Support MAVEN_CLI_OPTS in gemnasium-maven
What does this MR do?
Adds MAVEN_CLI_OPTS to gemnasium-maven analyzer.
Implementation plan
Update the dependency scanner and its maven plugin to accept a new environment variable. This will allow users to parametrize their pom.xml.
For example, when a user needs to scan packages in a private repo, they will be able to supply a settings.xml file that supplies user credentials as variables which can then be injected as environment variables when the pipeline executes.
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
...
<repositories>
<repository>
<id>privaterepo</id>
<url>https://private.repo.com/</url>
</repository>
</repositories>
...
</project>
settings.xml
...
<servers>
<server>
<id>privaterepo</id>
<username>${privaterepo.username}</username>
<password>${privaterepo.bar}</password>
</server>
</servers>
...
Supplying the run dependent variables thusly:
MAVEN_CLI_OPTS="--settings settings.xml -Dprivaterepo.usernam=foo -Dprivaterepo.password=bar"
Testing
-
Test by running against the local project with MAVEN_CLI_OPTS supplied (e.g. GOOS=linux go build -o analyzer && docker build -t analyzer . && docker run --rm --volume "$PWD"/test/fixtures:/tmp/project --env CI_PROJECT_DIR=/tmp/project --env MAVEN_CLI_OPTS="-X" analyzer /analyzer run
) you should see verbose output when supplied the -X option to maven.
Related issues
#11166 (closed) - Add support for MAVEN_CLI_OPTS
Edited by Igor Frenkel