Skip to content

Call sbt makeBom in case the plugin is compatible

Nick Ilieskou requested to merge 390287-introduce-makeBom-command into 390287-update-docker-images-makeBom

What does this MR do?

In this MR we introduce the main functionality of calling sbt makeBom:

  • builder/exportpath:
    • Renamed ExtractSbt to ExtractSbtDot since we need to defirentiate between dot and bom.
    • Added function ExtractSbtBom. Unfortunately we cannot call extract since the parsing is a bit different.
    • Updated unit tests
  • finder/package_manager.go: PackageManagerSbt should also look for files named dependencies.bom.xml
  • builder/sbt:
    • Updated sbt.go so that it parses the sbt version using the sbt about command. For explanation see this comment. Then we parse the sbt version and if applicable we call sbt makeBom.
    • Added version.go and respective unit test in order to parse sbt version. These files come from here
  • Updated qa specs. More information can be found here. The main idea is that sbt makeBom does not contain dependencies between the packages and hence we need to update the expected reports. We keep the old report for sbt versions below 1.1.0.

Important note for the reviewer

This MR is dependent on !554 (closed), !555 (merged) and !556 (merged). Once all these are merged to master we can rebase and the rspec tests should be passing

UPDATE:

MR Stack

What are the relevant issue numbers?

gitlab-org/gitlab#390287 (closed)

Does this MR meet the acceptance criteria?

Edited by Nick Ilieskou

Merge request reports