Propagate env vars to Dependency Scanning for Python, Java Maven (Gemnasium)
Summary
Environment variables set in the context of dependency_scanning
jobs are not propagated to the Docker containers used to perform Dependency Scanning (DS) on Python projects and Java Maven projects (Gemnasium client).
Steps to reproduce
- Create a Python or Maven project where some environment variables are required to install the project dependencies. It could be
HTTP_PROXY
,PIP_INDEX_URL
or others. - Enable Dependency Scanning and add the env vars to the job definition.
- Run the pipeline.
Example Project
TODO: provide example project
What is the current bug behavior?
Dependency Scanning fails because the env vars are not set when attempting to install Python dependencies using pip install
or Java Maven dependencies using mvn
.
What is the expected correct behavior?
DS job should fetch the dependencies using the env vars.
Possible fixes
Propagate the env vars when configuring the Docker container.
See https://gitlab.com/gitlab-org/security-products/gemnasium/client/blob/master/generator/docker.go