chore: configuring Jfrog OIDC

[sylus]

Migrate to OIDC Authentication for Enhanced Security

There are still some upstream bugs that need to be merged:

• https://github.com/jfrog/jfrog-cli/issues/2994
• Add project key scope to indexer downloading jfrog/jfrog-cli-security#563
• Add Xray API to download Indexer jfrog/jfrog-client-go#1179

Summary

This pull request migrates all GitHub Actions workflows from secret-based authentication to OpenID Connect (OIDC) for secure, credential-less access to JFrog Artifactory.

What Changed

Security Improvements

• Removed stored secrets: Eliminated JFROG_USERNAME and JFROG_JWT_TOKEN from repository secrets
• Added OIDC authentication: Implemented workflow-specific identity mappings
• Enhanced permissions: Added id-token: write to all jobs requiring JFrog access
• Token expiration: Limited authentication tokens to 10 minutes maximum

Files Modified

• .github/workflows/java-app.yml - Updated Java workflow with OIDC
• .github/workflows/python-app.yml - Updated Python workflow with OIDC
• .github/workflows/node-app.yml - Updated Node.js workflow with OIDC
• .github/workflows/update-chainguard-digests.yml - Updated digest update workflow with OIDC
• docs/quickstart.md - Added OIDC configuration documentation

Technical Changes

• JFrog CLI Setup: Replaced secret-based auth with OIDC provider configuration
• Docker Login: Changed from credential-based to jf docker-login command
• Frogbot Configuration: Updated to use OIDC environment variables
• Permissions: Added id-token: write to all relevant workflow jobs

Thanks to @KingBain for Jfrog OIDC

[github-actions]

Note

---

Frogbot also supports Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning. These features are included as part of the JFrog Advanced Security package, which isn't enabled on your system.

---

🐸 JFrog Frogbot

[sylus]

So this is supposed to work now with 2.78.3 and I think @KingBain got it to work, so I'm very confused lol.