Fail for gradle dependencies that failed to be resolved
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA
What does this MR do?
In earlier versions of Gemnasium, the analyzer would return a non-zero exit status whenever it encountered a dependency that could not be resolved. This behavior was crucial for ensuring that any unresolved dependencies were immediately flagged, preventing potential issues from slipping through the cracks.
However, with the transition to Gemnasium 5 and the adoption of the htmlDependencyReport
format, this behavior was unintentionally changed. As a result, unresolved dependencies were no longer causing the analyzer to fail, which could lead to undetected issues in the dependency management process.
This merge request aims to reintroduce the original behavior. By interpreting the resolvable status in the JSON of the htmlDependencyReport
, the analyzer will now output any dependencies that failed to resolve to the job log. Consequently, the analyzer will again return a non-zero exit status if it encounters any unresolved dependencies.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer