Implement flexible Maven settings override for dependency scanning
requested to merge 414689-error-when-pulling-plugin-for-maven-project-mirroring-central-repo into master
What does this MR do?
This merge request introduces a new Maven utility to improve our handling of Maven settings and options, particularly in the context of the Gemnasium analyzer.
Changes
- Implemented a new
GetPatchSettingsFile
function to patch Maven settings files dynamically. - Added
ParseMavenOpts
andReconstructMavenOpts
functions to handle Maven command-line options better. - These utilities are integrated into the Gemnasium-maven analyzer workflow.
Functionality
-
Settings File Patching:
- Reads an existing
settings.xml
file. - Adds a local plugin repository configuration.
- Creates a temporary patched settings file.
- Reads an existing
-
Maven Options Parsing:
- Parses Maven command-line options into a map for easy manipulation.
- Allows for easy modification of specific options (e.g., changing the settings file path).
-
Maven Options Reconstruction:
- Reconstruct the Maven options string from the modified map.
-
Patch Settings File:
- Combine all the above functions and return a new temp settings file path; the maven opts to override if needed.
Benefits
- Improves flexibility in handling Maven configurations, especially in CI/CD environments.
- Allows for dynamic modification of Maven settings without altering the original files.
- Enhances the ability to work with local repositories in isolated environments.
Testing
- Unit tests have been added for
PatchSettingsFile
new function.
What are the relevant issue numbers?
Error when pulling plugin for maven project mir... (gitlab-org/gitlab#414689)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary. -
Documentation created/updated for this project, if necessary. -
Documentation reviewed by a technical writer or follow-up review issue created -
Tests added for this feature/bug. -
Job definition updated, if necessary. -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports are checked/validated by the reviewer.
Edited by Miki Amos