Call sbt makeBom in case the plugin is compatible
What does this MR do?
In this MR we introduce the main functionality of calling sbt makeBom
:
-
builder/exportpath
:- Renamed
ExtractSbt
toExtractSbtDot
since we need to defirentiate betweendot
andbom
. - Added function
ExtractSbtBom
. Unfortunately we cannot callextract
since the parsing is a bit different. - Updated unit tests
- Renamed
-
finder/package_manager.go
:PackageManagerSbt
should also look for files nameddependencies.bom.xml
-
builder/sbt
: - Updated qa specs. More information can be found here. The main idea is that
sbt makeBom
does not contain dependencies between the packages and hence we need to update the expected reports. We keep the old report for sbt versions below1.1.0
.
Important note for the reviewer
This MR is dependent on !554 (closed), !555 (merged) and !556 (merged). Once all these are merged to master we can rebase and the rspec tests should be passing
UPDATE:
-
!555 (merged) was merged to master and !557 (closed) was rebased -
!556 (merged) was merged to !557 (closed) -
Once !554 (closed) is merged to master we need to rebase !557 (closed)
MR Stack
- Move SBT parser into dot directory (!555 - merged)
- Install sbt-bom plugin in docker images (!554 - closed)
- Introduce the sbt bom parser (!556 - merged)
-
Call sbt makeBom in case the plugin is compatible (!557 - closed)
👈
What are the relevant issue numbers?
gitlab-org/gitlab#390287 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Nick Ilieskou