Install sbt-bom plugin in docker images
What does this MR do?
The goal is to use sbt makeSbom
instead of sbt dependencyDot
for sbt projects with versions >= 1.1
. In this MR we add the sbt-bom plugin by providing the jar file and installing in the debian and fips image. More precisely:
- We add the sbt-bom jar under
build/gemnasium-maven/utils/sbt-bom-plugin
- For both debian and fips docker files we add an env var
SBT_BOM_PLUGIN
which contains a command to enable the SBT plugin. - We append the contents of
SBT_BOM_PLUGIN
in the.sbt/1.0/plugins/plugins.sbt
both for root and normal user. This is the way to enable SBT global plugins according to the documentation.
No changelog is added since we need follow up MRs to build achieve our goal.
MR Stack
- Move SBT parser into dot directory (!555 - merged)
-
Install sbt-bom plugin in docker images (!554 - closed)
👈 - Introduce the sbt bom parser (!556 - merged)
- Call sbt makeBom in case the plugin is compatible (!557 - closed)
What are the relevant issue numbers?
gitlab-org/gitlab#390287 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar