From: Lott, Christopher (cl778h) <cl778h@att.com>
Date: Thu, 19 Mar 2020 20:32:38 +0000 (-0400)
Subject: Stop on error in nexus-iq-cli.sh script
X-Git-Tag: v0.52.0^0
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F59%2F63459%2F1;p=releng%2Fglobal-jjb.git

Stop on error in nexus-iq-cli.sh script

Revise script nexus-iq-cli.sh to stop on error or unbound variable.
This should fail the build if the scanner returns a non-zero code,
for example if credentials are missing or wrong.

Change-Id: I39f7ae9d6ba552ff3e3f3dd13df5bf998372e20f
Signed-off-by: Lott, Christopher (cl778h) <cl778h@att.com>
---

diff --git a/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml b/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml
new file mode 100644
index 00000000..7559456d
--- /dev/null
+++ b/releasenotes/notes/nexus-iq-cli-stop-on-error-27f6f2224312719e.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Revise script nexus-iq-cli.sh to stop on error or unbound variable.
+    This should fail the build if the scanner returns a non-zero code,
+    for example if credentials are missing or wrong.
diff --git a/shell/nexus-iq-cli.sh b/shell/nexus-iq-cli.sh
index 6dd44309..b4f8cef5 100644
--- a/shell/nexus-iq-cli.sh
+++ b/shell/nexus-iq-cli.sh
@@ -9,15 +9,23 @@
 # http://www.eclipse.org/legal/epl-v10.html
 ##############################################################################
 echo "---> nexus-iq-cli.sh"
-# This script downloads nexus-iq-cli-1.44.0-01.jar and uses it to perform an
-# XC Evaluation or extended report which provides a scan of python files within
-# the repo
+# This script downloads the specified version of the nexus-iq-cli jar, uses it
+# to perform an XC Evaluation or extended report which provides a scan of python
+# files within the repo starting at the root, then publishes the result to an LF
+# server using the specified credentials.
 
+# stop on error or unbound variable
+set -eu
+# do not print commands, credentials should not be logged
 set +x
 CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar"
+echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION"
 wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}"
 echo "-a" > cli-auth.txt
 echo "${CLM_USER}:${CLM_PASSWORD}" >> cli-auth.txt
+echo "INFO: running nexus-iq-cli scan on project $CLM_PROJECT_NAME"
 java -jar "${CLI_LOCATION}" @cli-auth.txt -xc -i "${CLM_PROJECT_NAME}" -s https://nexus-iq.wl.linuxfoundation.org -t build .
 rm cli-auth.txt
 rm "${CLI_LOCATION}"
+
+echo "---> nexus-iq-cli.sh ends"