Skip to content
Snippets Groups Projects
Commit 141cc794 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'master' into 'master'

fix: add MAVEN_DEPENDENCY_CHECK_DISABLED variable

See merge request to-be-continuous/maven!42
parents 1f88138e 912e0f39
Branches
Tags
No related merge requests found
...@@ -107,8 +107,10 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -107,8 +107,10 @@ It is bound to the `test` stage, and uses the following variables:
| Name | description | default value | | Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- | | --------------------- | -------------------------------------- | ----------------- |
| `MAVEN_DEPENDENCY_CHECK_DISABLED` | Set to `true` to disable this job | _none_ |
| `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` | | `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` |
A Dependency Check is a quite long operation and therefore the job is configured to be ran __manually__ by default. A Dependency Check is a quite long operation and therefore the job is configured to be ran __manually__ by default.
However, if you want to enable an automatic Dependency-Check scan, you will have to override the `rules` keyword for the `mvn-dependency-check` job. However, if you want to enable an automatic Dependency-Check scan, you will have to override the `rules` keyword for the `mvn-dependency-check` job.
......
...@@ -84,6 +84,7 @@ ...@@ -84,6 +84,7 @@
"id": "dependency-check", "id": "dependency-check",
"name": "Dependency-Check", "name": "Dependency-Check",
"description": "[Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) analysis", "description": "[Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) analysis",
"disable_with": "MAVEN_DEPENDENCY_CHECK_DISABLED",
"variables": [ "variables": [
{ {
"name": "MAVEN_DEPENDENCY_CHECK_ARGS", "name": "MAVEN_DEPENDENCY_CHECK_ARGS",
...@@ -97,13 +98,7 @@ ...@@ -97,13 +98,7 @@
"id": "forbid-snapshot-dependencies", "id": "forbid-snapshot-dependencies",
"name": "Snapshot dependencies verification", "name": "Snapshot dependencies verification",
"description": "This job verifies your project has no _snapshot_ dependencies. Failure is allowed in feature branches.", "description": "This job verifies your project has no _snapshot_ dependencies. Failure is allowed in feature branches.",
"variables": [ "disable_with": "MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED"
{
"name": "MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED",
"description": "Disable the job",
"type": "boolean"
}
]
}, },
{ {
"id": "publish", "id": "publish",
......
...@@ -459,6 +459,9 @@ mvn-dependency-check: ...@@ -459,6 +459,9 @@ mvn-dependency-check:
paths: paths:
- "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*" - "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*"
rules: rules:
# exclude if disable
- if: '$MAVEN_DEPENDENCY_CHECK_DISABLED == "true"'
when: never
# on schedule: auto # on schedule: auto
- if: '$CI_PIPELINE_SOURCE == "schedule"' - if: '$CI_PIPELINE_SOURCE == "schedule"'
allow_failure: true allow_failure: true
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment