"https://github.com/jfrog.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Fly Action\n\n[![Scanned by Frogbot](https://raw.githubusercontent.com/jfrog/frogbot/refs/heads/master/images/frogbot-badge.svg)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)\n[![docs](https://img.shields.io/badge/Docs-%F0%9F%93%96-blue)](https://docs.fly.jfrog.com)\n\n\u003c/div\u003e\n\nThis GitHub Action downloads the Fly CLI and configures package managers to use Fly as a registry for dependencies.\n\nFor more information about JFrog Fly, see the [official documentation](https://docs.fly.jfrog.com).\n\n## Features\n\n- ✅ Zero-configuration — tenant resolved automatically from GitHub OIDC token\n- ✅ Supports all package managers available in Fly CLI\n- ✅ Configures all detected package managers with a single command\n- ✅ Upload and download generic artifacts via sub-actions\n- ✅ OIDC authentication only\n- ✅ Allows ignoring specific package managers\n- ✅ Automatic CI session end notification to the Fly server\n- ✅ Retry mechanism with exponential backoff for CI notifications\n- ✅ Exports tenant registry hostname as `FLY_REGISTRY_SUBDOMAIN` environment variable for subsequent steps\n- ✅ Job summary with collected artifacts and transfer results\n\n## Quick Start\n\n```yaml\nname: Build with Fly Registry\non: [push]\n\npermissions:\n  contents: read\n  id-token: write\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      # Setup Fly registry — tenant is resolved automatically from OIDC\n      - name: Setup Fly Registry\n        uses: jfrog/fly-action@v1\n\n      # FLY_REGISTRY_SUBDOMAIN is now available for Docker, Helm, or any registry operation\n      - name: Build and push Docker image\n        run: |\n          docker build -t ${{ env.FLY_REGISTRY_SUBDOMAIN }}/docker/my-app:${{ github.sha }} .\n          docker push ${{ env.FLY_REGISTRY_SUBDOMAIN }}/docker/my-app:${{ github.sha }}\n```\n\n## Upload \u0026 Download Sub-Actions\n\nTransfer generic artifacts to and from Fly storage using dedicated sub-actions.\n\n### Upload\n\n```yaml\n- name: Upload build artifacts\n  uses: jfrog/fly-action/upload@v1\n  with:\n    name: my-app\n    version: '1.0.0'\n    files: |\n      dist/app.zip\n      dist/app.tar.gz\n    exclude: |\n      *.log\n```\n\n| Input | Description | Required |\n| --- | --- | --- |\n| `name` | Package name | Yes |\n| `version` | Package version | Yes |\n| `files` | Files to upload — one per line, supports glob patterns | Yes |\n| `exclude` | Glob patterns to exclude — one per line | No |\n\n### Download\n\n```yaml\n- name: Download artifacts\n  uses: jfrog/fly-action/download@v1\n  with:\n    name: my-app\n    version: '1.0.0'\n    files: |\n      app.zip\n    output-dir: ./downloads\n```\n\n| Input | Description | Required | Default |\n| --- | --- | --- | --- |\n| `name` | Package name | Yes | |\n| `version` | Package version | Yes | |\n| `files` | Remote filenames to download — one per line | Yes | |\n| `output-dir` | Directory to save downloaded files | No | `.` |\n| `exclude` | Glob patterns to exclude — one per line | No | |\n\nBoth sub-actions output a `results` JSON array with per-file status:\n\n```yaml\n- name: Upload\n  id: upload\n  uses: jfrog/fly-action/upload@v1\n  with:\n    name: my-app\n    version: '1.0.0'\n    files: dist/app.zip\n\n- name: Check results\n  run: echo '${{ steps.upload.outputs.results }}'\n```\n\n## OIDC Authentication (Required)\n\nThis action requires OIDC authentication. The OIDC token is used to track uploads and downloads on the Fly server. You must set `permissions: id-token: write` in your workflow file.\n\n```yaml\npermissions:\n  contents: read\n  id-token: write # Required for OIDC authentication\n```\n\nWhen using OIDC authentication:\n\n1. You need to set `permissions: id-token: write` in your workflow file\n2. The action will:\n   - Request an OIDC token from GitHub Actions\n   - Resolve the Fly tenant automatically from the OIDC token's `repository_owner_id` claim\n   - Exchange it for a Fly access token\n   - Use the resulting token to authenticate with Fly\n   - Automatically notify the Fly server when the CI session ends (using GitHub Actions post-job mechanism)\n\n\u003e **Note**: The CI end notification runs automatically as a post-job step. This ensures it executes even if the main action fails, for proper session management on the Fly server. If the CI end notification step itself encounters an error, it will cause the overall workflow to be marked as failed.\n\n## Inputs\n\n| Input | Description | Required | Default |\n| --- | --- | --- | --- |\n| `ignore` | Comma-separated list of package managers to ignore | No | None |\n\n## Environment Variables\n\nAfter the action runs, the following environment variables are available in all subsequent steps:\n\n| Variable | Description |\n| --- | --- |\n| `FLY_REGISTRY_SUBDOMAIN` | Resolved tenant registry hostname (e.g., `acmecorp.jfrog.io`). Use for Docker image tags, Helm OCI refs, etc. |\n| `FLY_URL` | Full Fly tenant URL (e.g., `https://acmecorp.jfrog.io`). Used by the fly CLI and sub-actions. |\n| `FLY_ACCESS_TOKEN` | Short-lived OIDC-derived access token. Used by the fly CLI and sub-actions. Masked in logs via `core.setSecret`. |\n\n```yaml\n- name: Push Docker image\n  run: docker push ${{ env.FLY_REGISTRY_SUBDOMAIN }}/docker/my-app:latest\n\n- name: Push Helm chart\n  run: helm push mychart-1.0.0.tgz oci://${{ env.FLY_REGISTRY_SUBDOMAIN }}/helmoci\n\n- name: Use fly CLI directly\n  run: fly upload --name my-pkg --version 1.0.0 ./artifact.zip\n```\n\n### Trust Model\n\n`FLY_ACCESS_TOKEN` is exported to `GITHUB_ENV` so that sub-actions and `run:` steps can use the fly CLI. This means **any subsequent step in the job** (including third-party actions) can read the token via `process.env`. The token is:\n\n- **Short-lived** — scoped to the CI session, expires when the job ends\n- **Masked in logs** — registered via `core.setSecret` so it won't appear in action output\n- **OIDC-scoped** — derived from the repository's OIDC claims, limited to the tenant\n\nIf you use third-party actions after `jfrog/fly-action`, ensure you trust them with this access level.\n\n## GitHub Enterprise Server (GHES)\n\nOn GitHub Enterprise Server, the default `fly.jfrog.ai` endpoint cannot resolve tenants because GHES installations live in a separate Fly environment.\n\nSet the `CUSTOM_FLY_URL` organization-level variable to your Fly environment URL:\n\n```yaml\nenv:\n  CUSTOM_FLY_URL: https://fly.your-instance.jfrog.info\n\njobs:\n  build:\n    runs-on: self-hosted\n    steps:\n      - uses: jfrog/fly-action@v1\n```\n\nThe action enforces HTTPS on all custom URLs to prevent OIDC token exfiltration.\n\n## Supported Package Managers\n\nThe action supports all package managers that the Fly CLI supports:\n\n- **npm, pnpm, yarn** – Node.js package managers (npm registry)\n- **pip, pipenv, poetry, twine** – Python package managers (PyPI repository)\n- **nuget, dotnet** – .NET package managers (NuGet)\n- **docker, podman** – Container registries (Docker)\n- **helm** – Kubernetes package manager\n- **go** – Go modules\n- **gradle** – Gradle build tool\n- **maven** – Maven build tool\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for information on development setup, testing, and publishing.\n\n## License\n\nThis GitHub Action is licensed under the [Apache-2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Ffly-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Ffly-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Ffly-action/lists"}