Determine Java version when DS_JAVA_VERSION is not set
Release notes
When running container scanning via compliance pipelines (via compliance frmaeworks) it may not be practicable to set the DS_JAVA_VERSION
within each project. In cases where DS_JAVA_VERSION
is not set we can attempt to determine the correct version from the pom.xml
.
Problem to solve
Compliance pipelines adds complexity to project-level configuration that is avoidable.
Proposal/ Implementation Plan
Modify gemnasium-maven-dependency_scanning job with a before_script
:
- VERSION=$(grep java.version pom.xml | sed 's/<\/\?[^>]\+>//g' | tr -d '[:blank:]')
- if [ -z "$DS_JAVA_VERSION" ]; then if [ $VERSION = 1.8 ]; then DS_JAVA_VERSION=8; else DS_JAVA_VERSION=$VERSION; fi fi
- export DS_JAVA_VERSION
Notice that on Mac the sed command needs to be a bit different: sed -E 's/<\/?[^>]+>//g'
The Maven docs on setting the java version specify useful fields.
Discussed in Slack
Intended users
Feature Usage Metrics
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.