943537f019
Bei (bedingtem) Verzeichnis wären absolute Dateipfade sinnvoll, damit der Artefact-Export funktioniert. Ein Verzeichniswechsel scheint aber garnicht notwendig zu sein, wenn die BOM-Datei korrekt/absolut angegeben ist.
41 lines
1.6 KiB
YAML
41 lines
1.6 KiB
YAML
.license-asciidoc:
|
|
image: gitlab.exxcellent.de:4567/gilden/ci/exxcellent-license-tools
|
|
stage: verify
|
|
variables:
|
|
BOM_FILE: bom.json
|
|
ALLOWED_LICENSES: valid-licenses.txt
|
|
LICENSE_ADOC_FILE: licenses.adoc
|
|
INVALID_LICENSE_ADOC_FILE: invalid-licenses.adoc
|
|
NUMBER_OF_ALLOWED_FAILURES: 0
|
|
script:
|
|
# If bom-file does not exist, search for it in default-maven directory
|
|
- >
|
|
if [[ ! -f "$BOM_FILE" && -f "$BACKEND_DIR/target/bom.json" ]]; then
|
|
export BOM_FILE=$BACKEND_DIR/target/bom.json
|
|
fi
|
|
# If bom-file does not exist, search for it in default-gradle directory
|
|
- >
|
|
if [[ ! -f "$BOM_FILE" && -f "$BACKEND_DIR/build/reports/bom.json" ]]; then
|
|
export BOM_FILE=$BACKEND_DIR/build/reports/bom.json
|
|
fi
|
|
- export NUMBER_OF_INVALID_LICENSES=0
|
|
- export INVALID_BOM_FILE=invalid-bom.json
|
|
- licenseBom2Adoc --bom $BOM_FILE --adoc $LICENSE_ADOC_FILE
|
|
- >
|
|
if [ -f "$ALLOWED_LICENSES" ]; then
|
|
checkLicenseBom --bom $BOM_FILE --targetBom $INVALID_BOM_FILE --license $ALLOWED_LICENSES || NUMBER_OF_INVALID_LICENSES=$?
|
|
fi
|
|
- >
|
|
if [ "$NUMBER_OF_INVALID_LICENSES" -gt "$NUMBER_OF_ALLOWED_FAILURES" ]; then
|
|
echo "Invalid licenses found. Number of invalid license ${NUMBER_OF_INVALID_LICENSES}". See invalid-licenses file in artifacts.
|
|
licenseBom2Adoc --bom $INVALID_BOM_FILE --adoc $INVALID_LICENSE_ADOC_FILE
|
|
exit 1
|
|
else
|
|
echo "All licenses valid"
|
|
fi
|
|
artifacts:
|
|
when: always
|
|
expire_in: 2 weeks
|
|
paths:
|
|
- $LICENSE_ADOC_FILE
|
|
- $INVALID_LICENSE_ADOC_FILE |