Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: refactor sonatype scan #186

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: refactor sonatype scan #186

wants to merge 1 commit into from

Conversation

keanjapesan
Copy link
Contributor

No description provided.

@ModeSevenIndustrialSolutions
Copy link
Contributor

ModeSevenIndustrialSolutions commented Oct 9, 2024
edited
Loading

If we get this merged, we may still see issues with the upstream action's endpoint.sh script, which has multiple bugs and doesn't pass basic linting checks. Rather than roll out a series of interim fixes, it might be better to wait until we have the updated (and officially supported/provided) Nexus IQ action merged later this week (that I have been testing in portal-ng-ui). It would just need minor adjustments for the Gradle/Maven based jobs.
https://github.com/sonatype/actions/tree/main/run-iq-cli
This doesn't use Docker and doesn't contain the dodgy endpoint.sh shell code.

@ModeSevenIndustrialSolutions
Copy link
Contributor

See here:
https://github.com/onap/portal-ng-ui/blob/master/.github/workflows/gerrit-verify.yaml
And here's the code that implements the workflow under testing:

  # This is a test workflow, not production, and will be replaced
  node-sonartype-lifecycle:
    needs: [notify]
    # yamllint disable-line rule:line-length
    uses: ModeSevenIndustrialSolutions/portal-ng-ui/.github/workflows/node-sonatype-lifecycle.yaml@master
    with:
      node-version: 20
      build-tool: npm
    secrets:
      NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }}

@keanjapesan
Copy link
Contributor Author

Hi @ModeSevenIndustrialSolutions
Community is reporting this faulty GHA workflow so we will need a solution soon, I see a v1 release for the new action you mentioned above, should I start migration this reusable workflow to use it?

@keanjapesan keanjapesan force-pushed the fix-gradle-bug branch 2 times, most recently from d4fccd0 to 23d64d6 Compare November 13, 2024 20:11
@keanjapesan keanjapesan changed the title Fix: update branch name of iq-github-action Fix: refactor sonatype scan Nov 13, 2024
ModeSevenIndustrialSolutions
ModeSevenIndustrialSolutions previously approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to go

@keanjapesan
Fix: refactor sonatype scan
11026c8 
Signed-off-by: Kevin Sandi <[email protected]>
ModeSevenIndustrialSolutions
ModeSevenIndustrialSolutions approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ModeSevenIndustrialSolutions ModeSevenIndustrialSolutions ModeSevenIndustrialSolutions approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@keanjapesan @ModeSevenIndustrialSolutions