feat: move owasp cache to same place for all

* Move owasp cache to same place for all to speed up the build * Adds Job Attempt to artefacts to stop the build from crashing
Ensono · Jul 19, 2024 · ef9b77e · ef9b77e
1 parent 4128b26
commit ef9b77e
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 10 deletions.
diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml
@@ -151,6 +151,8 @@ variables:
     value: "$(VULNERABILITY_SCAN_API_KEY)"
   - name: vulnerability_scan_fail_build_on_detection
     value: false
+  - name: vulnerability_scan_database_directory
+    value: ${{ variables.self_repo_dir }}/.vulnerability-database
 
   # Yamllint
   - name: yamllint_config_file
@@ -191,6 +193,7 @@ stages:
           vmImage: $(pool_vm_image)
         steps:
           - checkout: self
+            fetchDepth: 0
 
           - checkout: templates
 
@@ -230,6 +233,7 @@ stages:
               vulnerability_scan: "${{ variables.vulnerability_scan }}"
               vulnerability_scan_api_key: "${{ variables.vulnerability_scan_api_key }}"
               vulnerability_scan_fail_build_on_detection: "${{ variables.vulnerability_scan_fail_build_on_detection }}"
+              vulnerability_scan_database_directory: "${{ variables.vulnerability_scan_database_directory }}"
               project_type: "${{ variables.java_project_type }}"
 
           # Builds the Java API Tests
@@ -252,6 +256,7 @@ stages:
               vulnerability_scan: "${{ variables.vulnerability_scan }}"
               vulnerability_scan_api_key: "${{ variables.vulnerability_scan_api_key }}"
               vulnerability_scan_fail_build_on_detection: "${{ variables.vulnerability_scan_fail_build_on_detection }}"
+              vulnerability_scan_database_directory: "${{ variables.vulnerability_scan_database_directory }}"
               project_type: "${{ variables.functional_test_project_type }}"
 
           # Performs static code analysis, such as Sonar Cloud

diff --git a/build/azDevOps/azure/templates/steps/build/build-api-tests-cli.yml b/build/azDevOps/azure/templates/steps/build/build-api-tests-cli.yml
@@ -17,6 +17,7 @@ parameters:
   vulnerability_scan: true
   vulnerability_scan_api_key: "$(VULNERABILITY_SCAN_API_KEY)"
   vulnerability_scan_fail_build_on_detection: true
+  vulnerability_scan_database_directory: ""
   project_type: ""
 
 steps:
@@ -74,6 +75,7 @@ steps:
         inputs:
           filePath: "${{ parameters.pipeline_scripts_directory }}/test-maven-owasp-dependency-check.bash"
           arguments: >
+            -W "${{ parameters.vulnerability_scan_database_directory }}"
             -X "${{ parameters.vulnerability_scan_api_key }}"
             -Y "${{ parameters.vulnerability_scan_fail_build_on_detection }}"
             -Z "${{ parameters.maven_cache_directory }}"

diff --git a/build/azDevOps/azure/templates/steps/build/build-api-tests.yml b/build/azDevOps/azure/templates/steps/build/build-api-tests.yml
@@ -17,6 +17,7 @@ parameters:
   vulnerability_scan: true
   vulnerability_scan_api_key: "$(VULNERABILITY_SCAN_API_KEY)"
   vulnerability_scan_fail_build_on_detection: true
+  vulnerability_scan_database_directory: ""
   project_type: ""
 
 steps:
@@ -40,6 +41,7 @@ steps:
       vulnerability_scan: "${{ parameters.vulnerability_scan }}"
       vulnerability_scan_api_key: "${{ parameters.vulnerability_scan_api_key }}"
       vulnerability_scan_fail_build_on_detection: "${{ parameters.vulnerability_scan_fail_build_on_detection }}"
+      vulnerability_scan_database_directory: "${{ parameters.vulnerability_scan_database_directory }}"
       project_type: "${{ parameters.project_type }}"
 
   - template: ./build-api-tests-cli.yml
@@ -61,4 +63,5 @@ steps:
       vulnerability_scan: "${{ parameters.vulnerability_scan }}"
       vulnerability_scan_api_key: "${{ parameters.vulnerability_scan_api_key }}"
       vulnerability_scan_fail_build_on_detection: "${{ parameters.vulnerability_scan_fail_build_on_detection }}"
+      vulnerability_scan_database_directory: "${{ parameters.vulnerability_scan_database_directory }}"
       project_type: "${{ parameters.project_type }}"
diff --git a/build/azDevOps/azure/templates/steps/build/build-java.yml b/build/azDevOps/azure/templates/steps/build/build-java.yml
@@ -12,6 +12,7 @@ parameters:
   vulnerability_scan: true
   vulnerability_scan_api_key: "$(VULNERABILITY_SCAN_API_KEY)"
   vulnerability_scan_fail_build_on_detection: true
+  vulnerability_scan_database_directory: ""
   project_type: ""
 
 steps:
@@ -69,6 +70,7 @@ steps:
         inputs:
           filePath: "${{ parameters.pipeline_scripts_directory }}/test-maven-owasp-dependency-check.bash"
           arguments: >
+            -W "${{ parameters.vulnerability_scan_database_directory }}"
             -X "${{ parameters.vulnerability_scan_api_key }}"
             -Y "${{ parameters.vulnerability_scan_fail_build_on_detection }}"
             -Z "${{ parameters.maven_cache_directory }}"

diff --git a/build/azDevOps/azure/templates/steps/build/post-build-tasks-cli.yml b/build/azDevOps/azure/templates/steps/build/post-build-tasks-cli.yml
@@ -31,27 +31,27 @@ steps:
         condition: always()
         inputs:
           path: "${{ parameters.project_root_dir }}/${{ parameters.vulnerability_scan_report }}"
-          artifact: "owasp-vulnerability-report-java"
+          artifact: "owasp-vulnerability-report-java-$(System.JobAttempt)"
         displayName: "Publish: Vulnerability Scan Report Artefact (${{ parameters.java_project_type }})"
 
       - task: PublishPipelineArtifact@1
         condition: always()
         inputs:
           path: "${{ parameters.functional_test_project_root_dir }}/${{ parameters.vulnerability_scan_report }}"
-          artifact: "owasp-vulnerability-report-functional-test"
+          artifact: "owasp-vulnerability-report-functional-test-$(System.JobAttempt)"
         displayName: "Publish: Vulnerability Scan Report Artefact (${{ parameters.functional_test_project_type }})"
 
   # Publish Artefacts if required
   - ${{ if eq(parameters.functional_test, true) }}:
       - task: PublishPipelineArtifact@1
         inputs:
-          path: "${{ parameters.functional_test_artefact_path }}"
+          path: "${{ parameters.functional_test_artefact_path }}-$(System.JobAttempt)"
           artifact: "${{ parameters.functional_test_artefact_name }}"
         displayName: "Publish: Functional Tests Artefact"
 
   - ${{ if eq(parameters.build_file, true) }}:
       - task: PublishPipelineArtifact@1
         inputs:
           path: "${{ parameters.build_file_path }}"
-          artifact: "${{ parameters.build_file_artefact_name }}"
+          artifact: "${{ parameters.build_file_artefact_name }}-$(System.JobAttempt)"
         displayName: "Publish: Build Artefacts"
diff --git a/build/azDevOps/azure/templates/steps/build/post-build-tasks.yml b/build/azDevOps/azure/templates/steps/build/post-build-tasks.yml
@@ -31,40 +31,40 @@ steps:
         condition: always()
         inputs:
           path: "${{ parameters.project_root_dir }}/${{ parameters.vulnerability_scan_report }}"
-          artifact: "owasp-vulnerability-report-java"
+          artifact: "owasp-vulnerability-report-java-$(System.JobAttempt)"
         displayName: "Publish: Vulnerability Scan Report Artefact (${{ parameters.java_project_type }})"
 
       - task: PublishPipelineArtifact@1
         condition: always()
         inputs:
           path: "${{ parameters.functional_test_project_root_dir }}/${{ parameters.vulnerability_scan_report }}"
-          artifact: "owasp-vulnerability-report-functional-test"
+          artifact: "owasp-vulnerability-report-functional-test-$(System.JobAttempt)"
         displayName: "Publish: Vulnerability Scan Report Artefact (${{ parameters.functional_test_project_type }})"
 
       - task: PublishPipelineArtifact@1
         condition: always()
         inputs:
           path: "${{ parameters.functional_test_project_root_dir }}-karate/${{ parameters.vulnerability_scan_report }}"
-          artifact: "owasp-vulnerability-report-functional-test-karate"
+          artifact: "owasp-vulnerability-report-functional-test-karate-$(System.JobAttempt)"
         displayName: "Publish: Vulnerability Scan Report Artefact (${{ parameters.functional_test_project_type }})"
 
   # Publish Artefacts if required
   - ${{ if eq(parameters.functional_test, true) }}:
       - task: PublishPipelineArtifact@1
         inputs:
           path: "${{ parameters.functional_test_artefact_path }}"
-          artifact: "${{ parameters.functional_test_artefact_name }}"
+          artifact: "${{ parameters.functional_test_artefact_name }}-$(System.JobAttempt)"
         displayName: "Publish: Functional Tests Artefact"
 
       - task: PublishPipelineArtifact@1
         inputs:
           path: "${{ parameters.functional_test_artefact_path }}-karate"
-          artifact: "${{ parameters.functional_test_artefact_name }}-karate"
+          artifact: "${{ parameters.functional_test_artefact_name }}-karate-$(System.JobAttempt)"
         displayName: "Publish: Functional Tests Artefact"
 
   - ${{ if eq(parameters.build_file, true) }}:
       - task: PublishPipelineArtifact@1
         inputs:
           path: "${{ parameters.build_file_path }}"
-          artifact: "${{ parameters.build_file_artefact_name }}"
+          artifact: "${{ parameters.build_file_artefact_name }}-$(System.JobAttempt)"
         displayName: "Publish: Build Artefacts"