2 # SPDX-License-Identifier: EPL-1.0
3 ##############################################################################
4 # Copyright (c) 2020 The Linux Foundation and others.
6 # All rights reserved. This program and the accompanying materials
7 # are made available under the terms of the Eclipse Public License v1.0
8 # which accompanies this distribution, and is available at
9 # http://www.eclipse.org/legal/epl-v10.html
10 ##############################################################################
11 echo "---> nexus-iq-python-cli.sh"
12 # This script downloads the specified version of the nexus-iq-cli jar, uses it
13 # to analyze the Python project dependencies from the specified requirements file,
14 # then publishes the result to an LF server using the specified credentials.
16 # stop on error or unbound variable
18 # do not print commands, credentials should not be logged
21 # shellcheck disable=SC1090
24 lf-activate-venv --python python3 --venv-file /tmp/.nexusiq virtualenv
26 CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar"
27 echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION"
28 wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}"
29 echo "-a" > cli-auth.txt
30 echo "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" >> cli-auth.txt
31 if [ -z "${NEXUS_TARGET_BUILD}" ]; then
32 echo "WARN: NEXUS_TARGET_BUILD has not been set"
34 echo "INFO: running nexus-iq-cli on project $NEXUS_IQ_PROJECT_NAME and target: ${NEXUS_TARGET_BUILD}"
35 echo "Downloading Python dependencies into target directory"
36 python3 -m pip download -r requirements.txt -d "${NEXUS_TARGET_BUILD}"
37 # result.json is a mystery
38 # Do NOT double-quote ${NEXUS_TARGET_BUILD} below; causes breakage
39 # shellcheck disable=SC2086
40 java -jar "${CLI_LOCATION}" @cli-auth.txt \
41 -s https://nexus-iq.wl.linuxfoundation.org -i "${NEXUS_IQ_PROJECT_NAME}" \
42 -t build -r result.json ${NEXUS_TARGET_BUILD}
46 echo "---> nexus-iq-python-cli.sh ends"