Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(#145) Enable skipping of Yarn analysis #146

Merged
merged 1 commit into from
Apr 26, 2024
Merged

(#145) Enable skipping of Yarn analysis #146

merged 1 commit into from
Apr 26, 2024

Conversation

Windos
Copy link
Member

@Windos Windos commented Apr 19, 2024
edited
Loading

Description Of Changes

This PR enables disabling the Dependency-Check Yarn Audit analysis as part of the Dependency-Check task. Due to the Dependency-Check Cake addin being out of date, this is achieved by injecting the required switch into the dependency-check.bat when a new tool setting, dependencyCheckDisableYarnAudit, is set to true.

Motivation and Context

Dependency-Check occasionally triggers Yarn analysis when it isn't needed and results in the Dependency-Check failing. By disabling this analysis, it allows the Dependency-Check, and build in general, to complete successfully.

Testing

  1. Clone a project that triggers Yarn Analysis
  2. Set the SonarQube environment variables:
    • SONARQUBE_URL
    • SONARQUBE_ID
    • SONARQUBE_TOKEN
  3. Patch the recipe tool with the changes from this PR
  4. Run the build:
    .\build.bat --verbosity=diagnostic --target=CI --testExecutionType=none --shouldRunAnalyze=false --shouldRunIlMerge=false --shouldObfuscateOutputAssemblies=false --shouldRunChocolatey=false --shouldRunNuGet=false --shouldRunSonarQube=true --shouldRunDependencyCheck=true
  5. See that build runs and that Yarn Analysis was triggered.
  6. Re-run the build adding --dependencyCheckDisableYarnAudit=true
  7. See that the build runs and that Yarn Analysis was skipped (n.b. there is no output saying it was skipped, but it will be missing from the list of audits executed as they are executed.)

Operating Systems Testing

Windows Server 2019

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v2 compatibility checked?

Related Issue

@Windos Windos force-pushed the GH-145/skip-dependencycheck-yarn-analysis branch from 8322650 to 8ef9fec Compare April 22, 2024 08:04
@Windos Windos marked this pull request as ready for review April 23, 2024 01:52
@Windos Windos requested a review from gep13 April 23, 2024 01:52
@Windos
(chocolatey#145) Enable skipping of Yarn analysis
3ca5aec 
During the Dependency-Check task, the Yarn Audit analysis can be
triggered even when it is not needed. This results in the task, and
build, failing.

By adding a new tool setting, DependencyCheckDisableYarnAudit,
the Yarn Audit analysis can be explicitly disabled when required.
This new parameter defaults to `false`.

This change should be revisited when Cake.DependencyCheck and
DependencyCheckTool are updated.
@Windos Windos force-pushed the GH-145/skip-dependencycheck-yarn-analysis branch from 8ef9fec to 3ca5aec Compare April 23, 2024 04:05
@Windos
Copy link
Member Author

Windos commented Apr 23, 2024

@gep13 - Thanks for your input on this PR, I swapped over to Tool Settings for my change. I also got this change tested today, it highlighted that the path to the batch file needed an explicit ToString().

gep13
gep13 approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@gep13 gep13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@gep13
Copy link
Member

gep13 commented Apr 26, 2024

@Windos this looks great! Happy to get this merged in, and get a new release out the door!

@gep13 gep13 merged commit ba471f2 into chocolatey:develop Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gep13 gep13 gep13 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for skipping Dependency-Check Yarn analysis
2 participants
@Windos @gep13