feat(codeqlExecuteScan): added params projectSettingsFile and globalSettingsFile (#4702)

* added settings file params * added checking build tool
2025-03-03 15:02:35 +02:00 · 2023-12-01 10:45:31 +01:00 · 2023-12-01 10:45:31 +01:00 · aab4de4597
commit aab4de4597
parent 8dc2a1bfb4
3 changed files with 50 additions and 1 deletions
--- a/cmd/codeqlExecuteScan.go
+++ b/cmd/codeqlExecuteScan.go
@ -282,7 +282,14 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem

 	//codeql has an autobuilder which tries to build the project based on specified programming language
 	if len(config.BuildCommand) > 0 {
-		cmd = append(cmd, "--command="+config.BuildCommand)
+		buildCmd := config.BuildCommand
+		if len(config.ProjectSettingsFile) > 0 && config.BuildTool == "maven" {
+			buildCmd = fmt.Sprintf("%s --settings=%s", buildCmd, config.ProjectSettingsFile)
+		}
+		if len(config.GlobalSettingsFile) > 0 && config.BuildTool == "maven" {
+			buildCmd = fmt.Sprintf("%s --global-settings=%s", buildCmd, config.GlobalSettingsFile)
+		}
+		cmd = append(cmd, "--command="+buildCmd)
 	}

 	err = execute(utils, cmd, GeneralConfig.Verbose)
--- a/cmd/codeqlExecuteScan_generated.go
+++ b/cmd/codeqlExecuteScan_generated.go
@ -39,6 +39,8 @@ type codeqlExecuteScanOptions struct {
 	CommitID                    string `json:"commitId,omitempty"`
 	VulnerabilityThresholdTotal int    `json:"vulnerabilityThresholdTotal,omitempty"`
 	CheckForCompliance          bool   `json:"checkForCompliance,omitempty"`
+	ProjectSettingsFile         string `json:"projectSettingsFile,omitempty"`
+	GlobalSettingsFile          string `json:"globalSettingsFile,omitempty"`
 }

 type codeqlExecuteScanReports struct {
@ -204,6 +206,8 @@ func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScan
 	cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "SHA of commit that was analyzed.")
 	cmd.Flags().IntVar(&stepConfig.VulnerabilityThresholdTotal, "vulnerabilityThresholdTotal", 0, "Threashold for maximum number of allowed vulnerabilities.")
 	cmd.Flags().BoolVar(&stepConfig.CheckForCompliance, "checkForCompliance", false, "If set to true, the piper step checks for compliance based on vulnerability threadholds. Example - If total vulnerabilites are 10 and vulnerabilityThresholdTotal is set as 0, then the steps throws an compliance error.")
+	cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.")
+	cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.")

 	cmd.MarkFlagRequired("buildTool")
 }
@ -424,6 +428,24 @@ func codeqlExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{},
 						Default:     false,
 					},
+					{
+						Name:        "projectSettingsFile",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{{Name: "maven/projectSettingsFile"}},
+						Default:     os.Getenv("PIPER_projectSettingsFile"),
+					},
+					{
+						Name:        "globalSettingsFile",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{{Name: "maven/globalSettingsFile"}},
+						Default:     os.Getenv("PIPER_globalSettingsFile"),
+					},
 				},
 			},
 			Containers: []config.Container{
--- a/resources/metadata/codeqlExecuteScan.yaml
+++ b/resources/metadata/codeqlExecuteScan.yaml
@ -188,6 +188,26 @@ spec:
          - PARAMETERS
          - STAGES
          - STEPS
+      - name: projectSettingsFile
+        type: string
+        description: Path to the mvn settings file that should be used as project settings file.
+        scope:
+          - GENERAL
+          - STEPS
+          - STAGES
+          - PARAMETERS
+        aliases:
+          - name: maven/projectSettingsFile
+      - name: globalSettingsFile
+        type: string
+        description: Path to the mvn settings file that should be used as global settings file.
+        scope:
+          - GENERAL
+          - STEPS
+          - STAGES
+          - PARAMETERS
+        aliases:
+          - name: maven/globalSettingsFile
  containers:
    - image: ""
  outputs: