Implement flexible Maven settings override for dependency scanning
requested to merge 414689-error-when-pulling-plugin-for-maven-project-mirroring-central-repo into master
What does this MR do?
This merge request improves our dependency scanning process by implementing a flexible approach to Maven settings. The fundamental changes are:
- Added a
MAVEN_PREBUILD
parameter to control Maven settings behavior:- When
MAVEN_PREBUILD
is true, the code generates a minimalsettings.xml
file and overrides the local repository location. - When false, it respects existing Maven settings.
- When
- Implemented a function to create a temporary minimal
settings.xml
file:- This file only includes essential configurations, reducing potential conflicts.
- Modified the Maven command construction to include conditionally:
- The path to the temporary
settings.xml
file (-s
option). - An override for the local repository location (
-Dmaven.repo.local
option).
- The path to the temporary
- Ensured that existing Maven options were preserved when not in
MAVEN_PREBUILD
mode.
These changes allow for more flexible dependency scanning, particularly in isolated or CI environments where we need to control the Maven settings precisely. The implementation maintains compatibility with existing processes while providing the option to use a clean, minimal Maven configuration when required.
This update improves our ability to manage dependencies consistently across different environments and project configurations.
What are the relevant issue numbers?
Error when pulling plugin for maven project mir... (gitlab-org/gitlab#414689)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary. -
Documentation created/updated for this project, if necessary. -
Documentation reviewed by a technical writer or follow-up review issue created -
Tests added for this feature/bug. -
Job definition updated, if necessary. -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports are checked/validated by the reviewer.