Commit b8605f6c authored by SBassett's avatar SBassett
Browse files

* Use env var to specify specific docker-registry.w.o image

* Try different approach to echo newlines (may not work)
* Add review msg if at least one vulnerable package.json exists
parent ddf56264
Pipeline #1381 passed with stage
in 48 seconds
npm_audit_dependency_check:
image: docker-registry.wikimedia.org/nodejs12-devel:0.0.1
image: docker-registry.wikimedia.org/${WM_APPSEC_NPM_IMAGE}
stage: test
allow_failure: false
......@@ -21,15 +21,14 @@ npm_audit_dependency_check:
npm_dir="$(dirname "$f")"
cd $root_dir/$npm_dir
npm install --package-lock-only
echo -e "\n "
echo -e "----- $f -----"
echo -e "\n "
echo -e "\n\n----- $f -----\n\n"
set -e
EXIT_CODE=0
audit-ci ${NPM_AUDIT_OPTIONS} || EXIT_CODE=$?
TOTAL_EXIT_CODES=$(($TOTAL_EXIT_CODES + $EXIT_CODE))
done
if [ "$TOTAL_EXIT_CODES" -gt 0 ]; then
echo -e "\n\nAt least one package.json file contained vulnerable dependencies - please review.\n\n"
exit 1
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment