From 3901540ab1ae1bf0f5c63b4ed7abbf3c75ef290b Mon Sep 17 00:00:00 2001 From: Philippe Perrin Date: Tue, 5 Oct 2021 16:27:03 +0200 Subject: [PATCH] Fix dependency checks for frontend projects --- .cirrus.yml | 1 + build.gradle | 6 ++++++ server/sonar-docs/build.gradle | 7 +++++++ server/sonar-web/build.gradle | 7 +++++++ 4 files changed, 21 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index 6b639d43c6a..766ff7e703f 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -558,6 +558,7 @@ owasp_check_task: $CIRRUS_CRON == "weekly-latest" || $CIRRUS_CRON == "weekly-lts" || changesInclude('private/owasp/*.xml') + <<: *YARN_CACHE_TEMPLATE timeout_in: 30m gke_container: <<: *GKE_CONTAINER_TEMPLATE diff --git a/build.gradle b/build.gradle index e720c228f4f..a61f58fe0e2 100644 --- a/build.gradle +++ b/build.gradle @@ -650,6 +650,12 @@ dependencyUpdates { } } +gradle.projectsEvaluated { gradle -> + // Execute dependencyCheckAggregate prerequisites before the actual check + allprojects + .findResults { it -> it.tasks.findByName('dependencyCheckAggregate_prerequisites') } + .each { t -> dependencyCheckAggregate.dependsOn(t) } +} ext.osAdaptiveCommand = { commands -> def newCommands = [] diff --git a/server/sonar-docs/build.gradle b/server/sonar-docs/build.gradle index 99c9118ec1c..15315779bcd 100644 --- a/server/sonar-docs/build.gradle +++ b/server/sonar-docs/build.gradle @@ -109,6 +109,13 @@ task dependency_audit(type: Exec) { commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) } +task dependencyCheckAggregate_prerequisites(type: Exec) { + // the OWASP tool does not support yarn and its yarn.lock files, so node modules + // should be explicitly installed (yarn install) before running the audit + // See https://github.com/jeremylong/DependencyCheck/issues/2393 + commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) +} + task zip(type: Zip) { def archiveDir = "$version" duplicatesStrategy DuplicatesStrategy.EXCLUDE diff --git a/server/sonar-web/build.gradle b/server/sonar-web/build.gradle index 2ee42455291..9b4254cb95a 100644 --- a/server/sonar-web/build.gradle +++ b/server/sonar-web/build.gradle @@ -62,6 +62,13 @@ task dependency_audit(type: Exec) { commandLine osAdaptiveCommand(['npm', 'run', 'audit-ci']) } +task dependencyCheckAggregate_prerequisites(type: Exec) { + // the OWASP tool does not support yarn and its yarn.lock files, so node modules + // should be explicitly installed (yarn install) before running the audit + // See https://github.com/jeremylong/DependencyCheck/issues/2393 + commandLine osAdaptiveCommand(['yarn', 'install', '--immutable']) +} + def sources = fileTree(dir: "src") + fileTree(dir: "scripts") + fileTree(dir: "config") + fileTree(dir: "__mocks__") task licenseCheckWeb(type: com.hierynomus.gradle.license.tasks.LicenseCheck) { -- 2.39.5