New License Scanning image breaks integration with LICENSE_MANAGEMENT_SETUP_CMD

New License-Scanning minimal image breaks usage of SETUP_CMD to use your own package manager to install project dependencies. In our case we use the gradle wrapper as follows: ./gradlew <command>.

Unfortunately this line does not allow to run this command any more, as "${SETUP_CMD[@]}" does something different as ${SETUP_CMD[@]} (without quotes, see here) which it has been before the latest update.

Now the job will fail with following error:

Inflating /opt/asdf.tar.zst in /opt
Inflating /usr/lib/gcc.tar.zst in /usr/lib
Inflating /usr/lib/mono.tar.zst in /usr/lib
Inflating /usr/lib/rustlib.tar.zst in /usr/lib
Inflating /usr/share/dotnet.tar.zst in /usr/share
Running '/code/gradlew assemble license' to install project dependencies...
/run.sh: line 90: /code/gradlew assemble license: No such file or directory

Workaround:

license_scanning:
  ...
  before_script:
    - echo "./gradlew assemble license" > setup.sh
    - chmod +x setup.sh
  variables:
    SETUP_CMD: ./setup.sh

@xlgmokha why does GitLab replace old image tags, so all previously working images suddenly stop working? I'm requesting to properly announce those changes or at least give users the possiblity to go back to previous image versions more easily /cc @teemo.