Commit 295f3853 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: add forbid snapshot dependencies job

parent d99c6bbf

README.md

+12 −0
Original line number Diff line number Diff line
@@ -141,6 +141,18 @@ More info: 


* [Maven Dependency-Check Plugin](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html)



### `mvn-forbid-snapshot-dependencies` job



This job checks your project has release-only dependencies (no _snapshot_), using the [Maven Enforcer](https://maven.apache.org/enforcer/enforcer-rules/requireReleaseDeps.html) plugin.



Failure is allowed in feature branches.



It is bound to the `test` stage, and uses the following variables:



| Name                  | description                            | default value     |

| --------------------- | -------------------------------------- | ----------------- |

| `MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED` | Disable this job | _none_ |



### `mvn-checkmarx` job



From version `0.7.0`, the Checkmarx job is no longer part of the Maven template as it is now a standalone template.

kicker.json

+12 −0
Original line number Diff line number Diff line
@@ -103,6 +103,18 @@ 
        }

      ]

    },

    {

      "id": "forbid-snapshot-dependencies",

      "name": "Snapshot dependencies verification",

      "description": "This job verifies your project has no _snapshot_ dependencies. Failure is allowed in feature branches.",

      "variables": [

        {

          "name": "MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED",

          "description": "Disable the job",

          "type": "boolean"

        }

      ]

    },

    {

      "id": "publish",

      "name": "Publish",

templates/gitlab-ci-maven.yml

+17 −0
Original line number Diff line number Diff line
@@ -406,6 +406,23 @@ mvn-dependency-check: 
    paths:

      - "**/target/dependency-check-report.*"



mvn-forbid-snapshot-dependencies:

  extends: .mvn-base

  stage: test

  script:

    - mvn org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce -Drules=requireReleaseDeps

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID

      when: never

    # exclude if disabled

    - if: $MVN_FORBID_SNAPSHOT_DEPENDENCIES_DISABLED

      when: never

    # on production or integration branches: auto

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'

    # else (feature branches): auto & non-blocking

    - allow_failure: true



mvn-snapshot:

  extends: .mvn-base

  stage: publish