From: Lott, Christopher (cl778h) Date: Thu, 19 Mar 2020 20:32:38 +0000 (-0400) Subject: Stop on error in nexus-iq-cli.sh script X-Git-Tag: v0.52.0^0 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F59%2F63459%2F1;p=releng%2Fglobal-jjb.git Stop on error in nexus-iq-cli.sh script Revise script nexus-iq-cli.sh to stop on error or unbound variable. This should fail the build if the scanner returns a non-zero code, for example if credentials are missing or wrong. Change-Id: I39f7ae9d6ba552ff3e3f3dd13df5bf998372e20f Signed-off-by: Lott, Christopher (cl778h) --- diff --git a/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml b/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml new file mode 100644 index 00000000..7559456d --- /dev/null +++ b/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Revise script nexus-iq-cli.sh to stop on error or unbound variable. + This should fail the build if the scanner returns a non-zero code, + for example if credentials are missing or wrong. diff --git a/shell/nexus-iq-cli.sh b/shell/nexus-iq-cli.sh index 6dd44309..b4f8cef5 100644 --- a/shell/nexus-iq-cli.sh +++ b/shell/nexus-iq-cli.sh @@ -9,15 +9,23 @@ # http://www.eclipse.org/legal/epl-v10.html ############################################################################## echo "---> nexus-iq-cli.sh" -# This script downloads nexus-iq-cli-1.44.0-01.jar and uses it to perform an -# XC Evaluation or extended report which provides a scan of python files within -# the repo +# This script downloads the specified version of the nexus-iq-cli jar, uses it +# to perform an XC Evaluation or extended report which provides a scan of python +# files within the repo starting at the root, then publishes the result to an LF +# server using the specified credentials. +# stop on error or unbound variable +set -eu +# do not print commands, credentials should not be logged set +x CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" +echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION" wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}" echo "-a" > cli-auth.txt echo "${CLM_USER}:${CLM_PASSWORD}" >> cli-auth.txt +echo "INFO: running nexus-iq-cli scan on project $CLM_PROJECT_NAME" java -jar "${CLI_LOCATION}" @cli-auth.txt -xc -i "${CLM_PROJECT_NAME}" -s https://nexus-iq.wl.linuxfoundation.org -t build . rm cli-auth.txt rm "${CLI_LOCATION}" + +echo "---> nexus-iq-cli.sh ends"