Add Bitbucket Pipelines and GitLab CI support to dependency scan#34
Open
ofirshtrull wants to merge 16 commits intomainfrom
Open
Add Bitbucket Pipelines and GitLab CI support to dependency scan#34ofirshtrull wants to merge 16 commits intomainfrom
ofirshtrull wants to merge 16 commits intomainfrom
Conversation
This update introduces support for Bitbucket Pipelines in the Arnica dependency scan tool. The following changes were made: - Updated README.md and CONTRIBUTING.md to include Bitbucket Pipelines usage instructions and prerequisites. - Introduced a new BitbucketPipelinesPlatform class to handle specific logic for Bitbucket environments. - Modified input handling to detect Bitbucket-specific environment variables and fallbacks. - Added tests for Bitbucket Pipelines platform support and input validation. - Updated package.json description to reflect Bitbucket Pipelines support.
Add function to normalize Bitbucket Cloud URLs to ensure consistency across different URL formats. Remove unused environment variables in pipeline configurations.
- Added support for additional Bitbucket environment variables: BITBUCKET_WORKSPACE, BITBUCKET_REPO_OWNER, and BITBUCKET_REPO_SLUG. - Updated getBitbucketRepositoryUrlFallback to derive repo URL using workspace and slug when full name is unavailable. - Added tests to ensure correct URL derivation from workspace and slug.
Introduce functions to detect GitHub and Azure CI environments. - Added `isGitHubEnvironment` and `isAzureEnvironment` functions. - Updated `getValidatedInput` to utilize new GitHub environment detection. - Enhanced error handling for missing repository URLs in CI environments. - Updated tests to cover GitHub environment scenarios.
Introduce console logging for the Arnica Scan Summary when writing summaries. This enhancement helps in debugging by providing immediate feedback in the console.
Add a check to ensure the API token does not start with a '$', indicating an unresolved variable placeholder. Update tests to include this validation scenario.
… version update logic The workflow now ignores changes in the 'examples/**' path, preventing unnecessary version bumps for example file modifications. Refactored the version update logic to handle multiple files, including README.md and any example YAML files, ensuring all relevant files have their version references updated consistently.
Rename API_BASE_URL to ARNICA_API_BASE_URL in azure-devops.yml and bitbucket-pipelines.yml for consistency.
- Moved isBitbucketEnvironment function to select-platform module to enhance modularity - Updated to accept process environment as a parameter for better testability - Removed redundant DEBUG environment variable handling for improved clarity
…handling Extracted isGitHubEnvironment function for reusability and clarity. Enhanced Bitbucket Server URL construction by using BITBUCKET_SERVER_SCM_PREFIX if provided. Updated PULL_REQUEST_TEMPLATE, CONTRIBUTING, and README to reflect new build and test expectations. Added tests for new functionality and refactored existing ones for clarity.
Renamed environment variables to include 'ARNICA_' prefix for consistency across documentation and examples. - Updated `SCAN_PATH` to `ARNICA_SCAN_PATH`. - Updated `SCAN_TIMEOUT_SECONDS` to `ARNICA_SCAN_TIMEOUT_SECONDS`. - Updated `ON_FINDINGS` to `ARNICA_ON_FINDINGS`. These changes ensure uniformity in naming conventions, making the configuration more intuitive.
Introduce `GitLabCIPlatform` class to handle GitLab CI environments. - Implement functions to retrieve GitLab-specific environment variables. - Update platform selection logic to include GitLab CI. - Add helper functions for GitLab repository URL and branch fallback.
…ndling and tests Improved the GitLab CI platform by adding a warning mechanism for missing workspace paths and handling file write errors more gracefully. - Introduced `warnMissingWorkspace` to notify when `CI_PROJECT_DIR` is unset. - Enhanced `setOutput` and `writeSummary` to handle file write failures with warnings. - Updated `getGitLabBranchFallback` for better branch determination. - Modified `isGitLabEnvironment` to require both `CI_PROJECT_DIR` and `CI_PIPELINE_ID` for detection. - Added comprehensive test coverage for GitLab CI functionalities, including handling of environment variables and file operations.
Made-with: Cursor
ofirshtrull
changed the title
- Updated branch detection to use `CI_DEFAULT_BRANCH` as a fallback in tag pipelines for GitLab CI. - Improved error handling in Bitbucket Pipelines by catching file write errors and logging warnings instead of crashing. - Added tests to verify new branch detection logic and error handling improvements.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds first-class Bitbucket Pipelines and GitLab CI support to the dependency scan package while keeping GitHub/Azure compatibility, and hardens input handling for token/env misconfiguration.
Changes
Bitbucket Pipelines
GitLab CI
Tests
Test plan
Reviewer notes