share a Nexus IQ system to avoid project name collision. We recommend
inserting a trailing - dash if using this parameter.
For example 'odl-'. (default: '')
+ :nexus-target-build: Target directory or file to be scanned by Nexus IQ CLI
+ (default: "\*\*/\*")
:pre-build-script: Shell script to run before tox. Useful for setting up
dependencies. (default: a string with a shell comment)
:python-version: Python version to invoke pip install of tox-pyenv
java-version: openjdk11 # Scanner is a jar
nexus-iq-cli-version: 1.140.0-01
nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
+ nexus-target-build: "**/*"
pre-build-script: "# pre-build script goes here"
python-version: python3
requirements-file: requirements.txt
name: NEXUS_IQ_CLI_VERSION
default: "{nexus-iq-cli-version}"
description: Nexus IQ CLI jar to download and run.
+ - string:
+ name: NEXUS_TARGET_BUILD
+ default: "{nexus-target-build}"
+ description: File or dir to scan by Nexus CLI.
wrappers:
- lf-infra-wrappers:
--- /dev/null
+---
+fixes:
+ - |
+ Replace Nexus IQ build Target from "${REQUIREMENTS_FILE}" to "${NEXUS_TARGET_BUILD}".
+ The scanner is only including the requirements.txt file in its scan which
+ should not contain other information than python package requirements.
+ Instead, use a "${NEXUS_TARGET_BUILD}" parameter which the user can optionally provide to
+ the scanner to indicate a file or directory to include in the scan. By default, this
+ variable is configured to scan all files in the repo.
set -eu
# do not print commands, credentials should not be logged
set +x
-# check if tox established the prereqs for this analysis
-if [[ ! -f $REQUIREMENTS_FILE ]]; then
- echo "ERROR: failed to find file $REQUIREMENTS_FILE"
- exit 1
-fi
CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar"
echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION"
wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}"
# result.json is a mystery
java -jar "${CLI_LOCATION}" @cli-auth.txt \
-s https://nexus-iq.wl.linuxfoundation.org -i "${NEXUS_IQ_PROJECT_NAME}" \
- -t build -r result.json "${REQUIREMENTS_FILE}"
+ -t build -r result.json "${NEXUS_TARGET_BUILD}"
rm cli-auth.txt
rm "${CLI_LOCATION}"
Code Review / releng / global-jjb.git / commitdiff