Compare revisions

Pierre Smeyers · to be continuous bot · to be continuous bot · Michael Kebe · Clement Bois · semantic-release-bot
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,13 +12,12 @@ include:
    inputs:
      check-links-job-tags: ["docker"]
      tbc-check-job-tags: ["docker"]
-      tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master
+      tbc-check-image: cicd-docker-dev.artifact.tecnalia.dev/tbc-check:master
      gitlab-ci-lint-job-tags: ["docker"]
  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
    inputs:
      kicker-validation-job-tags: ["docker"]
-      schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
-      yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest"
+      schema-base-url: "https://git.code.tecnalia.dev/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
    inputs:
      bash-shellcheck-job-tags: ["docker"]

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-## [3.11.1](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/maven/compare/3.11.0...3.11.1) (2024-07-26)
+# [4.1.0](https://gitlab.com/to-be-continuous/maven/compare/4.0.2...4.1.0) (2025-01-20)
+
+
+### Features
+
+* **JaCoCo:** add JaCoCo Coverage Reports integration ([1f997a1](https://gitlab.com/to-be-continuous/maven/commit/1f997a18c61d7eb4fe8b9af1ee828893ec70929b))
+
+## [4.0.2](https://gitlab.com/to-be-continuous/maven/compare/4.0.1...4.0.2) (2024-12-29)
+
+
+### Bug Fixes
+
+* use --pkg-types instead of deprecated --vuln-type ([131a821](https://gitlab.com/to-be-continuous/maven/commit/131a821501a6140f9726fa75beb7e18f2c5f5d6f))
+
+## [4.0.1](https://gitlab.com/to-be-continuous/maven/compare/4.0.0...4.0.1) (2024-12-10)
+
+
+### Bug Fixes
+
+* add Git branch slug in SNAPSHOT versions for Merge Request ([afcc0b0](https://gitlab.com/to-be-continuous/maven/commit/afcc0b0ccbc09118264412e3075ee8003bcb1dbc))
+
+# [4.0.0](https://gitlab.com/to-be-continuous/maven/compare/3.11.4...4.0.0) (2024-11-26)
+
+
+### Code Refactoring
+
+* **jib/trivy:** enforce usage of Trivy environment variables ([e62f19e](https://gitlab.com/to-be-continuous/maven/commit/e62f19e98367595b58f07d9275371f75697dc33c))
+
+
+### BREAKING CHANGES
+
+* **jib/trivy:** 2 Trivy configuration params removed in favor of the native Trivy environment variables
+
+## [3.11.4](https://gitlab.com/to-be-continuous/maven/compare/3.11.3...3.11.4) (2024-10-24)
+
+
+### Bug Fixes
+
+* set trivy artifact expiration ([fe96b4a](https://gitlab.com/to-be-continuous/maven/commit/fe96b4ae9b2bff3fe803e5aa47ff670c6eccd38f))
+
+## [3.11.3](https://gitlab.com/to-be-continuous/maven/compare/3.11.2...3.11.3) (2024-10-04)
+
+
+### Bug Fixes
+
+* **release:** support full semantic-versioning specifcation (with prerelease and build metadata) ([3d627c0](https://gitlab.com/to-be-continuous/maven/commit/3d627c0a462e898b4502c515e59b38efc14ee499))
+
+## [3.11.2](https://gitlab.com/to-be-continuous/maven/compare/3.11.1...3.11.2) (2024-09-10)


 ### Bug Fixes

-* **jib:** correct the artifacts paths and reports definition ([bbde711](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/maven/commit/bbde711e6d8566ee93da393c35bcfb3fdd0c5a2d)), closes [#62](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/maven/issues/62)
+* Add fail function. fixes [#67](https://gitlab.com/to-be-continuous/maven/issues/67) ([31c979c](https://gitlab.com/to-be-continuous/maven/commit/31c979caece4f247b34477e6cab37158ea29eae4))

 ## [3.11.1](https://gitlab.com/to-be-continuous/maven/compare/3.11.0...3.11.1) (2024-07-15)


--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven@3.11.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven@4.1.0
    # 2: set/override component inputs
    inputs:
      # ⚠ this is only an example
@@ -30,7 +30,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/maven'
-    ref: '3.11.1'
+    ref: '4.1.0'
    file: '/templates/gitlab-ci-maven.yml'

 variables:
@@ -90,14 +90,15 @@ to compute code coverage during unit tests execution.

 In addition it makes the necessary to [integrate code coverage stats into your GitLab project](https://docs.gitlab.com/ee/ci/testing/code_coverage.html#view-code-coverage-results-in-the-mr) (report badge and viewable coverage in merge requests).

-If yo want to fix the JaCoCo plugin version or tweak the default configuration, you may have to configure the
+If you want to fix the JaCoCo plugin version or tweak the default configuration, you may have to configure the
 [JaCoCo Maven Plugin](https://www.eclemma.org/jacoco/trunk/doc/maven.html) in your `pom.xml`, but be aware of the
 following:

 * do not declare JaCoCo executions for `prepare-agent` and `report` goals as each would run twice during
  unit tests (not necessarily with the expected configuration). If you really need to do so anyway, you'll have to
  override the `$MAVEN_BUILD_ARGS` variable to remove the explicit invocation to JaCoCo goals.
-* make sure the `report` goal computes a CSV report, that is used by the Maven template to compute the global coverage stat.
+* make sure the `report` goal computes a CSV report (that's default behavior), that is used by the Maven template to compute the global coverage stat,
+* make sure the `report` goal computes an XML report (that's default behavior), that is required to support [GitLab code coverage intergation](https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization/jacoco.html).

 More info:

@@ -490,11 +491,17 @@ The template uses GitLab registries and authentication defaults. See the Docker
 | -------------------------------------- | ------------------------ | ------------------------------------------------- |
 | `sbom-image` / `MAVEN_SBOM_IMAGE` | The image used to perform and complete the Security Bill of Materials | `registry.hub.docker.com/anchore/syft:debug` |
 | `sbom-opts` / `MAVEN_SBOM_OPTS` | SBOM options to complete the Security Bill of Materials  | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger,nix-store-cataloger,java`          |
-| `trivy-security-level-threshold` / `MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD` | Security level which fails the `mvn-trivy` job | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
 | `trivy-image` / `MAVEN_TRIVY_IMAGE` | The image to perform container security scanning  | `registry.hub.docker.com/aquasec/trivy:latest` |
 | `trivy-args` / `MAVEN_TRIVY_ARGS` | Arguments for the execution of Trivy | `--ignore-unfixed --vuln-type os` |
 | `mvn-trivy-job-tags` / `MVN_TRIVY_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |

+Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options).
+Examples:
+
+* `TRIVY_SEVERITY`: severities of security issues to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)
+* `TRIVY_SERVER`: server address (enables client/server mode)
+* `TRIVY_DB_REPOSITORY`: OCI repository to retrieve Trivy Database from
+* `TRIVY_JAVA_DB_REPOSITORY`: OCI repository to retrieve Trivy Java Database from

 ##### Jib build and publish configuration

@@ -536,7 +543,7 @@ All authentication methods should use masked GitLab environment variables.
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven@3.11.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven@4.1.0
  # Jib is implemented as an extension to Maven, and uses supporting features of the TBC Maven template
-  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven-jib@3.11.1
+  - component: $CI_SERVER_FQDN/to-be-continuous/maven/gitlab-ci-maven-jib@4.1.0
 ```
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,7 +27,7 @@ if [[ "$curVer" ]]; then
  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."

  # replace in README
-  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\"/ref: \"$nextVer\"/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
  mv -f README.md.next README.md

  # replace in template and variants

--- a/kicker.json
+++ b/kicker.json
@@ -119,7 +119,7 @@
        },
        {
          "name": "SONAR_TOKEN",
-          "description": "SonarQube authentication token (see https://docs.sonarqube.org/latest/user-guide/user-token/) - depends on your authentication method",
+          "description": "SonarQube authentication token (see https://docs.sonarsource.com/sonarqube-server/latest/user-guide/managing-tokens/) - depends on your authentication method",
          "secret": true
        },
        {
@@ -134,13 +134,13 @@
        },
        {
          "name": "SONAR_BASE_ARGS",
-          "description": "SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)",
+          "description": "SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)",
          "default": "sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",
          "advanced": true
        },
        {
          "name": "SONAR_QUALITY_GATE_ENABLED",
-          "description": "Enables SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._",
+          "description": "Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._",
          "type": "boolean"
        }
      ]
@@ -273,7 +273,7 @@
        {
          "id": "mvn-trivy",
          "name": "Maven Trivy",
-          "description": "[Trivy](https://github.com/aquasecurity/trivy) vulnerability analysis",
+          "description": "[Trivy](https://aquasecurity.github.io/trivy) vulnerability analysis",
          "disable_with": "MAVEN_TRIVY_DISABLED",
          "variables": [
            {
@@ -282,28 +282,10 @@
              "default": "registry.hub.docker.com/aquasec/trivy:latest",
              "advanced": true
            },
-            {
-              "name": "MAVEN_TRIVY_ADDR",
-              "type": "url",
-              "description": "The Trivy server address"
-            },
-            {
-              "name": "MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD",
-              "type": "enum",
-              "values": [
-                "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
-                "LOW,MEDIUM,HIGH,CRITICAL",
-                "MEDIUM,HIGH,CRITICAL",
-                "HIGH,CRITICAL",
-                "CRITICAL"
-              ],
-              "description": "Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)",
-              "default": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
-            },
            {
              "name": "MAVEN_TRIVY_ARGS",
-              "description": "Additional `trivy client` arguments",
-              "default": "--ignore-unfixed --vuln-type os",
+              "description": "Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)",
+              "default": "--ignore-unfixed --pkg-types os",
              "advanced": true
            }
          ]

--- a/templates/gitlab-ci-maven-jib.yml
+++ b/templates/gitlab-ci-maven-jib.yml
@@ -32,22 +32,9 @@ spec:
    trivy-image:
      description: The docker image used to scan images with Trivy
      default: registry.hub.docker.com/aquasec/trivy:latest
-    trivy-addr:
-      description: The Trivy server address
-      default: ''
-    trivy-security-level-threshold:
-      description: 'Severities of vulnerabilities to be displayed (comma separated values:
-        `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)'
-      options:
-      - UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-      - LOW,MEDIUM,HIGH,CRITICAL
-      - MEDIUM,HIGH,CRITICAL
-      - HIGH,CRITICAL
-      - CRITICAL
-      default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
    trivy-args:
-      description: Additional `trivy client` arguments
-      default: --ignore-unfixed --vuln-type os
+      description: Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options)
+      default: --ignore-unfixed --pkg-types os
    sbom-image:
      default: registry.hub.docker.com/anchore/syft:debug
    sbom-opts:
@@ -78,8 +65,8 @@ spec:
 variables:
  MAVEN_SBOM_IMAGE: $[[ inputs.sbom-image ]]
  MAVEN_SBOM_OPTS: $[[ inputs.sbom-opts ]]
-  MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]]
  MAVEN_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
+  MAVEN_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
  MAVEN_TRIVY_ARGS: $[[ inputs.trivy-args ]]
  MAVEN_JIB_SNAPSHOT_IMAGE: $[[ inputs.jib-snapshot-image ]]
  MAVEN_JIB_RELEASE_IMAGE: $[[ inputs.jib-release-image ]]
@@ -87,8 +74,6 @@ variables:
  MAVEN_JIB_PROD_PUBLISH_STRATEGY: $[[ inputs.jib-prod-publish-strategy ]]
  MAVEN_SKOPEO_IMAGE: $[[ inputs.skopeo-image ]]
  MAVEN_JIB_PUBLISH_ARGS: $[[ inputs.jib-publish-args ]]
-  MAVEN_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
-  MAVEN_TRIVY_ADDR: $[[ inputs.trivy-addr ]]

 .mvn-jib-scripts: &mvn-jib-scripts |
  # BEGSCRIPT
@@ -187,26 +172,22 @@ mvn-trivy:
    export TRIVY_PASSWORD=${MAVEN_JIB_REGISTRY_SNAPSHOT_PASSWORD:-${MAVEN_JIB_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
    export basename=$(echo "${MAVEN_JIB_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
    mkdir -p ./reports
-    if [[ -z "${MAVEN_TRIVY_ADDR}" ]]; then
-      log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the MAVEN_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"
-      trivy image --download-db-only
-      export trivy_opts="image"
-    else
-      log_info "You are using Trivy in client/server mode with the following server: ${MAVEN_TRIVY_ADDR}"
-      export trivy_opts="image --server ${MAVEN_TRIVY_ADDR}"
+    if [[ -z "$TRIVY_SERVER" ]]; then
+      log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the TRIVY_SERVER variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"
    fi
-    # Add common trivy arguments
-    export trivy_opts="${trivy_opts} --no-progress --severity ${MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD} ${MAVEN_TRIVY_ARGS}"
-    # GitLab format (no fail)
-    trivy ${trivy_opts} --format template --exit-code 0 --template "@/contrib/gitlab.tpl" --output reports/docker-trivy-${basename}.gitlab.json $MAVEN_JIB_SNAPSHOT_IMAGE
-    # JSON format (no fail)
-    if [[ "$DEFECTDOJO_TRIVY_REPORTS" ]]
-    then
-      trivy ${trivy_opts} --format json --exit-code 0 --output reports/docker-trivy-${basename}.native.json $MAVEN_JIB_SNAPSHOT_IMAGE
-    fi
-    # console output (fail)
-    trivy ${trivy_opts} --format table --exit-code 1 $MAVEN_JIB_SNAPSHOT_IMAGE
+    # Generate the native JSON report that can later be converted to other formats
+    trivy image --no-progress ${MAVEN_TRIVY_ARGS} --exit-code 1 --format json --output reports/jib-trivy-${basename}.native.json $MAVEN_JIB_SNAPSHOT_IMAGE || exit_code=$?
+
+    # Generate a report in the GitLab format
+    trivy convert --format template --template "@/contrib/gitlab.tpl" --output reports/jib-trivy-${basename}.gitlab.json reports/jib-trivy-${basename}.native.json
+
+    # console output
+    trivy convert --format table reports/jib-trivy-${basename}.native.json
+
+    exit $exit_code
  artifacts:
+    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+    expire_in: 1 day
    when: always
    paths:
    - "reports/jib-trivy-*"

--- a/templates/gitlab-ci-maven.yml
+++ b/templates/gitlab-ci-maven.yml
@@ -53,18 +53,18 @@ spec:
      description: SonarQube server url
      default: ''
    sonar-base-args:
-      description: SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)
+      description: SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/)
      default: >-
        sonar:sonar
        -Dsonar.links.homepage=${CI_PROJECT_URL}
        -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
        -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
    sonar-quality-gate-enabled:
-      description: 'Enables SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/)
+      description: 'Enables SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-gates/)
        verification.


-        _Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._'
+        _Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._'
      type: boolean
      default: false
    dependency-check-disabled:
@@ -221,7 +221,7 @@ variables:
  # default integration ref name (pattern)
  INTEG_REF: '/^develop$/'
  # default release tag name (pattern)
-  RELEASE_REF: '/^v?[0-9]+\.[0-9]+\.[0-9]+$/'
+  RELEASE_REF: '/^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9-\.]+)?(\+[a-zA-Z0-9-\.]+)?$/'
  # default configuration directory
  MAVEN_CFG_DIR: $[[ inputs.cfg-dir ]]
  # default settings.xml file path
@@ -235,8 +235,8 @@ variables:
  # Maven build arguments
  MAVEN_BUILD_ARGS: $[[ inputs.build-args ]]
  # Sonar base analysis default args
-  # see: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
-  # default uses branch analysis: https://docs.sonarqube.org/latest/branches/overview/
+  # see: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/analysis-parameters/
+  # default uses branch analysis: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/branch-analysis/introduction/
  SONAR_BASE_ARGS: $[[ inputs.sonar-base-args ]]
  # Dependency Check arguments
  MAVEN_DEPENDENCY_CHECK_ARGS: $[[ inputs.dependency-check-args ]]
@@ -289,6 +289,11 @@ stages:
      echo -e "[\\e[1;91mERROR\\e[0m] $*"
  }

+  function fail() {
+    log_error "$*"
+    exit 1
+  }
+
  function output_coverage() {
    jacoco_reports=$(find . -name "${JACOCO_CSV_REPORT:-jacoco.csv}")

@@ -606,12 +611,12 @@ stages:

  # only on a branch commit, with deploy and "SNAPSHOT with slug" enabled
  function maybe_inject_slug_in_version() {
-    if [[ "$CI_COMMIT_BRANCH" ]] && [[ "$MAVEN_DEPLOY_ENABLED" == "true" ]] && [[ "$MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED" == "true" ]]
+    if [[ -z "$CI_COMMIT_TAG" ]] && [[ "$MAVEN_DEPLOY_ENABLED" == "true" ]] && [[ "$MAVEN_DEPLOY_SNAPSHOT_WITH_SLUG_ENABLED" == "true" ]]
    then
      # check if on non-prod branch
      prod_ref_expr=${PROD_REF#/}
      prod_ref_expr=${prod_ref_expr%/}
-      if [[ ! "$CI_COMMIT_BRANCH" =~ $prod_ref_expr ]]
+      if [[ ! "$CI_COMMIT_REF_NAME" =~ $prod_ref_expr ]]
      then
        # shellcheck disable=SC2086
        pom_version=$(mvn $MAVEN_CLI_OPTS $mvn_settings_opt $java_proxy_args help:evaluate -Dexpression=project.version -q -DforceStdout | tail -n 1)
@@ -633,7 +638,7 @@ stages:
  image: $MAVEN_IMAGE
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "maven", "3.11.1"]
+      command: ["--service", "maven", "4.1.0"]
  before_script:
    - !reference [.mvn-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -664,6 +669,9 @@ mvn-build:
    reports:
      junit:
        - "${MAVEN_PROJECT_DIR}/**/target/*-reports/TEST-*.xml"
+      coverage_report:
+        coverage_format: jacoco
+        path: "${MAVEN_PROJECT_DIR}/**/target/site/jacoco/jacoco.xml"
    paths:
      # version may have been altered
      - "${MAVEN_PROJECT_DIR}/**/pom.xml"
@@ -675,7 +683,7 @@ mvn-sonar:
  stage: test
  extends: .mvn-base
  variables:
-    # see: https://docs.sonarqube.org/latest/analysis/gitlab-integration/#header-4
+    # see: https://docs.sonarsource.com/sonarqube-server/latest/devops-platform-integration/gitlab-integration/setting-up-at-project-level/
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/${MAVEN_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
    GIT_DEPTH: 0 # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
No results found