dependency-check-plugin icon indicating copy to clipboard operation
dependency-check-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

[JENKINS-59869] use EnvVars from the Pipeline

Open thomasgl-orange opened this issue 4 years ago • 5 comments

See JENKINS-59869: the environment used by the dependency-check.sh process, when using the dependencyCheck step in a Pipeline, is the initial environment of the build. It does not include the variables defined during Pipeline execution via environment{...}, tools{...}, or withEnv(...){...}.

This was a common culprit of build steps based on SimpleBuildStep, see JENKINS-29144. It was finally solved in Jenkins 2.241 (LTS 2.249.x) and workflow-basic-steps-plugin 2.21 / 2.22.

What this PR does:

  • update the pom.xml (bump the plugins parent pom, import the bom, minor cleanups), and move to Jenkins 2.249.1
  • switch the build step to the new SimpleBuildStep#perform(...) signature, so that it is called with the "right" EnvVars as a parameter

To check that it works as expected, you can modify an already installed dependency-check.sh script to echo the env variables.

In my case, the purpose of fixing this issue was to actually avoid having to give an explicit full path to the yarn binary, in a pipeline like this:

pipeline {
  agent { label 'linux' }
  environment {
    // this is a tool with nodejs + yarn
    NODEJS = tool 'Nodejs'
  }
  stages {
    stage('Depcheck') {
      steps {
        withEnv(["PATH+NODEJS=${NODEJS}/bin"]) {
          dependencyCheck odcInstallation: 'DependencyCheck 6.2.2',
              additionalArguments: "..."
          // Without this PR, I have to add --yarn=${NODEJS}/bin/yarn to make dependency-check find the yarn binary,
          // despite the directory actually being in the $PATH in the "local" EnvVars.
        }
      }
    }
  }
}
  • [X] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • [X] Ensure that the pull request title represents the desired changelog entry
  • [X] Please describe what you did
  • [X] Link to relevant issues in GitHub or Jira
  • [ ] ~~Link to relevant pull requests, esp. upstream and downstream changes~~
  • [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue

thomasgl-orange avatar Aug 06 '21 11:08 thomasgl-orange

checks failed because of infra issue, I will close and reopen this PR to trigger a new build...

thomasgl-orange avatar Aug 06 '21 12:08 thomasgl-orange

Any idea when this pull request can be accepted?

lemmywrap avatar Nov 19 '21 08:11 lemmywrap

this is a blocking issue, could anyone accept ? I know that there is not maintairs but maybe @whittlec at least could merge

nfalco79 avatar Jan 18 '22 15:01 nfalco79

@danile42 please have a look to this PR to avoid wrap this step with ENV wrapper

nfalco79 avatar Feb 21 '22 10:02 nfalco79

@danile42 are you an active mantainer? I see you request to maintain this plugin but after that no movement at all about any of existing PR. Can we proceed to fix some important defects?

nfalco79 avatar Aug 09 '22 09:08 nfalco79